Every day I write about #osint (Open Source Intelligence) tools and techniques. Also little bit about forensics and cybersecurity in general. Work in https://t.me/netlas
Research papers search engines
science.gov
search.worldcat.org
researchgate.net
core.ac.uk
link.springer.com
base-search.net
refseek.com
consensus.app
jstor.org
The password is also the entry point to the investigation, using which you can find the full name, email and other details of the target user.
Here is a longread with a detailed overview of tools and methods for working with passwords.
https://www.stationx.net/how-to-guess-a-password/
by twitter.com/GotoStationX
Image Translation Assistant
A simple and quick Chrome extension that uploads any image to Google Translate and translates it in two clicks.
https://chromewebstore.google.com/detail/image-translation-assista/jkhebkocllcbjacmdmkgapgfiiedfgef
Creator aishell
If reverse face image search does not yield results, you can edit the image and repeat the search.
mirror the face
rotate face at different angles
change facial expression
piktid.com/ai-change-facial-expression/
media.io/change-facial-expression.html
huggingface.co/spaces/fffiloni/expression-editor
openart.ai/apps/facial-expression
#osint
Linux find command cheat sheet
32 basic search examples, that can help you save time when searching and analyzing information in files.
Creator twitter.com/sysxplore
#linux #cheatsheet
AllYouCanRead
Large directory of news sites popular in different countries
+ dating sites by countries
+ real estate sites by countries
+ jobs sites by countries
+ cars sites by countries
and more.
allyoucanread.com
Tip by twitter.com/dutch_osintguy
#osint
Wordlists for databases and backup files archives
Suitable for searching sensitive info on targeted sites/servers.
https://github.com/dkcyberz/Harpy/tree/main/Hidden
#osint
TV News Archive
2, 976, 000 videos (search by keywords in captions)
Since 2009
Factchecks and special collections
archive.org/details/tv
#osint twitter.com/internetarchive
Online tools for determining geolocation by photo:
agent.earthkit.app (GeoClip + Google Lens)
earthkit.app
geospy.ai or usersearch.ai GeoSpy integration
picarta.ai
labs.tib.eu/geoestimation/
#osint #geoint
WhatsApp Checker
Get Whats App avatar by phone number + (online tool + API)
2chat.co/tools/whatsapp-checker
Tip by twitter.com/HolismVision
#osint #socmint
Onchain Industries
Search accounts in different crypto platforms, wallet labels and other info by waller number, email or username.
onchain.industries
10 search/months FREE.
Creator twitter.com/onchainind
#osint #crypto
One of the way to search social media profiles with Google is to use the imagesize operator:
"site: linkedin.com imagesize:100x100"
facebook.com 480x480
instagram.com 150x150
x.com 400x400
tiktok.com 720x720
Awesome GPT Super Prompting
- Jailbreaks
- GPT Agents System Prompt Leaks
- Prompt Injection
- Secure Prompting
and more.
https://github.com/CyberAlbSecOP/Awesome_GPT_Super_Prompting
Tip by twitter.com/binitamshah
ExportGenius
Detailed information on each category of import goods by countries: partners, ports and names of importing companies.
Huge amount of data for several years including shipments records (Product Description, Total count, Country etc).
exportgenius.in
GREP Cheatsheet
All the important things to know about using the most important command for searching text files on one page.
Creator twitter.com/sysxplore
#linux
List of good #osint YouTube channels and CTFs from OSINT Team (twitter.com/OsintTeamBlog)
Читать полностью…Track Trace
A free online tool that uses a shipping container number to determine which company it belongs to and automatically redirects to company's website to track it.
https://www.track-trace.com/container
#osint #geoint
Interesting tip from twitter.com/hackermondev. He advises using Google Alerts to keep track new results on Google Dorks.
