Week in OSINT #2018–48
Cams, maps, streetview and an occasional !bang
Let’s first start with a little message about something that has been bugging me for a while. Everybody that keeps on tweeting about the tool “trape” while using the hashtag #OSINT in the same tweet, should start doing their homework. Trape was presented at BlackHat Asia 2018 and is tool that can be used in a social engineering attack, or as a stand alone phishing campaign.
The tool is a “monitoring platform” and by luring a target into opening and running a tracker, you are able to gather information to find current locations, steal credentials, monitor social media usage et cetera. It is not data that is out there, it is data that you gain via a probably illegal way.
So, in short: Stop… Calling… It… OSINT!
Anyway, time for the weekly overview:
- Webcam CSE
- Baidu Maps
- Awesome Domains?
- ꓘamerka Update
- DuckDuckGo !Bangs
- BBBike Map Compare
- 3D Models
- Foreign OSINT
Search: WebCam CSE
It has been a while since Stefanie Proto @Sprp77 was featured here. But she’s back in Week in OSINT with yet another Google custom search engine (CSE)! This time it is all about webcams. If you need to find a camera in a specific location because you feel lonely, or you are simply searching for birds (sorry for the pun) then head over to give this one a try!
Link: https://cse.google.com/cse?cx=013991603413798772546:gjcdtyiytey
Tutorial: Baidu Maps
To help out the non German speaking people, it says:
It doesn’t always have to be Google. While doing OSINT research on other countries, it pays off to use the search engines and tools that are common there.
And with that, MwOsint has published yet another extremely interesting blog entry about the use of other map services besides Google. I really recommend following him on Twitter and to open his blog once in a while, because he posts some seriously good and refreshing content! And yes, no worries about the language, it is in English.
Update: No it isn’t in English. I was corrected by MwOsint about this.
Links: Awesome Domains?
There used to be an “Awesome” list of links, but ph055a has been splitting it up for clarity some time ago. And even though this section is only about domains, websites, IoT, links or code, this is a lovely set of links! And to see whether he reads this newsletter, let’s see whether he will add one more site to the item “Code Search”, by leaving this link here 😉
Domain related: https://github.com/Ph055a/Domains_OSINT
Other links: https://github.com/Ph055a/OSINT-Collection
Tool: ꓘamerka Update
ꓘamerka is a tool that was received with applause some time ago. The tool searches within a given area or city in Shodan for publicly accessible webcams and plots them on a map for your convenience. But now, there is version 2.0!
It will now also search for Flickr or Instagram photos in the area and besides that it will find publicly available printers too. And not only in Shodan either, since it will also go over tweets to find any information that was tweeted in that area. Wojciech did say he stripped all usernames and timestamps, but hey… If someone really needs any information that is presented, it will be easy to find the source. An awesome tool to check out. And since I will finally have some more spare time coming up, this is top of my to-play-with list!
Tutorial: DuckDuckGo !Bangs
Google has dorks, Twitter has advanced operators and DuckDuckGo has !bangs. No that is not a typo, they really are called like that: !bangs. It is sort of a shortcut to other websites. Let’s for instance have a look at the !bang:
!tw near:Amsterdam within:5km filter:mediaThe first three characters (!tw) redirects the query to “https://twitter.com/search?q=” and it will be followed by the rest of your input. The URL that is created is the exactly the same as you would end up with when searching from within Twitter. !Bangs are simple, easy to remember, and all work from within the same input field, that of DuckDuckGo. They are also easy to remember and awesome to use! There are already almost 10.000 different !bangs, so have a look for yourself and test the power of !bangs here: https://duckduckgo.com/bang
And if you feel like you need to have the most important ones next to your desk, then just open this little thread by ph055a and have fun!😊
Link: https://twitter.com/ph055a/status/1067261804689014784
!Bangs: https://duckduckgo.com/bang
BBBike Map Compare
People that have experience with editing OpenStreetMaps content, will probably have heard of all the online mapping tools that are available for the developers. And while searching for something like that, I found a little gem hidden in the corners of the internet: “The BBBike Map Compare tool”. Despite the name, it is not just a compare tool. Yes, you can actually run up to 8(!) different map providers to compare the details provided by each, but there is so much more to look at.
On the top right there is a pull down menu with different “overlays”. You want to see the overhead power lines or power stations on your map? The coverage of Mapillary in a specific area? Runkeepers heatmaps by MapBox, or the location of a cell phone tower to aid you in your geolocation? Look no further, because this is the one link to rule them all… Or do you have any other suggestions? If so, please let me know!
I mentioned MapBox a few sentences ago. They provide a platform where you can visualise any kind of dataset you have and plot it on a map. While having a quick look I think it only has a paid service, but if you’re looking for something specific maybe there is a map out there already. There are over 260 different datasets at the moment indexed by Google, so just add some keywords to this simple google query and have a look:
inurl:www.mapbox.com/bites/Link: https://mc.bbbike.org/mc/?num=1
MapBox: https://google.com/search?q=inurl:www.mapbox.com/bites/
Website: 3D Models
When you need some 3D models to visualise a story, or if you need to verify a certain model of car, weaponry, aeroplane or whatever it is, have a look at Sketchfab. This is an online marketplace for 3D models that can be used in (for instance) games. But it of course can also be used to identify vehicles or objects.
Talking about identifying weapons, just for good measure I’ll add another link to the weapons ID database that is out there. Just in case you don’t find the weapon you are looking for in Skechfab.
Link: https://sketchfab.com
Link: http://www.smallarmssurvey.org/weapons-and-markets/tools/weapons-id-database.html
Tutorial: Foreign OSINT
A few days ago VikingSec started a great little thread on Twitter regarding investigations that touch different languages or countries. He explained on Twitter the unveiling of the huge amount of data that is available when you take the time to make that one extra step and use sources that are available in a different language. Use what is out there, don’t discard those sources. It’s just a small thread, but worth to share here! And I just realized this has ties to the second article in here, about using Baidu’s mapping services.
Link: https://twitter.com/Viking_Sec/status/1068264846146379777
Bonus: ‘ FUNINT’
Here a little bonus tweet, sent out by Maderas:
I am going to close off this week with this awesome find of the things people share on the internet:
Followed somewhere in the thread by the following…
And that was the very last link of this week. I am off to a week of doing… Well… I will be busy again finding more links for you guys to fill the very last “Week in OSINT” of this year, before I take a little break…
Have a good week and have a good search!
