Collection of useful OSINT tips and tricks.
For those who don't use and/or don't care about Twitter, you can view all of these pro-tips on this page. I will be updating this page whenever I post a new OSINT protip.
You can easily download any Google document for offline use by simply editing its URL. Example (Using @bellingcat's Online Investigation Toolkit): https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyhIDuK9jrPGwYr9DI2UncoqJQ/export?format=xlsx
/export?format=<file type>to the document's URL!
/spreadsheets/d/<document ID>/export?format=<file type>and/or
/document/d/<document ID>/export?format=<file type>
Export spreadsheets in pdf or xlsx format. Export documents in pdf, docx, epub, txt, md, and more!
You can view and download an #Instagram post in full resolution by simply adding
/media/?size=lto the post URL.
You can also use `?size=m`, if you want a smaller resolution.
There are archives of Chrome, Firefox and Edge browser extensions that allow you to download older versions, view history, see developer information and other metadata.
This is a tool for downloading and extracting the source code from a .crx file:
These archives can be very useful when researching and discovering malicious activity!
Get yourself a library card (Register with fake information, if possible).
Many times local libraries offer free access to large datasets such as immigration records, ancestry data, newspaper archives, current and historical maps, and much more.
Use 3rd party viewers to browse Instagram profiles without having to use a sock-puppet account.
Also, it's worth noting that sometimes these pages have been archived on the Wayback Machine and archive.today.
So it's worth checking in case you encounter a private account or to see if an Instagram account has deleted some of their posts!
Flowcharts, use them.
These will ensure that you don't potentially miss anything while investigating different platforms and subjects. Extremely useful!
Dark web marketplace attack surface flowchart.
Instagram attack surface flowchart.
Person attack surface flowchart.
Twitter attack surface flowchart.
Federal and local governments often offer GIS data and other data sets for free. Including interactive maps, property, environmental and infrastructure information for specific areas.
Many of them can be found here:
Here is another example of what I'm talking about here.
This is a great collection of Canadian open data portals, both federal and provincial. This site also provides some other useful non-Canadian data sets.
OSINT is essentially an umbrella term for intelligence work. You should familiarize yourself with the common acronyms used in the in intelligence field, as you will likely encounter them in your journey. Read more here:
Common intelligence acronyms and their meanings.
If you didn't know about this before, you should!
Instagram and Pinterest login bypass trick.
HIBP search results.
Accounts connected to each email address.
IP addresses can sometimes be useful. Other than geolocation, you can also check to see if and what torrents have been downloaded by searching a specific IP:
Sometimes it's needed to use foreign information services while working on a specific case. Here is a list of telephone and business directories for different parts of the world. Very useful!
Translation may be needed.
Step 2: Use your phones camera and follow Instagram's instructions.
Books. They contain lots of information, so you should read some! Here is a list of great OSINT books:
- Open Source Intelligence Techniques, 8th Edition by Bazzell, M.
- US Army ATP 2-22.9.
- The Psychology of Intelligence Analysis by Heuer, R.
These are all certainly worth downloading and reading. Go get learn't!
There are many datasets, maps and more online for many different, and very specific things. Everything from public toilets to license plates. Here are a few examples:
You can search for amateur radio operators by callsign, name or FRN. Results can provide a person's full name, callsign, addresses and in some cases, felony records.
When investigating footage coming out of conflict areas, it's important to identify the types of ordnance used and where it came from.
Here are a few great resources:
Being able to identify other things like firearms, ordnance, vehicles, aircraft, boats, uniforms and more is also important.
I have a large list of resources to help identify these different types of military equipment, find it here:
Both lethal and less-lethal weapon identification is important during conflicts and mass protests.
Images taken from https://riotid.com/.
Online maps exist for just about anything. Locations of military bases to Orthodox churches, and everything in between.
Here's a few:
As always, I keep a list of things like this over on my blog and also on GitHub.
S P A C E
The last frontier is certainly an interesting one to research! Earths orbit is a fun thing to investigate, see how polluted our orbit actually is. Check these tools out:
Low Earth orbit is full of interesting things. Source: http://stuffin.space/
There are a few databases of scammers available online. Search by email, crypto, name, etc. Some of these sites are crowd-sourced. So there is a risk of false positives.
When searching for a person, username, email or phone number. Sometimes you can discover additional information by searching with emojis.
Email addresses are a very powerful piece of information to have.
Discover email addresses via domain:
Confirm that it belongs to your target and see what services they use:
Check for any PGP keys:
Search for any additional information via breached data:
Twitter lists are a great source of information about all kinds of different subjects bundled into one. Here are a few that I've made:
Some other great lists made by other Twitter users that are certainly worth following.
Newspapers, both current and historic, are very valuable sources. Marriages, events, obituaries and more can be found.
Here's a few useful sites.
Business and corporation registries can reveal a wealth of info about a company. Most countries offer searchable databases.
Ever wanted to remove an object, person or any defects from a picture to have better reverse image results?
When working with onion sites, they may have been archived using clearnet proxies.
Here are some other Tor2Web gateways to check the archives for. Some of these gateways still work, and some do not. Just add to the end of any onion URL:
Or replace the .onion part of the URL with these:
Example of using clearnet proxies when searching for archived copies of onion sites.
Here's some great resources.
Research papers can be an excellent source of information. Here are some great archives.
Here are a few more sites worth checking out as well.
WiFi BSSIDs can be very useful during an investigation. Can provide addresses, or even track a targets movements.
Locating geotagged posts is very useful when researching on-going events, protests and emergencies. Here are some great tools for this:
Viewing public Snaps in Ukraine using SnapMap.
Here are some other useful tools when working with Reddit.
Passports and other identification documents are important in daily life and in any investigation. Being able to identify them and verify legitimacy is essential.
Some other great resources for identification documents and licenses.
Passport stamps are a pretty cool thing to collect, and more importantly be able to identify. This is an example of Japanese entry and exit stamps showing QR codes.
People tend to re-use the same usernames across multiple platforms. Use this to your advantage to find new pivot points.
Searching for specific strings across paste and code repo sites can sometimes reveal a wealth of interesting data. Here are some useful tools.
As breach data is technically open-source. The malicious use of it can have heavy legal implications.
Using this data for credential-stuffing, phishing, blackmail or any other malicious purpose is against the law.
In other words, don't be shitty.
An example of the censored search results from breachdirectory.org.
Stolen property databases are a great resource during loss prevention/asset recovery cases. From vehicles to firearms, here are a few resources.
An example of search results from hotgunz.com.
Public webcams and WAN facing surveillance cameras can be a great tool for monitoring situations, tracking POIs and more. Some useful tools.
Uncovering a targets older and/or alternate usernames can provide additional leads and much more information. Be sure to check for them!
Reverse image searching can uncover unexpected results. From locating original works, identifying objects, and locating POIs.
Example of the free, censored search results from pimeyes.com.
"Farfalla Vendetta". Beautiful artwork created by @HexpaoN. Support and follow this incredibly talented artist on Instagram: https://instagram.com/hexpaon