Week in OSINT #2020–08
Messaging mayhem, searching for sites and looking at logos.
Just a quick last minute episode of Week in OSINT. I’ve been offline at times last week and been extremely busy with work related stuff. But of course I was able to find some other things to talk about. So let’s kick off with this weeks overview:
- WhatsApp Group Invite
- WhatsApp Group Invite #2
- Telegram Groups
- Learn Overpass
- CyberSoc CTF
News: WhatsApp Group Invite
Oh boy, did WhatsApp hit the news this weekend! Close to half a million group invitation links of WhatsApp were visible in the Google search results! This was fixed in about one and a half day, but it did leave me wondering: Why didn’t this hit the news a long time ago? After digging around a bit, it seems this was known since at least April 2018 already, because it was posted in the GHDB at exploit-db.com back then. And to make it worse, I found complete tutorials on how to scrape all this on some shady n00b forums. As you see, sometimes there are things out there that are just waiting to be found.
Tips: WhatsApp Group Invite #2
After the news broke about WhatsApp, a lot of people started going over all kinds of juicy groups, trying to get a share of the fame. By the time people started fully realising how big this was, Google already started removing the links from its indexes. But of course there are still other search engines out there that you can use.
Bing isn’t really easy to navigate, since it drops only 1 to 3 links per page. But hey, if you can scrape this automatically, then that’s fine right?
Yandex does it a bit better, but doesn’t seem to have that many URL’s indexed.
Yahoo and AOL are now pretty much the same and use Bing, including the totally weird results. And Baidu has a handful of results, but nothing big. So for now, it’s Yandex who wins again!
The search engine ‘Swisscows’ also uses Bing, but somehow it seems that this one parses the information a bit better, because you will get several dozen links, so give this one a try too!
Tips: Telegram Groups
It isn’t just WhatsApp that has its invitation links indexed for years, because Telegram has been indexed by most search engines too. In Google, one only has to search for the following to find what you need:
You can also search for site:t.me/joinchat but that won’t index URL’s that are mentioned in a forum or blog and weren’t compliant URL’s. So for lolz, let’s find us some uber hackers… But what interesting topic can you come up with?
Tutorial: Learn Overpass
I was contacted by Dave Brooks on Twitter, asking whether I had any resources on learning Overpass Turbo. I could only point him to the extensive Wiki, but he came up with something cool! The interactive site ‘LearnOverpass’. So if you are wondering how people can quickly find a pharmacy within 50m of a bike shop in a particular city, then this is for you! Bonus question: Who posted that question in 2018?
Site: CyberSoc CTF
And another link by Dave Brooks, and I must admit that this is a last minute addition, so I haven’t played around with this one at all! Released this weekend by the ‘ Cardiff University’s Cyber Security Society’ and it contains 40 OSINT based challenges and it’s suitable for beginners. Enjoy!
Stefanie Proto sends out a lot of tweets and sometimes I go over her timeline to see if there is anything special. This time I found something that intrigued me: WebOasis. It’s a little website that gives you the option to query a bunch of websites from one single search box, which can be selected by using a sort of ‘bangs’, like DuckDuckGo does. It also has a bunch of quick links to other sites, has some nifty tools like a crypto exchange list, online converters and a bunch of other things.
Have a good week and have a good search!