OSINT 👻

Locate a city

If you found some coordinates, you can find out the location in gps-coordinates.org/

Locate BSSID

If you found a bssid like B4:5D:50:AA:86:41, you can find out its ocation on wiggle.net
- You will need to register
- Go to the tab Search >> Advanced Search and place the bssid
- You will get a record at the bottom

Find the name of someone

If you found a nickname you can search for the social medias of the person in whatsmyname.app

Use the cli app Sherlock

Finding a pgp key

If you find something like:

Import the key by doing: gpg --import NAMETOOLONG.asc, ‘cause you can find the email of somebody:

Search crypto wallet movements

Go to blockchain explorer and check the wallet you found

IMINT/GEOINT

The title is short for Image intelligence and geospatial intelligence

First of all, before using any tool we’ve got to evaluate by using our eyes to perform further actions. You must check:
- Context
- Foreground
- Background
- Map markings
- Trial and error

Questions to ask yourself while looking at challenges

The questions
- Are there any obvious data in the image that reveals the location, like a street name or storefront signs?
- Can you determine the country or region of the image by, for instance, which side of the road they drive on, language or architectural characteristics that may reveal a country or continent/region?
- Do you recognize road sign styles, nature and environmental characteristics, or popular motor vehicle brands or vehicle types?
- What is the quality of any visible infrastructure like? Is the road paved or do you see gravel roads?
- Do you see any unique landmarks, buildings, bridges, statues or mountains that can help you geolocate the image?

In the pic above the clue is Carnaby Street

Google what you found!
- Some useful Google Dorking 👓
- You’ve also got the THM Room
- You’ve also got Google Lens
Reverse your thinking One of the methods for geolocating an image is to do an image reverse search. This means that we are searching for the image itself online, and if the image has been indexed by search engines we may find the exact image or we can do a visual search or crop search to help us find similar images.

Aric Toler from Bellingcat has written a fantastic guide on reversing images, please read it here. OSINT Curious also has a write-up on the topic that you should look through before attempting this challenge.

I recommend adding this extension to ease the workflow for when you find images online that you want to do an image reverse on:

Addon description: “Perform a search by image. Choose between the image search engines Google, Bing, Yandex, TinEye and Baidu.”

Chrome: RevEye Reverse Image Search -

Firefox: RevEye Reverse Image Search

Geolocating videos

Geolocating videos aren’t much different from geolocating images. A video is just a string of images, usually played at 24 frames(or images) per second. In other words, a video will hold a whole lot more images that can be analyzed, reversed and scrutinized by you.

Here’s a good writeup by Nixintel on a tool called FFmpeg, which will help you extract the key images from the video that you may need to solve this challenge. Download the attached video and follow Nixintel’s guide!

I took a note in FFmpeg 🚍

WebOSINT

When a website doesn’t exist

One way to collect information about a website without directly visiting it is to simply do a search for it
- Avoid entering the site by putting the direction in quote marks like "site.com"

Whois registration

Just because nothing shows up when you visit a site doesn’t mean that someone doesn’t own the domain.
- In fact, if there is a landing page or a spammy one, then you can be sure that someone does own it. But maybe it is not owned by the same person of the time period we are interested in
Confirm current registration status with a whois lookup
- One website to do it is Namecheap - whois lookup
- We are looking for any data we might be able to use as pivoprivatet points, like email addresses, physical addresses or phone numbers
  - Take into account that some domains keep this info private

Ghosts of websites past

You’ve got two pages:

There is also a web extension that will automatically pull up an option to search for a site on the Wayback Machine when it fails to load in the web browser

for Chrome

Digging into DNS

For looking up registration information on a target website visit ViewDNS.info
- With this web you can find out info that is not enough clear such as wether the website is hosted on a shared or dedicated IP address

You can perform for example an IP history search:

Taking a peek under the hood of a website

First, do you have any gut feelings about this site? What is your overall impression? Does it feel like a legitimate source of information?

Why?

You might consider some of the following points:

Language - What grade level is the writing? Does it seem to be written by a native English speaker?
UX - Is it user friendly? Is the design modern?
What pages does the site have?

I can tell you that this website conforms well to antiquated search engine optimization (SEO) best practices. You can read more about SEO best practices on ahrefs if you like before you continue.

Technical Research

Often, clues about a website and its creator/owner may be unintentionally left behind in the source code of the website. Pretty much every web browser will have a method of doing this. It is well worth taking the time to become acquainted with how this works in your browser of choice. For Chrome on MacOS, you’ll go to the top menu bar and choose View > Developer > View Source.

Note: This also works on sites you visit within Archive.org’s Wayback Machine.

Once the source code of the page loads, it’s time to look around. You don’t have to understand HTML, CSS, or Javascript to read notes that the developers left behind for themselves. In HTML, comments begin with the characters `<!—. Here’s an example of what a forgotten comment might look like in practice:

As easy as that may be to read, if it was buried inside a gigantic page full of code it could still be easy to miss. That’s where ctrl-F comes in. Here are some good things to search for with ctrl-f:

Search Term	Explanation	More information
`<!--`	Comments	See above
@	email addresses	Pivoting from an Email address
ca-pub	Google Publisher ID	Google’s Description
ua-	Google AdSense ID	Bellingcat Tutorial
.jpg	Also try other image file extensions	Likely to reveal more directory structure

Finding any of the above data gives you a potential pivot point. The Bellingcat article linked above goes into more detail on how exactly to do it but you don’t have to overcomplicate things!

You can always just take any of the above information and plug it back into your favorite search engine and you may just strike gold!

SOCMINT

Social Media Intelligence/Investigation

Download Spiderfoot

# Option 1
 git clone https://github.com/smicallef/spiderfoot.git
 cd spiderfoot
 pip3 install -r requirements.txt
 python3 ./sf.py -l 127.0.0.1:5001
 
# Option 2 -> Docker container
git clone https://github.com/smicallef/spiderfoot.git
cd spiderfoot
docker images # for checking
docker run -p 5009:5001 -d spiderfoot # mapping the port
python3 ./sfcli.py -s http://0.0.0.0:5009 # Connect via cli
# Put http://0.0.0.0:5009 in your browser to see it via GUI

Click on New Scan. In the Scan Target field, type in “NAME_OF_PERSON” or “NICKNAME”; then, under By Use Case, ensure that you checked the All option. Finally, press run.

It’s important to add the ". If not it won’t work

If you can’t find anything related to Twitter, go to Settings ⇒ Account Finder and set the highlighted option to False.

You can access the old reddit platform ion Wayback Machine with http://old.reddit.com

Explorer