Skip to content

Australian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers

License

Notifications You must be signed in to change notification settings

DFW1N/DFW1N-OSINT

Repository files navigation

DFW1N Open Source Intelligence List Australia

Description:

Conduct background checks on employees or find a missing person that will assist the government finding people. The goal of this repository is to provide information or ideas to assist in your OSINT investigation on your target. This repository will provide you with many ideas and information to conduct a thorough search.

A reminder that this list is still currently being developed and is built on OSINT gathering tools to scrape the clear web and deep web for information. This list was designed to assist cyber professionals and ethical hackers for the AustCyber Canberra Innovation Node that partnered with the Australian Federal Police, the National Missing Persons Coordination Centre, and Trace Labs to conduct a missing persons event. The purpose of this list is to ensure it is easier to find OSINT on Australians that have gone missing. This list can also be used for many other purposes beyond OSINT.

Australia's Largest Open Source Intelligence Repository

Credits

Contributor:

Contributing

Please read the Contributing file for information if you wish to start contributing to this respository.

📖 Table of Contents

Introduction

I have created this for the purposes of Open Source Intelligence (OSINT) Gathering. This is a guide and cheat sheet you can use to speed up your process for background checks, employee information scraping, missing person searches, and much more. This list would benefit:

  • Government Agencies
  • Recruiting Officers
  • Employees
  • Managers
  • Police Services
  • Intelligence Services

... and more. This has been targeted towards OSINT specifically in Australia.

Start by downloading a OSINT Operating System (OS), create burner accounts for all social media platforms so you do not use your real information as some services could alert your target to your investigation. Use a VPN when conducting OSINT investigations, but do not use a free VPN - they are an information security risk.

OSINT Operating Systems

Below are the most popular methods to start conducting OSINT investigations.

Linux Distros

  • Trace Labs OSINT VM - This VM is set up for investigators and ethical hackers for OSINT.
  • Kali Linux - Kali Linux Operating System is widely used by Offensive Security Teams, Hackers and Ethical Hackers.

Android Emulators

  • Android Studio’s Emulator - Android Studio provides the fastest tools for building apps on every type of Android device.
  • BlueStacks - Made mostly for gamers but runs other apps as well.
  • AMIDuOS - Allows your computer to launch Android apps.
  • Genymotion - Widely used by developers and has a free version for personal use.
  • ARChon - Lets you run an unlimited number of Android APKs created with `chromeos-apk`` on Chrome OS and across any desktop platform that supports Chrome.
  • Bliss - Bliss is a little different; it works as an Android emulator for PC via virtual machine.

Virtual Machines

Google Dorking

Google Dorking is a passive information gathering method. It uses leverages specially crafted Google search queries to isolate pieces of information about your target.

  • site:.google.com — Shows all subdomains.
  • intext:exampleword — search for pages on websites that contain the specific word that you are searching for.

Live Cams Australia

Have you seen anything suspicious happening in these live cams streaming all around Australia?

Online Fake Identification

So you are making burner accounts to do your OSINT on the internet and deep web. Wouldn't it be helpful for you to create a quick easy fake identity online to save to a notepad to remember your fake address, username, email, burner phone numbers? These websites will assist you in creating a fake identity in a matter of minutes to help with your investigation.

  • Burner Mobile Numbers - Mobile numbers to verify yourself to any service as Facebook or WhatsApp.
  • New York Address Generator - Use generated Addresses for your online fake identity to sign up to sites.
  • Burner - Burner is the original second phone number app for calling, texting and picture messaging, however this isnt free.
  • RecieveSMS - They are a service that allows you to use our free phone numbers to receive SMS online and anonymously.
  • Random Address Generator - Generated addresses covering all cities and states in the United States.
  • SpinXO Username Generator - Use their username generator to combine various popular keywords with your name, words that are important to you or characterize you and your personality.
  • TempSMS - Receive SMS online instantly using New Zealand burner mobile numbers.

Large Free Email Providers

This list will provide you with the largest email providers to assist you in either creating burner accounts or running email scrapes against there email domain servers on your target.

  • Protonmail - This Email Provider is based in Switzerland and has encryption protection used as @protonmail.com.
  • Outlook Live - Used as @outlook.com and @hotmail.com
  • iCloud - Most Mac, iPad, and iPhone users have an account used as @icloud.com.
  • Zoho Mail - Zoho Mail is part of a larger office productivity suite.
  • GMX Mail - One of Germany’s largest internet service providers used as @gmx.com & @gmx.ch.
  • Yahoo Mail - Yahoo! Mail had 281 million users, making it the third largest web-based email service in the world.
  • Mailinator - The Mailinator Email System puts millions of inboxes right at your fingertips. It is an amazing Email Workflow Testing tool for your Software or Service, great use for throw away burn emails.

Large Social Networks

Social Media OSINT Tools

Facebook Tools

  • Facebook Search Basics - Learn to use Facebook Search take advantage of it to find out data on your target.
  • Facebook ID Identifier - Lookup-ID.com helps you to find the Facebook ID for your profile or a Group.
  • Facebook Information Publisher - What does Facebook publish about you and your friends?
  • Facebook Social Monitoring - People are talking about you, your brand and your industry all around the social web. Fanpage Karma Social Monitoring shows you what they are talking about.
  • ExtractFace - Investigators, researchers or other analysts often have to get local copies of Facebook data.
  • Facebook Sleep Status - A small tool to show the potential privacy implications modern social media have. By tracking online/offline status of people on Facebook, it is possible to get an accurate image of their sleep pattern.

Twitter Tools

LinkedIn Tools

  • LinkedIn Automation Email Retrieval - Automation of domain and email retrieval in addition to randomized headers and xml output support through LinkedIn.
  • LinkedIn Recon Tool - Providing you with Linkedin Intelligence.
  • ScrapedIn - Tool assists in performing reconnaissance using the LinkedIn.com website/API. Provide a search string just as you would on the original website and let ScrapedIn do all the dirty work.

Australian Dating Networks

You may find information on your target on these dating websites or find them listed on it, it could become a potential lead to find out if they were listed on a dating site before they went missing or anything related to your target.

Username Identifiers

Some links that scan through sites to find where your target is registered:

  • Knowem - Searches for usernames on social media sites.
  • User Search - Searches for usernames on social media sites.
  • Xbox Username Checker - Search for your target's gamer tag on xbox when was the last time they were online?
  • Check Usernames - Check the use of your brand or username on 160 Social Networks.

Person Investigations

This will assist you with quick references to websites that could speed up your research on people.

Australia

Job Search Networks

This list is the main job search networks used in Australia to find job employment did your target recently apply for a job on any of these sites before they went missing or maybe you want to find out information about companies your doing OSINT research on.

Australia

Online Alerts

Specifically use these to get alerts when something changes or is posted with specific entries online. Wouldn't be a bad idea to put alerts on your targets social media accounts or name online.

  • Google Alert - Create Google Alerts.
  • Mention - Get live updates about your brand from the web and social media.
  • Talkwalker Alerts - Monitor the Web for interesting new content about your name, brand, competitors, events or any favorite topic with Talkwalker Alerts!
  • Meltwater - Social and marketing teams go beyond media monitoring. Try Monitoring your targets business or organisation.
  • PasteLert - Set up alerts (like google alerts) for pastebin.com entries.
  • VisualPing - Select an area and relax: We’ll send you an email alert when something changes.

Email Data Dumps

Assuming you know or have obtained your target's email address, you can check if their email has been compromised. A compromised email could lead to hashed, encrypted, or even plaintext passwords as well as more personally-identifiable information.

  • Haveibeenpwned - Check if you have an account that has been compromised in a data breach.
  • DeHashed - Display usernames & passwords from an account that has been compromised in a data breach.
  • Citadel - Display usernames & passwords from an account that has been compromised in a data breach.
  • MD5 Cracking and Hashing - Crack MD5 Hashes. This website also provides many other hash cracking tools such as SHA-512 decryption, SHA-256, Morse Code Decoding etc.

Australian Police and Intelligence Services

This section is dedicated to assist Australian, Ethical hackers, Police Services, Intelligence Agencies or Private investigators in quickly finding all law enforcement bodies in one place for quick access to information or policies you are looking for or leads on your targets.

Australian Police Services

Australian Intelligence Services

  • Australian Secret Intelligence Service - ASIS is part of the Australian Intelligence Community responsible for the collection of foreign intelligence, including both counter-intelligence and liaising with the intelligence agencies of other countries.
  • Australian Security Intelligence Organisation - Australia's national security agency responsible for the protection of the country and its citizens from espionage, sabotage, acts of foreign interference, politically motivated violence, attacks on the Australian defence system, and terrorism.
  • Office of National Intelligence Australia - Australian statutory intelligence agency responsible for advising the Prime Minister and National Security Committee, the production of all-source intelligence assessments, and the strategic development and enterprise management of the National Intelligence Community.
  • Australian Defence Intelligence Organisation - Responsible for strategic intelligence and technical intelligence assessments, advising defence and government decision-making on national security and international security issues, and the planning and conduct of Australian Defence Force operations.
  • Australian Signals Directorate - Responsible for foreign signals intelligence, support to military operations, cyber warfare, and information security.
  • Australian Geospatial-Intelligence Organisation - Responsible for the collection, analysis, and distribution of geospatial intelligence (GEOINT) in support of Australia's defence and national interests.
  • Australian Criminal Intelligence Commison - Specialist investigative capabilities and delivers and maintains national information sharing solutions.
  • Australian Border Force - Protect Australia’s border and enable legitimate travel and trade.
  • Australian Transaction Reports and Analysis Centre - AUSTRAC is an Australian Government agency that uses financial intelligence and regulation to disrupt money laundering, terrorism financing and other serious crime.

Australian Cyber Departments

  • Australian Cyber Security Centre - Responsible for analysis, investigation and reporting of cyber threats and coordinating national security capabilities and operations for incidents of cybercrime, cyberterrorism, and cyberwarfare.

Internet Search Engines

List of big known search engines used to browse the internet.

IoT Search Engines

  • Shodan - Shodan is a search engine that lets the user find specific Internet of Things connected to the internet.
  • ZoomEye - Search engine for Cyberspace Searches.
  • Censys - Get a current view of all of your organization's assets so you can proactively prevent targeted attacks and investigate suspicious activity.
  • FOFA Pro - FOFA is a cyberspace search engine developed by BAIMAOHUI.

Best Browser Add-ons for OSINT

Mozilla Firefox

Google Chrome

  • Adblock - Blocks Ads.
  • FireShot - Take Webpage Screenshots.
  • Mostly Harmless - Tells you whether or not it’s on Reddit.
  • Distill Web Monitor - Distill runs in your browser to check monitored pages for changes. Get instant alerts as soon as a change is detected.
  • Treeverse - It takes a conversation on Twitter and breaks it down into a hierarchical tree and tells you who is talking to who and where the connections are.
  • RevEye - Reverse Image Search.
  • LinkedIn Sales Navigator - Engage with Sales Navigator insights where you’re already communicating with prospects and customers.

Internet Browsers

Most Visited Sites

This Section will list the most visited sites in Australia the benefit of this list will give you quick access to sites you could use to scrape for usernames or emails registered to it to locate or find information on people.

Australia

Search Australian Vehicle Registrations

Find out what type of car your target, employee, boss or company has what colour, engine type, brand is it this information would benefit you if you find there registration plate number this information could be used to locate their car passing through live cams on Australian highways to find out where your target was heading towards or disappeared at this could unlock a whole new piece of information on your targets location it gives you the ability to find out where they were heading if you find it the direction the vehicle was traveling.

Live Traffic Cameras for OSINT Gathering

Australian Prison System

Is your target from prison? Maybe a person went missing near a jail. This section will list:

  • How to locate Australian prisoners
  • Corrective services in Australia
  • Prison locations

... for quick OSINT research of areas that could pose a risk to the Australian society if something was to happen in the surrounding area.

Australian Capital Cities

Australia

Geolocation Tools & Sites

These programs and tools can be used for OSINT Research to try get a understanding of the area and the surroundings to research the area for any clues in the surrounding area that could help with person finding.

Tools

  • Google Earth Pro
  • Creepy - A Geolocation OSINT Tool. Offers geolocation information gathering through social networking platforms.
  • Echosec - However this is a alternate for data discovery for threat intelligence it does cost $500 a month.

Sites

OSINT Tools

  • Maltego - Maltego is proprietary software used for open-source intelligence and forensics.
  • OSINT Framework - OSINT framework focused on gathering information from free tools or resources.
  • Grabify - Grabify IP Logger by Creating or Track URLs that you create you can find out there IP, location, Service provider, device being used this type of method is used if you are getting catfished or trying to get further information on your target.

Barcode Readers & Generators

Automated OSINT Tools

  • Photon - Incredibly fast crawler designed for OSINT.

  • Zen - Find email address of a user through the github website.

  • Spiderfoot - SpiderFoot is an open source intelligence (OSINT) automation tool. Its goal is to automate the process of gathering intelligence.

