★ #OSINT Tips ★ 17 short tips for website investigations
[1/17: tactical information👁️]
Purpose: collect and analyze tactical information. 1. Visit website 2. Collect visible info (contact details, VAT numbers, etc.) 3. Analyze information 4. Have fun!
[2/17: WHOIS information]
Purpose: find owner/host of website 1. Find top level domain 2. Find TLD register via iana.org/root/domains/db* 3. Fill in target URL 4. Look for registrant/registrar 5. Have fun!
* Use multiple databases/registers!
[3/17: archives]
Purpose: find archived information 1. Visit archive.org* 2. Fill in target URL 3. Check for archived information 4. Have fun!
* Use other websites such as archive.is
* Use cached version of search engines
[4/17: text]
Purpose: find related information by text 1. Copy text from target website 2. Paste text in search engine* 3. Have fun!
[5/17: images | reverse image search ]
Purpose: find websites that use the same/a similar image 1. Copy image location of target image 2. Navigate to google.com/images* 3. Find identical and overeenkomstige afbeeldingen 4. Have fun!
* Also use Yandex, Bing, Baidu, TinEye
[6/17: images | EXIF data]
Purpose: find EXIF data of digital images 1. Navigate to target image 2. Download target image 3. Extract EXIF data* 4. Analyze data 5. Have fun!
[8/17: other TLD's]
Purpose: find other tld's of target website 1. Use operators -site:target.com -site:target.* 2. Analyze and verify the results 3. Have fun!
[9/17: mentions of target]
Purpose: find mentions of target website 1. Use operators -site:target.com "target.com" 2. Analyze and verify the results 3. Have fun!
[10/17: check info via RSS]
Purpose: find information via RSS feeds 1. Navigate to target.com/RSS* 2. Analyze and verify the results 3. Have fun!
* Will of course not always work. Will probably do on Wordpress websites.
[11/17: investigate SSL certificates]
Purpose: find (sub)domains of target 1. Navigate to crt.sh 2. Typ in target website 3. Check certificate ID's 4. Analyze information 5. Have fun!
[12/17: check robots/sitemaps]
Purpose: find "hidden" webpages and content 1. Navigate to target.com/robots.txt 2. Analyse all disallowed pages and content 3. Visit pages and content 4. Have fun!
[13/17: port scans]
Purpose: find open ports and services 1. Use a TCP port scanner such as NMAP 2. Run scan 3. Analyze results 4. Have fun!
[14/17: reverse IP lookup]
Purpose: find other domains on same IP address 1. Use a service such as viewdns.info 2. Typ in target website 3. Analyze results 4. Be aware of shared hosting services 5. Have fun!
* Reverse DNS is also interesting
[15/17: reverse DNS lookup]
Purpose: find other domains that use same DNsame IP address 1. Use a service such as viewdns.info 2. Typ in target website 3. Analyze results 4. Be aware of shared hosting services 5. Have fun!
[16/17: monitoring changes]
Purpose: monitor changes on website 1. Use a service such as visualping.io 2. Fill in all information 3. Wait for changes 4. Analyze changes 5. Have fun!
[17/17: malware check]
Purpose: check for malware on target website 1. Use a service such as any.run 2. Fill in all information 3. Wait for the results 4. Analyze results 5. Have fun!
#OSINT did anyone notice that clicking on instagram URLs (instagram.com/p/...) on Twitter has changed? Previously we could open PUBLIC links from PRIVATE accounts. Now there are two possibilities 1. Opens link (PUBLIC accounts) 2. Redirects to priv. account (PRIV account)
The thing is when you visit the Instagram URL directly, the Instagram URL seems to be redirected (301 status code).
Via de Firefox extensie github.com/sowdust/search… is het mogelijk om toch nog eenvoudig queries op een FB ID te maken. Onder andere pages-liked, groups, stories-by, etc. werken nog.
Wij plaatsen deze week een Nederlandse update in onze nieuwsbrief!
Find users named X working at X currently living in X