SQL dumps (database dumps) for #OSINT

Super short practical course.


(12 tweets)

#sql #mysql #phpmyadmin

In @GoogleHacking (exploit-db.com/google-hacking…) there are 176 dorks for searching SQL dumps, which may contain any confidential information.

Simple ex (pic 2):

ivanov ext:sql site:github.com

This query search all sql-files, which contain "ivanov" in #Github

Sometimes in this way it's possible find databases with information about orders, customers or employees. Inattentively, site owners forget to close them from indexing in robot.txt.

Such SQL-dumps may contain names, surnames, dates of birth, addresses, phone numbers.

You may also encounter SQL dumps while searching for data leaks on Telegram channels, special archives or Pastebin and its counterparts.

(you can use special services based on Google Custom Search cipher387.github.io/pastebinsearch… for searching pastebin sites)

To start working with the #SQL dump, download the file with the .sql extension or open a text editor, copy the dump's text and save it to a .sql file

(you can use Notepad or TextEdit, but I prefer Sublime Text (@sublimehq) because it highlights the syntax nicely).

Now you need to define the type of database. In the current example, in the comments it says right away that it is PhpMyAdmin (#MySQL).

Therefore, next I will show you how to work with the dump in the online PhpMyAdmin client

Open demo.phpmyadmin.net/master-config/

And create database "vanilla" (we will import tables into it)

Go to "SQL" tab

Copy dump's code to the text field

Click "Forward" (Run) button

Click on the database name (vanilla) on the left panel to see a list of tables in it.

Then click on the table name to view its contents.


(you can also view all fields of the table with a simple SQL query):

SELECT * FROM `users`

Now let's try to filter the rows in the table.

For example, this query will show only those rows with age column = 20

SELECT * FROM `users` WHERE age=20;

(WHERE operator can be used with different logical operators: >=, <, <= etc)

Rows in the table can be not only filtered, but also sorted.

For example, this query will arrange the rows in ascending order of the age column value.

SELECT * FROM `users` ORDER BY age;

If you want, you can not use SQL at all, and work with table data only through the graphical interface (Search and Template query tabs)

You can immediately after downloading the data convert it to CSV using one of special online services (rebasedata.com/convert-sql-to…).
And then further work with it in #GoogleSheet or #Excel

(most database clients also have a function for exporting to XLSX/ CSV)

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Cyber Detective

Cyber Detective Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @cyb_detective

16 Sep
Tools for gathering information about YOUTUBE videos and channels.

Thread 🧵🧵🧵 12 tweets

#osint #socmint #youtube Image


Submint a link to video and get it metada:
Snippet (the exact date and time of publication, description, thumbnails links)
Content details

(also it's possible to get channel and playlist metadata) ImageImageImageImage


Submit a video id (you can find it here commentpicker.com/youtube-video-…) and download comments to it as a table (html file). Image
Read 14 tweets
10 Sep
Today I began assembling a list that will include single programmers and small teams that develop tools for #OSINT


In this thread I will tell you which of these people are working on which project (please subscribe to them and put stars on #Github) 🧵
Read 8 tweets
9 Sep
Trying to identify a country from a photo

Part 1. 12 basic tricks for outdoor photos

Thread 🧵
Step 1

The first thing to do is to break the photo up into fragments so that you can examine each one individually.

The fastest way to do this is to use online tools. For example:


(If you have a Mac, just press Command+Shift+4)
Step 2

Now look for interesting fragments in Google or Yandex

(by the way, Yandex has a built-in cropping)

It happens that the country can be identified by the model of public transport. If the photo shows "PAZ 4234", it is most likely Russia (but maybe other CIS countries).
Read 15 tweets
8 Sep
15 steps to gather information about a company.

Suitable for Fortune 500 corporations as well as the restaurant down the street.

Thread 🧵🧵🧵

#osint #corpint Image
Step 1

Gathering basic information (adress of registration, number of employes, market capitalization etc) in global business registries


@opencorporates @Craftdotco Image
Step 2

Check the details of the company in the official registry of the country in which it is registered (it can often be found on the website of the federal tax inspectorate)

cipher387.github.io/corporative_re… (63 countries) Image
Read 19 tweets
7 Sep
In this thread you will learn about 9 key services for FACE identification by photo.

I will show them using a photo of Pamela Anderson (@pamfoundation) taken in the early 90s as an example.

#osint #socmint


The first thing you should do is just try searching for the file in the Yandex.Images service. In my opinion, this is the best service in the world for reverse image search.
Sometimes it is quite enough to answer the question, "Who is this?


Now it's possible to try to search for a person's profile in the Russian social network VK ( 1,109,563,766 faces in database).

But this method doesn't work very well with known personalities...

Read 12 tweets
6 Sep
From this thread thread you will learn about 12 key #OSINT-services for gathering information about a website.

I'll show them with an example of most famous russian search engine "yandex.ru" and it's subdomains.
Step #1

Collect basic information about domain

IP address lookup, whois records, dns records, ping, traceroute, NSlookup.

Step 2

Find out what technology was used to create the site: frameworks, #javascript libraries, analytics and tracking tools, widgets, payment systems, content delivery networks etc.

Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!