/OSINT-Tools

A list of OSINT tools I made and or use.

The UnlicenseUnlicense

OSINT-Tools

A list of OSINT tools I made, forked, and/or use. First, let's talk about the definitions.

DISCLAIMER

I am in no way responsible for any abuse, misuse, or any questionable actions in which someone uses these tools or methods below. OSINT is an information-gathering technique that can be used by ANYBODY and on ANYBODY!

Why did I create this?

Now why did I make this readme you may ask?

People in the states at least trust their info way to much on the internet and seeing how the internet has now affected our daily lives it's practically indistinguishable from reality now; what's real is now fake - what's fake is now real. tit for tat basically. Do what you must with this readme file, spread this on the net for all I care really and feel free to contribute on either a fork or on your own project (even on my own projects listed). Feel free to clone and spread this info out there or to fork or maybe make a rentry document if you want.

Table of Contents

  1. OPSEC
  2. Open Source Intelligence (OSINT)
  3. Who uses Open-Source Intelligence (OSINT)?
  4. Sources of OSINT
  5. Real world examples of OSINT
  6. How to OSINT
  7. Tools
  8. People search tools (in the states)
  9. Breached Data
  10. Social Media
  11. Curated lists
  12. Spoofing, fake email generation
  13. Archive tools

OPSEC

OPSEC (Operations Security) is a systematic process for:

  1. Identifying
  2. Protecting and controlling critical information

It's a security discipline and operations function that involves a continuous cycle of:

  • Identifying critical information and indicators (CII)
    • Critical information and indicators are essential components of Operations Security (OPSEC) aimed at protecting sensitive data that could be exploited by adversaries. Critical Information includes unclassified or controlled unclassified information about activities, intentions, capabilities, or limitations that adversaries can use to gain an advantage. Indicators are observable actions or pieces of information that reveal critical details about operations, such as sudden changes in procedures or increased security measures. Protecting this information involves identifying vulnerabilities and implementing countermeasures to prevent unauthorized disclosure
  • Analyzing potential threats and vulnerabilities
  • Assessing risks
  • Developing countermeasures to protect CII

OPSEC is used to protect information and activities from adversaries. It helps identify and protect sensitive information that could give an adversary an advantage. OPSEC principles can be applied in daily life, such as not sharing personal information like a DOB, street address, email, phone number.

Examples of OPSEC mistakes include:

  • Over-sharing personal information online
  • Leaving unused social media profiles online
  • Accidentally interacting with a target on social media

OPSEC supplements other security disciplines rather than replacing them.

How to OPSEC:

  • Use services that can conceal your identity:

    • Telegram is normie-tier as it isn't encrypted (Telegram does not use end-to-end) by default and requires a phone number. Only encryption you'll get is the secret chat option which; other than that it's all stored in their severs.

    • Read more about this here on Telegram’s Approach to Encryption. Since Telegram does not use end-to-end encryption by default, it could theoretically hand over the content of messages to law enforcement. OH Wait it just did.

    • Simplex isn't too bad.

      • Unlike any other existing messaging platform, SimpleX has no identifiers assigned to the users - not even random numbers. This protects the privacy of who are you communicating with, hiding it from SimpleX platform servers and from any observers.
    • Signal is encrypted by default but requires a phone number; however signal can't give anything out even by court order because of state of the art encryption even on user accounts and phone numbers. Meaning when you delete an account on signal and they Subpoena information about you or your account; they'll get basically squat.

  • Tor/VPN/XMR:

    • Tor isn't bad but will get rate limited by CAPTCHA.
    • Mullvad is a good VPN (Virtual Private Network) as it accepts XMR (Monero), which can't be traced back to you if you mine XMR with your own node (machine/device/computer). Note: VPNs are useless if you have bad OPSEC, same with Tor.
  • Usernames/credentials/Identification:

    • Use different usernames and credentials on different websites.
    • Use a word spinner to change sentences for identity concealment.
    • Generate a face or use a non-identifiable profile picture.
    • Avoid making enemies online and don't be noticeable (i.e., don't be a turd).
    • Regularly OSINT yourself to check your online presence.

