Week in OSINT #2020–08

Messaging mayhem, searching for sites and looking at logos.

Sector035
Sector035
Feb 24 · 4 min read

Just a quick last minute episode of Week in OSINT. I’ve been offline at times last week and been extremely busy with work related stuff. But of course I was able to find some other things to talk about. So let’s kick off with this weeks overview:

  • WhatsApp Group Invite
  • WhatsApp Group Invite #2
  • Telegram Groups
  • Learn Overpass
  • CyberSoc CTF
  • WebOas.is

News: WhatsApp Group Invite

Oh boy, did WhatsApp hit the news this weekend! Close to half a million group invitation links of WhatsApp were visible in the Google search results! This was fixed in about one and a half day, but it did leave me wondering: Why didn’t this hit the news a long time ago? After digging around a bit, it seems this was known since at least April 2018 already, because it was posted in the GHDB at exploit-db.com back then. And to make it worse, I found complete tutorials on how to scrape all this on some shady n00b forums. As you see, sometimes there are things out there that are just waiting to be found.

Link: https://www.dw.com/en/private-whatsapp-groups-visible-in-google-searches/a-52468603


Tips: WhatsApp Group Invite #2

After the news broke about WhatsApp, a lot of people started going over all kinds of juicy groups, trying to get a share of the fame. By the time people started fully realising how big this was, Google already started removing the links from its indexes. But of course there are still other search engines out there that you can use.

Bing isn’t really easy to navigate, since it drops only 1 to 3 links per page. But hey, if you can scrape this automatically, then that’s fine right?

Yandex does it a bit better, but doesn’t seem to have that many URL’s indexed.

Yahoo and AOL are now pretty much the same and use Bing, including the totally weird results. And Baidu has a handful of results, but nothing big. So for now, it’s Yandex who wins again!

The search engine ‘Swisscows’ also uses Bing, but somehow it seems that this one parses the information a bit better, because you will get several dozen links, so give this one a try too!

Link: https://swisscows.com/


Tips: Telegram Groups

It isn’t just WhatsApp that has its invitation links indexed for years, because Telegram has been indexed by most search engines too. In Google, one only has to search for the following to find what you need:

inurl:t.me/joinchat [topic]

You can also search for but that won’t index URL’s that are mentioned in a forum or blog and weren’t compliant URL’s. So for lolz, let’s find us some uber hackers… But what interesting topic can you come up with?


Tutorial: Learn Overpass

I was contacted by Dave Brooks on Twitter, asking whether I had any resources on learning Overpass Turbo. I could only point him to the extensive Wiki, but he came up with something cool! The interactive site ‘LearnOverpass’. So if you are wondering how people can quickly find a pharmacy within 50m of a bike shop in a particular city, then this is for you! Bonus question: Who posted that question in 2018?


Site: CyberSoc CTF

And another link by Dave Brooks, and I must admit that this is a last minute addition, so I haven’t played around with this one at all! Released this weekend by the ‘ Cardiff University’s Cyber Security Society’ and it contains 40 OSINT based challenges and it’s suitable for beginners. Enjoy!

Link: https://ctf.cybersoc.wales/


Site: WebOas.is

Stefanie Proto sends out a lot of tweets and sometimes I go over her timeline to see if there is anything special. This time I found something that intrigued me: WebOasis. It’s a little website that gives you the option to query a bunch of websites from one single search box, which can be selected by using a sort of ‘bangs’, like DuckDuckGo does. It also has a bunch of quick links to other sites, has some nifty tools like a crypto exchange list, online converters and a bunch of other things.

Link: https://weboas.is/


Week in OSINT

Your weekly dose of OSINT websites, tools and aimed at anyone working in the field of analysts, researchers and pentesters.

Sector035

Written by

Sector035

Just a shadowy nerd… Busy with InfoSec, geolocation and OSINT

Week in OSINT

Your weekly dose of OSINT websites, tools and aimed at anyone working in the field of analysts, researchers and pentesters.

More From Medium

More on Osint from Week in OSINT

More on Osint from Week in OSINT

Week in OSINT #2020–12

4

More on Open Source Intelligence from Week in OSINT

More on Open Source Intelligence from Week in OSINT

Week in OSINT #2020–11

9

More on Osint from Week in OSINT

More on Osint from Week in OSINT

Week in OSINT #2020–10

Sector035
Mar 9 · 3 min read

28

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade