OSINT adventure: Pillaging media lists from Google

Writing about my almost entirely failed attempt to find WordPress form completions “in the wild” (of the clearweb, that is) was a bit of fun.

So as I’ve drunk far too much coffee for the hour at hand, let me explain something that does yield results.

Whether this is properly described as Open Source Intelligence (OSINT) or just some plain ‘ol Google-fu I’ll leave up to you to decide. But either way, it does illustrate just how much stuff people leave exposed on public-facing and indexed web-servers.

So, without further a-do, here’s how to to find journalists and media contacts to spam with your next press release without paying a dime (watch out, Cision!)

1: Look For Spreadsheet Formats

The most basic Google operator that’s going to help us scoop up media lists that NGOs, individuals and even media outlets themselves have left floating around the internet is to search for spreadsheets.

So let’s think of file extensions. We have:

  • .xlsx: modern spreadsheets. The changeover actually took place in MS Office ‘07.
  • .xls: the legacy MS Office spreadsheet format
  • .ods: that’s the default format that LibreOffice Calc uses, which is what weirdos like me in Linux-land use when we want to save a spreadsheet.

The Google search operator we need to filter based on file extension is filetype:. We could also string together a series of them:

One thing worth pointing out: although the media lists would likely be badly outdated, .xls might actually be better hunting ground here.

To be cynical about it: the less tech-savvy the user and the more outdated the system they’re using, the better the chance they will have done some ill-advised like uploading a media list onto a public-facing web service.

2: Combine Them With Some Operators

Let’s start off with something really easy:

That will throw up 179 results including a relatively recent media list for WEFTEC — which is a water industry trade conference.

What did we find?

If you’re simply out hunting for email addresses, this is a nice little sample set with 45 personal addresses for trade media contacts working for industry publications:

To find a few more:

If we wanted to specifically try to dig up higher level media tier contacts, we would probably want to start by knowing our target publication’s internal email structure.

Hunter would quickly find this out:

Then we could combine a wildcard search with that domain name in order to validate addresses that have appeared in media lists out in the open:

Which would yield some more resources:

That resource yielded a nice collection of high level media contacts from major outlets and news bureaux along with their personal emails and phone numbers:

3: Other Interesting Things Floating Around The Internet

You can repeat this as a sort of iterative process to find media contacts.

You could go searching for contacts at radio stations:

You might want to find some direct contacts at agency bureaux:

A few years out of date, but some nice contacts:

Or you could play around with queries and look for something “interesting” but totally not news related.

Such as:

Or:

And happen upon some scintillating information — such as who to call for emergency problems affecting railway bridges in Wisconsin.

Originally published at https://www.danielrosehill.co.il

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Daniel Rosehill

Daytime: writing for other people. Nighttime: writing for me. Or the other way round. Enjoys: Linux, tech, beer, random things. https://www.danielrosehill.com