To start you SHOULD OSINT yourself and see if you can remove yourself within the list of these sites: Here's a curated list to opt out

Open Source Intelligence (OSINT)

What is it, how is this used and why is it important:

  • OSINT is the practice of collecting and analyzing information from public sources to address specific intelligence needs. OSINT is used by government agencies and commercial organizations for various purposes, including:

    • Reconnaissance
    • Cyber crime investigations
    • Market trend analysis
    • Brand positioning analysis
    • Measuring risk to an organization
    • Understanding the actor, tactics, and targets
    • Gather real-time information
    • Make informed decisions
    • Receive early warnings of potential threats

Who uses Open-Source Intelligence (OSINT)?

  • National Security and Intelligence Agencies, Law Enforcement, Businesses, Cybersecurity and Cyber-crime Groups, Privacy-Conscious People, Non-Governmental Organizations

    • The CIA, Defense Intelligence Agency (DIA), and Office of the Director of National Intelligence (ODNI) all use OSINT.
    • OSINT can protect citizens (private or otherwise) from identity theft, sexual violence, and abuse.
    • OSINT can monitor competitors, investigate new markets, and plan marketing activities.
    • OSINT can gather intelligence about specific targets online.
    • OSINT can check how outsiders can break into their computing devices.
    • OSINT can be used on oneself to secure privacy.
    • Bellingcat, the Center for Information Resilience, and Oryx use OSINT.
    • And you! Yes, you can use OSINT.

Sources of OSINT

OSINT can gather information from various sources, including:

  • Public government data

    • Public data refers to all information made freely available by government bodies or local collectivities. This data is in the public domain. It is different to open data, which is a subset of public data. Open data is structured and well-maintained data that is therefore easier to understand, access and consume. By contrast public data can be difficult to find, or (in the case of public bodies), require the submission of a Freedom of Information Act to retrieve it.
  • Professional and academic publications

    • Academic Publication means the publication of an abstract, article or paper in a journal or electronic repository, or its presentation at a conference or seminar.
  • Commercial data

    • Commercial Data means any and all data and information relating to an identified or identifiable Person (whether the information is accurate or not), alone or in combination with other information, which Person is or was an actual or prospective customer of, or consumer of products offered by, the VS Business or L Brands Business, as applicable.

    • Commercial Data means any and all data and information relating to an identified or identifiable Person (whether the information is accurate or not), alone or in combination with other information, which Person is or was an actual or prospective customer of, or consumer of products or services offered by, the LoyaltyOne Business and/or ADS Business, as applicable.

    • Commercial Data means any and all data collected or otherwise processed by the Seller Entities relating to a customer of the Business.

  • Grey literature

    • Grey literature is "Information produced on all levels of government, academics, business and industry in electronic and print formats not controlled by commercial publishing i.e. where publishing is not the primary activity of the producing body."

    • Grey literature can be useful for your research, but finding resources requires different tactics than you'd use for commercially published materials. This is because many types of grey literature are not indexed in some of the more common research tools like PubMed, CINAHL, Scopus, etc.

Real world examples of OSINT

In the year 2016, a basket weaving image board used OSINT to pay some supposed terroist a vist from a govt in Russia resulting in airstrikes.

  • A video detailing the events

    • In 2016, during the complex Syrian Civil War, various rebel groups—some with good intentions and others with nefarious motives—sought to overthrow President Assad. The chaos allowed terrorist groups to flourish, prompting intervention from the United States and Russia, with the former supporting rebels and the latter aiding Assad. An anonymous user on 4chan's Syria General board (SG) claimed that a Syrian rebel group, Jaysh al-Izza, posted a video on YouTube revealing their secret encampment. The group, linked to Al-Qaeda, was seen by 4chan users as a target. A notable 4chan user, Ivan Sirenko, who had connections with the Russian military, received the coordinates from the 4chan community and tweeted them to the Russian Ministry of Defense. This led to an airstrike on the encampment. Two months later, the same rebel group posted another video showing a new training camp. 4chan users once again pinpointed the location using landmarks seen in the video. After thorough verification, they sent the coordinates to Ivan, who facilitated another Russian airstrike.

In 2017, Shia LaBeouf had a protest due to Trumps election; this resulted in a basket weaving image board using OSINT and sky patterns to figure out where a flag is.