Google Alerts never works well, but it can still help automate tracking the appearance of new documents with sensitive info on a target site and many other #osint tasks
Advanced Google Dork Queries for Uncovering Hidden Data and OSINT Insights
- Leaked Password Lists
- Sensitive Config Files on Public Servers
- Misconfigured Amazon S3 Buckets
- Exposed Database Backups
- Source Code Leaks
and more
as-squirrel/30-advanced-google-dork-queries-for-uncovering-hidden-data-and-osint-insights-f397cd97e252" rel="nofollow">https://medium.com/@as-squirrel/30-advanced-google-dork-queries-for-uncovering-hidden-data-and-osint-insights-f397cd97e252
Author twitter.com/as_squirrel_X
The archived tool allowed to uncover a part of Instagram mutual followers: https://github.com/novitae/Tenai
It exploited the service information leak in API endpoint https://i.instagram.com/api/v1/fbsearch/accounts_recs/
, which, for a few weeks, was returning some new parameters (Python-like values), such as “sources”:
- [11]
: accounts following and being followed by the target account (mutuals)
- [20]
: your personnal suggestions influenced by your activity
- [47]
: 2 accounts or more you follow are following this user
At the time of active development of the tool, there were no additional categories, but now I see a few new ones. Considering the source numbering (up to 47 suggestion sources?), we can assume that Instagram was trying to collect accounts for suggestions using many algorithms and sources, and they are likely still testing other methods, so we may find unexpected correlations in the suggestions.
#instagram #tool
AI Privacy Guide
Guide to using AI technologies safely while protecting your privacy:
- self-hosted solutions
- popular AI services
- best practices
- practical setup instructions.
https://github.com/iAnonymous3000/ai-privacy-guide
Contributor twitter.com/iAnonymous3000
#ai #privacy
Bellingcat Online Investigation Toolkit
New version September 2024.
- maps/satellites
- geolocation
- social media
- people
- websites
- transport
- guides and handbooks
and more.
https://www.bellingcat.com/resources/2024/09/24/bellingcat-online-investigations-toolkit/
Creator twitter.com/bellingcat
ExoneraTor
A simple online tool that will show whether a particular IP was used as a Tor entry node.
https://metrics.torproject.org/exonerator.html
Tip by twitter.com/ctilabs
#osint #darknet
EarthKit AGENT
Step 1. Use GeoClip to determine photo's location
2. Analyze the Google Lens output
3. Compare the results from the two sources and show final answer in Google Street View
agent.earthkit.app
Creator twitter.com/Jettchen5, twitter.com/earthkit_app
#osint #geoint
🇨🇭🇨🇭🇨🇭Swiss #OSINT tools list
- doctor registry
- barrister registry
- license plate index
- business registry
- aircraft registry
and more.
https://start.me/p/QLjzR2/osint-switzerland-army-knife
Tip by twitter.com/HolismVision
When viewing saved copies of pages in archive.org, don't forget about URL flags.
For example, if you add if_ to a link, you can instantly remove a navigation block that interferes with the page view.
Tip by twitter.com/BanPangar
#osint
A Free OSINT Lesson: “Google Scholar,” the OSINTers Dream That No One Uses
Instructions on how to search for court documents using Google Scholar + a very detailed description of an example of how to use such documents in an investigation.
https://www.bullshithunting.com/p/a-free-osint-lesson-google-scholar
by twitter.com/mjbanias
LinkScope Client
#opensource desktop app for investigation.
Allows to organize different pieces of information and visualize the connections between them (+report generation). For some tasks it can replace Maltego.
Review from twitter.com/GirlsCanInvest2 tsvetelina1/getting-started-with-linkscope-an-actionable-osint-tool-ec6052d13746" rel="nofollow">https://medium.com/@tsvetelina1/getting-started-with-linkscope-an-actionable-osint-tool-ec6052d13746
Tools for searching emails for a specific domain:
snov.io/email-finder
experte.com/email-finder
github.com/Josue87/EmailFinder
github.com/GiJ03/Infoga
infoga.io
findemail.io
hunter.io/domain-search
anymailfinder.com/email-finder-by-domain
minelead.io
#osint
Top Phishing Techniques
September 2024 detailed review
- Bypass SPF
- Return-Path Mismatch
- Deepfakes or Vishing
- Homograph Attack and Typosquatting Attack
- DNS Hijacking
- Fast Flux
https://redteamrecipe.com/top-phishing-techniques
Author twitter.com/Hadess_security