OSINT Dojo Shogun Badge - OSINT Tricks

I decided for my some tricks in this blog post about OSINT Tricks

OPSEC

OPSEC is a important part of OSINT

We cant do a better and proper job if we are exposed on the internet

We should use our OSINT knowladge to help others but also to protect us on the internet

We can use https://justgetmydata.com/ to obtain your data from web services.

Socket Puppets

Socket account are also very important for us to dont leave track of our investigation on social media

Depending of the website socket account creation can be easy or dificult

Most of the investigation will ocur on facebook, intagram, twitter and likedin since everyone has accounts on those plataforms

There are some guides usefull for this like Introduction to Setting up Sock Puppets for OSINT

Username correlation

Username correlation is one of the best techniques that we can do while performing an investigation.

This can be used to correlate criminal handlers, protect yourself online, looking for missing people accounts, among others

One of my favourite resources for this is https://whatsmyname.app/

Correlating username can also be done using other technique known was Google Dorking.

Google Dorking

Google Dorking or Google Hacking was created by Johnny_Long

With this technique we are filtering google for specific advanced queries that allow us to filter specific results

Some google dork can be:

• Site:example.com - specifie what website we want to search.
• Intext:cats - specifie what we want to search in the text of the page. Example we want cats.
• Inurl:example.com - specifie what we want to search on the url of the page
• Ext:pdf - specifie that we want all the pdf extensions.
• intitle:dogs - specifie that in the title of the page contains dogs
• "calculator" - this means that we are looking for exact match.
• site:*.example.com - this means that we are looking for everything under *.example.com
• site:*.example.com - site1.example.com - this means that we are looking for everything under *.example.com except for site1.example.com
• "calculator" | "machine" - this means that we are looking or for the word calculator or for the word machine
• "calculator" & "machine" - this means that we are looking for the word calculator and for the word machine

More advanced google dorks can be used with icons

Example:site:http://linkedin.com intext:"✆" OR "☎" OR "☏" OR "Celular" AND intext:cyber security

We are filtering linkedin results that in text contains 1 of the 3 icons and in the text cyber security

For more google dorks we can use google hacking database

Google hacking database is a colection of google dorks created by researchers to filter specific results

Reverse Image Search

Reverse Image Search is one technique that is very common in the fild that allows you to search for a specific picture on the search engine

In this case i really love to use https://yandex.ru/images/

There are other websites that we can perform such technique such has google images https://images.google.com/ and bing

Cryptocurrency

Cryptowallets is a nice topic to perform OSINT and discover some stuff

Most of the criminals and also normal people use them and we can discover some interesting stuff like transtions, total money receive, among others.

There are some websites for this but in terms of bitcoin i like to use https://www.bitcoinabuse.com/ and for Ethereum

Cryptography

Cryptography is also important

When we have PGP key we can use something like https://mailvelope.com/en to extract the email behing that PGP key and perform some OSINT on it.

Archive content

This is also a good and interesting technique

We are looking for deleted content that has been archived and saved

The most common and more used is of course https://archive.org/web/

We can use also google cache results https://cachedview.com/

Breach passwords and emails

Breach password is also another interesting topic for investigation

With this we can have accounts and also check our opsec and using with investigation

A good resource for this and also very common in the community is https://haveibeenpwned.com/

That can be used to check if an emails has compromise in a breach and also to check if our password has appear on the internet

IP's

IP's is also another interesting topic

Most of the time we use https://www.shodan.io/

Shodan allows us to see services, ports, ips, among other stuff that can be really useful and handy in a investigation.

Some Shodan dorks can be:

• os: quering a specific operating system. Example os:"windows 7"
• country: quering a specific country. Example country:"UK"
• port: quering a specific port. Example: "port: 53"
• city: quering a spcific city. Example: "city: London"
• geo: quering a specific geographical coordinate. Example: "geo:"56.913055,118.250862""
• net: quering a specific IP address or /x CIDR. Exaple :"net:210.214.0.0/16"
• org: quering a specific organization. Example: org:microsoft
• device: quering a specific device. Example: device:firewall
• server: quering a specific server. Example: server: nginx

There are other alternatives to it like https://censys.io/ and https://spyse.com/

Websites

There are a lot of resources online available about this topic

Normaly i use https://urlscan.io/to scan a website since its a sandbox that can be used for this purpose and also to protect us

Also perform some whois on the domains to see is registrant information

Darknet

Talking about Darknet OSINT is a different type of OSINT due to the nature of it

There are a lot of services the most common and people know the most is hidden wiki

The Hidden Wiki is the name of several censorship-resistant wikis operating as Tor hidden services that anyone can anonymously edit after registering on the site. The main page serves as a directory of links to other . onion sites.

Also we can use ahmia for this purpose

Ahmia searches hidden services on the Tor network. To access these hidden services, you need the Tor browser bundle. Abuse material is not allowed on Ahmia.

Wifi

Cant finish my tricks without talking about https://wigle.net/

Wigle is a powerfull tool can that allows us to track bluetooth, SSID, BSSID and among stuff that we can use to geo locate criminals and other people.