Week in OSINT #2023-12

This episode turned into a geolocation and OverPass special, with a little extra topping of OpenAI's GPT!

Geolocation is a very important part of the OSINT landscape, and besides manual investigations, there are also tools that can help you. One of the most helpful tools, is OverPass Turbo. By querying the OpenStreetMaps API, it is possible to find locations in any location of the world. But the query language isn't really easy to master for me, but luckily there are some things that will help, as can be read in this episode of Week in OSINT!

  • Finding Sherlock
  • OverPass and GPT
  • More OverPass and GPT
  • Learning OverPass
  • Poastal

Media: Finding Sherlock

Gary Ruddell is a cybersecurity professional from Schotland, and has posted a few OSINT based videos on YouTube. His latest video is about Sherlock, and I don't mean the video where he talks about the username tool. I mean the American series Elementary, the modern take on Sherlock Holmes. He shares his thought process while geolocating the rooftop of a video production company that is used a few times in this series. Great video if you want to learn a bit more about this subject, and also a good training idea to use tv-series or movies to practice your skills.

Link: https://youtu.be/VzUDFM3K4Sk

Tip: OverPass and GPT

The latest version of Chat GPT-4 has been dominating the news lately, and I also have been playing with GPT-4, as well as the Bing Chat. But John Wiseman found something really neat, and that is the use of GPT-4 to create useful OverPass Turbo queries. Just like him, I'm also not great at writing queries, so every bit of help is useful in this case. So if you have access to GPT-4, do give this a try! I did find out that with more complex queries, it had some issues filtering the correct 'amenities' though, but since the AI is constantly improving, and it is possible to edit the query, this isn't a huge issue.

Using ChatGPT to find locations in OSM
Using ChatGPT to find locations in OSM

Link: Twitter thread

Tool: More OverPass and GPT

Yes, there is even more to come. Because how would you like to connect GPT-3 to a custom web-app, that focusses on OverPass Turbo queries only? Well, Ben Strong did just that! He wrote a small Python script that queries the GPT-3 model, adds a fact or joke, and displays the result of the query on a small map. Sadly enough, my paid API trial finished end of last year, and I haven't connected any payment options, so I haven't tested it myself yet. But if you do have a paid account, and you are willing to dive into this, have a good understanding of how to install and configure it, then this is a great opportunity to play a bit more with OverPass!

Asking GPT-3 for Indian restaurants near Hereford
Asking GPT-3 for Indian restaurants near Hereford

Link: https://github.com/earth-genome/ChatGeoPT

Blog: https://link.medium.com/rm0nVEvAtyb

Tutorial: Learning OverPass

This project is 8 years old, and they could really use some help with the creation of new lessons. Would you like to help out? Then make sure to check out their GitHub repo!

Do you want to know more about OverPass Turbo? Well, there is an older interactive tutorial, where you can learn how to write some basic queries. I have followed it, and I found it does require careful reading, and some basic knowledge about the query language will absolutely help. But it is absolutely something I suggest you check out if you want to learn some basics of the OverPass query language. Besides an interactive tutorial, they also have useful documentation with lots of examples.

The basics of the OverPass API queries

Link: Tutorial

Link: Documentation

Tool: Poastal

Jake Creps has been busy going over all kinds of platforms, to check API responses. He started writing a little tool that will be able to tell you whether an email address is already registered for a certain platform or not. I was lucky enough to have a sneak peak over the weekend, so I could try it out, and it works as intended. The code is very rough, there are false negatives, and can absolutely be improved, but I really like the idea!

Checking registered emails on sites and platforms
Checking registered emails on sites and platforms

Link (when it goes public later on): https://github.com/jakecreps/poastal

FUNINT: OpSec and Cake

Jordan Wildon, the maker of Telepathy, shared his moment of embarrassment when it comes to OpSec. Well played Nick, well played...

Have a good week and have a good search!

Previous Post Next Post