  • In 2017, 4chan users managed to track down and replace Shia LaBeouf's "He Will Not Divide Us" protest flag. Using only the live-stream footage of the flag, they analyzed flight patterns, star positions, and a tweet to locate the flag in Greeneville, Tennessee. A local troll then honked his car horn until the sound was picked up on the live-stream, pinpointing the exact location. The flag was replaced with a Trump hat, marking the end of this elaborate trolling operation.

How to OSINT:

  • Gather information about yourself, become your own threat actor; use the tools below and come up with your own conclusions. Use people search engines and public data about yourself and most importantly don't overshare on the internet or have such a large footprint.

Tools

OSINT tools can access and analyze information from sources beyond traditional search engines. Be mindful as some info can be out of date or incorrect such as:

  • Phone number
  • Email
  • Street Address
  • IP Address (Dunno if anyone REALLY uses that but will list)

Anyhow, here are some tools I use:

People search tools (in the states):

DISCLAIMER: Most of the email info found on these sites appear to be from a databrech from long ago; subjects on these sites can and possibly will still use their email found on these sites as people will rarely change email providers due to TFA + password managers unless if the email itself has been compromised in any way, shape, or form OR if they've changed emails due to harrasment, spam, etc etc.

  1. fast people search
gives out can lookup
Age Name
Address Phone
Numbers Address
email
  1. that's them
gives out can lookup
IP address
addresses email
Numbers IP
email VIN
  1. nuwber.com
gives out Can lookup
DOB Name
Address Phone
email Email
Phone Number Address
  1. ID Craw
gives out can lookup
names names
username username
phone phone
email email
  1. Peekyou, search by first last name and username

Gives out info such as:

gives out can lookup
age First and last name + state
social media's username
emails
addresses
  1. webmii, search by first last name
gives out can lookup
Social First and last name
search results
  1. publicrecords, use this with fastpeople search or other people search engines
gives out can lookup
Name First and last name
Address Address, city, state
Partial phone number

DISCLAIMER: OnlineSearches powered by Intelius® offers a free people search directory that includes basic information, such as name, address, and partial phone numbers. In performing a search, you may ultimately be directed to Intelius.com where additional information is offered for a fee.

Breached Data:

  • Have I Been Pwned: Check if an email has been compromised in a data breach.

  • Breach Directory: Check email and usernames for a breach; will return partial password hashes

    • The following information is imported into the BreachDirectory database:
    • First 4 characters of each password.
    • SHA-1 hash of each password.
    • Length of each password.
    • Usernames.
    • Emails.
  • EXPOSED: Check email with password hashes, limted with only 4 Checks per 12hrs; feel free to use TOR.

  • leakpeek: Can only use 5 searches for a free search, will hide most info but with some sluting and the tools listed you should get an idea of WHAT. also use tor if you can to bypass the search limit. Other than that if you really need more details on what was leaked you may need to buy a plan.

  • hashes: Decrypt the hashes you find to get a password possibly linked to a database or username.

  • For additonal tools see Curated lists

Social Media:

Curated lists

OPT OUT

Spoofing, fake email generation

DISCLAIMER: Cock.li may be having issues:

After:

My fellow rtrds: cock.li has not "shut down". You may need to read more than the first line. Anyone suggesting you migrate your account to Gmail, Yahoo, Proton, etc. should not have been using cock.li in the first place. Normal$!gs get off my f*!#ing board. Feel free to migrate, I don't have any good suggestions though. Try that on Proton! PW changes and maybe registration will be back within a couple days.

Before:

LIBERTY CANARY

Date updated: See the PGP Signed Version

Cock.li is in 100% control of all of its hardware, and the service is still operating normally. The website (account registration+pw change) is currently offline.

Cock.li will shut down before becoming complicit in crimes against its own user base under duress of any government or organization.

Cock.li is not under duress of any government or organization.

I'd probably recommend using something other than cock.li; use any domain from cock.li and use a different email service provider. However, if you decide to use cock.li, you can check out how to enable it in the given link.

However feel free to check the status of cock.li wth the provided site here https://cock.li/

Archive tools that I've made

Additonal tools: