Git-Mirrors/ohshint.gitbook.io
1
0
Fork 0
mirror of https://github.com/OhShINT/ohshint.gitbook.io.git synced 2025-02-18 13:54:24 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity
ohshint.gitbook.io/OSINT_Protips/OSINT-Protips.md
OH SHINT! 40559ff266
Update OSINT-Protips.md
2021-11-20 01:58:14 -08:00

268 lines
11 KiB
Markdown
Raw Blame History

# **OSINT Protips**
If you follow my Twitter ([@ohshint_](https://twitter.com/ohshint_)), you may have noticed that recently have been going on a tweeting spree providing useful OSINT tips and tricks using the hashtag [#OSINTProtip](https://twitter.com/hashtag/OSINTProtip).
For those who don't use and/or don't care about Twitter, you can view all of these pro tips on this page. I will be updating this page whenever I post a new OSINT protip.
## **OSINT Protip 1**
> Posted on *4/11/2021* at *11:17 PM*.
> URL: [https://twitter.com/ohshint_/status/1456505851020070913](https://twitter.com/ohshint_/status/1456505851020070913)
[#OSINT](https://twitter.com/hashtag/OSINT?src=hashtag_click) Protip:
You can easily download any Google document for offline use by simply editing its URL. Example (Using [@bellingcat](https://twitter.com/bellingcat)'s Online Investigation Toolkit):
[https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyhIDuK9jrPGwYr9DI2UncoqJQ/export?format=xlsx](https://t.co/TUGT965czi?amp=1)
[#OSINTProtip](https://twitter.com/hashtag/OSINTProtip?src=hashtag_click)
Just add "/export?format=<file type>" to the documents URL!
"/spreadsheets/d/<document ID>/export?format=<file type>"
and/or
"/document/d/<document ID>/export?format=<file type>"
Export spreadsheets in pdf or xlsx format. Export documents in pdf, docx, epub, txt, md, and more!
## **OSINT Protip 2**
> Posted on *6/11/2021* at *3:42 PM*.
> URL: [https://twitter.com/ohshint_/status/1457116170432118784](https://twitter.com/ohshint_/status/1457116170432118784)
[#OSINT](https://twitter.com/hashtag/OSINT?src=hashtag_click) Protip 2:
You can view and download an #Instagram post in full resolution by simply adding "/media/?size=l" to the post URL.
Example:
[https://instagram.com/p/CMdB2v8liSf/media/?size=l](https://instagram.com/p/CMdB2v8liSf/media/?size=l)
You can also use "?size=m", if you want a smaller resolution.
[#OSINTProtip](https://twitter.com/hashtag/OSINTProtip?src=hashtag_click)
## **OSINT Protip 3**
> Posted on *8/11/2021* at *3:18 AM*.
> URL: [https://twitter.com/ohshint_/status/1457668968571834371](https://twitter.com/ohshint_/status/1457668968571834371)
[#OSINT](https://twitter.com/hashtag/OSINT?src=hashtag_click) Protip 3:
There are archives of Chrome, Firefox and Edge browser extensions that allow you to download older versions, view history, see developer information and other metadata.
- http://crxcavator.io
- http://crx4chrome.com
- https://archive.org/details/Firefox_Legacy_Collector_Dump
[#OSINTProtip](https://twitter.com/hashtag/OSINTProtip?src=hashtag_click)
Here is another useful archive of #Firefox add-ons:
- http://github.com/JustOff/ca-archive
This is a tool for downloading and extracting the source code from a .crx file:
- http://crxextractor.com
These archives can be very useful when researching and discovering malicious activity!
## OSINT Protip 4
> Posted on *8/11/2021* at *10:59 PM*.
> URL: [https://twitter.com/ohshint_/status/1457966143721730052](https://twitter.com/ohshint_/status/1457966143721730052)
[#OSINT](https://twitter.com/hashtag/OSINT?src=hashtag_click) Protip 4:
Get yourself a library card (Register with fake information, if possible).
Many times local libraries offer free access to large datasets such as immigration records, ancestry data, newspaper archives, current and historical maps, and much more.
[#OSINTProtip](https://twitter.com/hashtag/OSINTProtip?src=hashtag_click)
## OSINT Protip 5
> Posted on *10/11/2021* at *12:29 PM*.
> URL: [https://twitter.com/ohshint_/status/1458532227743027202](https://twitter.com/ohshint_/status/1458532227743027202)
[#OSINT](https://twitter.com/hashtag/OSINT?src=hashtag_click) Protip 5:
Use 3rd party viewers to browse Instagram profiles without having to use a sock-puppet account.
- http://picuki.com
- http://dumpor.com
- http://pixwox.com
- http://gramhir.com
[#OSINTProtip](https://twitter.com/hashtag/OSINTProtip?src=hashtag_click)
Also, it's worth noting that sometimes these pages have been archived on the Wayback Machine and archive.today.
So it's worth checking in case you encounter a private account or to see if an Instagram account has deleted some of their posts!
[#OSINT](https://twitter.com/hashtag/OSINT?src=hashtag_click) [#OSINTProtip](https://twitter.com/hashtag/OSINTProtip?src=hashtag_click)
## OSINT Protip 6
> Posted on *11/10/2021* at *6:41 PM*.
> URL: [https://twitter.com/ohshint_/status/1458988232373198853](https://twitter.com/ohshint_/status/1458988232373198853)
[#OSINT](https://twitter.com/hashtag/OSINT?src=hashtag_click) Protip 6:
Flowcharts, use them.
These will ensure that you don't potentially miss anything while investigating different platforms and subjects. Extremely useful!
Created by [@sinwindie](https://twitter.com/sinwindie), so go give him a follow and star his GitHub: https://github.com/sinwindie/OSINT
[#OSINTProtip](https://twitter.com/hashtag/OSINTProtip?src=hashtag_click)
Attached images:
<img src="https://github.com/OhShINT/ohshint.gitbook.io/blob/main/OSINT_Protips/Images/Twitter-Attack-Surface-for-OSINT-Investigations.jpg"/> <img src="https://github.com/OhShINT/ohshint.gitbook.io/blob/main/OSINT_Protips/Images/Person-Attack-Surface-for-OSINT-Investigations.jpg"/> <img src="https://github.com/OhShINT/ohshint.gitbook.io/blob/main/OSINT_Protips/Images/Instagram-Attack-Surface-for-OSINT-Investigations.jpg"/> <img src="https://github.com/OhShINT/ohshint.gitbook.io/blob/main/OSINT_Protips/Images/DWM-Attack-Surface-for-OSINT-Investigations.jpg"/>
## OSINT Protip 7
> Posted on *12/11/2021* at *7:16 PM*.
> URL: [https://twitter.com/ohshint_/status/1459359586989740034](https://twitter.com/ohshint_/status/1459359586989740034)
[#OSINT](https://twitter.com/hashtag/OSINT?src=hashtag_click) Protip 7:
Federal and local governments often offer GIS data and other data sets for free.
Including interactive maps, property, environmental and infrastructure information for specific areas.
Many of them can be found here:
- https://dataportals.org/search
[#OSINTProtip](https://twitter.com/hashtag/OSINTProtip?src=hashtag_click)
Here is another example of what I'm talking about here.
This is a great collection of Canadian open data portals, both federal and provincial. This site also provides some other useful non-Canadian data sets.
- http://davidmckie.com/open-data-portals/
[#OSINTProtip](https://twitter.com/hashtag/OSINTProtip?src=hashtag_click)
## OSINT Protip 8
> Posted on *13/11/2021* at *6:27 PM*.
> URL: [https://twitter.com/ohshint_/status/1459709465859481603](https://twitter.com/ohshint_/status/1459709465859481603)
[#OSINT](https://twitter.com/hashtag/OSINT?src=hashtag_click) Protip 8:
OSINT is essentially an umbrella term for intelligence work.
You should familiarize yourself with the common acronyms used in the in intelligence field, as you will likely encounter them in your journey.
Read more here:
- https://ohshint.gitbook.io/oh-shint-its-a-blog/osint/osint-wtf
[#OSINTProtip](https://twitter.com/hashtag/OSINTProtip?src=hashtag_click)
Attached image:
<img src="https://github.com/OhShINT/ohshint.gitbook.io/blob/main/OSINT_Protips/Images/Common-Intelligence-Acronyms-and-Their-Meanings.png"/>
## OSINT Protip 9
> Posted on *13/11/2021* at *8:19 PM*.
> URL: [https://twitter.com/ohshint_/status/1459737802296348673](https://twitter.com/ohshint_/status/1459737802296348673)
[#OSINT](https://twitter.com/hashtag/OSINT?src=hashtag_click) Protip 9:
If you didn't know about this before, you should!
Simple way to bypass the login prompt when scrolling through an [#Instagram](https://twitter.com/hashtag/Instagram?src=hashtag_click) profile.
This technique also works with [#Pinterest](https://twitter.com/hashtag/Pinterest?src=hashtag_click).
[#OSINTProtip](https://twitter.com/hashtag/OSINTProtip?src=hashtag_click)
Attached image:
<img src="https://github.com/OhShINT/ohshint.gitbook.io/blob/main/OSINT_Protips/Images/Instagram-Login-Bypass.png"/>
## #OSINT Protip 10
> Posted on *14/11/2021* at *5:32 PM*.
> URL: [https://twitter.com/ohshint_/status/1460058111188733952](https://twitter.com/ohshint_/status/1460058111188733952)
[#OSINT](https://twitter.com/hashtag/OSINT?src=hashtag_click) Protip 10:
[#Gmail](https://twitter.com/hashtag/OSINTProtip?src=hashtag_click) addresses ignore dots, but everything else usually does not. Potentially discover new information and additional leads!
Example:
`johnathandoe@gmail.com` and `johnathan.doe@gmail.com` is the same address, but they provide different results:
[#OSINTProtip](https://twitter.com/hashtag/OSINTProtip?src=hashtag_click)
Attached images:
<img src="https://github.com/OhShINT/ohshint.gitbook.io/blob/main/OSINT_Protips/Images/HIBP-Results.PNG"/> <img src="https://github.com/OhShINT/ohshint.gitbook.io/blob/main/OSINT_Protips/Images/Holehe-Output.PNG"/>
## **OSINT Protip 11**
> Posted on *18/11/2021* at *4:47 PM.*
> URL: [https://twitter.com/ohshint_/status/1461496264181223426](https://twitter.com/ohshint_/status/1461496264181223426)
[#OSINT](https://twitter.com/hashtag/OSINT?src=hashtag_click) Protip 11:
IP addresses can sometimes be useful. Other than geo-location, you can also check to see if and what torrents have been downloaded by searching a specific IP:
- [https://iknowwhatyoudownload.com/](https://iknowwhatyoudownload.com/)
[#OSINTProtip](https://twitter.com/hashtag/OSINTProtip?src=hashtag_click)
## **OSINT Protip 12**
> Posted on *18/11/2021* at *9:18 PM.*
> URL: [https://twitter.com/ohshint_/status/1461564466781306880](https://twitter.com/ohshint_/status/1461564466781306880)
[#OSINT](https://twitter.com/hashtag/OSINT?src=hashtag_click) Protip 12:
Sometimes its needed to use foreign information services while working on a specific case.
Here is a list of telephone and business directories for different parts of the world. Very useful! Translation may be needed.
- [https://om.1881.no/nyttige-sider/kataloger-i-utlandet](https://om.1881.no/nyttige-sider/kataloger-i-utlandet)
[#OSINTProtip](https://twitter.com/hashtag/OSINTProtip?src=hashtag_click)
## **OSINT Protip 13**
> Posted on *19/11/2021* at *7:09 PM.*
> URL: [https://twitter.com/ohshint_/status/1461894323750916099](https://twitter.com/ohshint_/status/1461894323750916099)
[#OSINT](https://twitter.com/hashtag/OSINT?src=hashtag_click) Protip 13:
Is [#Instagram](https://twitter.com/hashtag/Instagram?src=hashtag_click) banning your sockpuppets? Use this simple trick to bypass their new "video verification" data collection scheme.
Step 1: Go to [https://sketchfab.com/tqyw/collections/human-face](https://sketchfab.com/tqyw/collections/human-face)
Step 2: Use your phones camera and follow Instagram's instructions.
[#OSINTProtip](https://twitter.com/hashtag/OSINTProtip?src=hashtag_click) [#Metaverse](https://twitter.com/hashtag/Metaverse?src=hashtag_click)
Reference in New Issue View Git Blame Copy Permalink