  • Sn1per - Sn1per is an automated Penetration Testing tool it can be used for information gathering I could gather data on your target in a very short amount of time.

  • theHarvester - This tool harvests informaration on your target best way to use these type of tools is through the operating systems like Kali Linux.

  • Orbit - Orbit is designed to explore network of a blockchain wallet by recursively crawling through transaction history. The data is rendered as a graph to reveal major sources, sinks and suspicious connections.

  • Belati - Belati is tool for Collecting Public Data & Public Document from Website and other service for OSINT purpose. This tools is inspired by Foca and Datasploit for OSINT.

  • Datasploit - This automation tool is outdated but it can be easily fixed within its code to work for your needs it scans the internet based on OSINT data.

  • Recon-ng - Tool used to perform information gathering thoroughly and quickly.

  • Metagoofil - Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company.

  • FOCA - FOCA is a tool used mainly to find metadata and hidden information in the documents it scans. These documents may be on web pages, and can be downloaded and analysed with FOCA.

  • Sherlock - Hunt down social media accounts by username across social networks.

    alt tag

Image Forensics

  • Deblur Image - Have you found a photo of what your looking for but its blurry and cant make it out use this tool to try make the image clearer for your investigation.
  • Blurity! - Works on making your blurry photo more sharp.
  • Lets Enchance - Enhance and upscale images online using AI.
  • CamFind - Have you ever wanted to Search the Physical World™? Enter CamFind. The world’s most accurate mobile visual search engine.
  • Image Identifier - Image Identification Project.
  • LunaPic - Decrypt your image with a password or phrase.
  • Decrypt Image Online - Image decryption tool help to restore your encrypted image to its original pixels.

Mobile Forensics

So you have your target's phone number. Use these OSINT tools to assist with your investigation or background checks:

  • PhoneInfoga - PhoneInfoga is one of the most advanced tools to scan phone numbers using only free resources.
  • PayID - Your target may have registered their phone number (or email address, ABN, etc.) with PayID through their bank. You can check this by passing their phone number through your own bank's PayID system - you may be able to retrieve full names or other key pieces of information.

Australian Credit Checks

So let's assume you have done a fair amount of OSINT gathering on your target and you have managed to get the basics of their details. Why not take it a step further and use those details to do a credit check on them? This would increase your profile on your target as this may unlock unpaid bills or outstanding debts.

  • Free Credit Check - You would theoretically need to create an account on this site with the details you have obtained during your OSINT investigation. Do not commit identity theft. This document does not condone identity theft, in fact, it condemns it in the strongest of terms.
  • Finder Credit Check (AU) - Account required.

Australian ABN Look Up

You may have found the company or name of your target. Why not check if they have a ABN? You may find some interesting details that are free and open source that could help you with your investigation.

  • ABN Search - Trading names to continue to be displayed for a further five years, ABN Lookup will continue to display trading names for a further five years until 31 October 2023.

Companies need to be registered with ASIC, as well as business names. You can find information about companies tied to their ACNs (Australian company numbers) as well as information behind sole traders (including home addresses in some cases, if they haven't marked themselves as anonymous in the Australian Electoral Role). ASIC also offers the ability to obtain company filings for a fee.

Report Generators

After you have enough information on your target, you can use these tools to assist in generating a final report:

  • Canva - An engaging report is all about presenting your information clearly and beautifully. It could be an annual company report, sales report, budget report, expense report; even a white paper.
  • Reportivo - Upload the data for your report in Excel or CSV format.
  • Bug Bounty Report Generator - A quick tool for generating quality bug bounty reports.

VPN Services

Below are popular VPN services to keep your IP address hidden when browsing the internet.

VPN Services

There are many other VPN Services this is just a handful look around find one that is right for you.

Dark Web Links

Freedom Of Information

Every state and territory jurisdiction as well as the Commonwealth has a Freedom Of Information (FOI) Act. These pieces of legislation allow anyone to request publication of a vast range of documents held by the governments of Australia. Note that the specifics of FOI requests differ between jurisdictions, and legislation is often amended.

Australian Archives

Your target may have been mentioned in an old newspaper article or other archived media. You can use the following services to attempt to dig up any relevant information:

Support

Please Support me if this has helped you with OSINT Research or investigation by following me on Twitter or connecting with me on LinkedIn feel free to visit my site at Crimol. I hope this has helped with your investigation or OSINT or atleast given you ideas to where to start your search and the potential of open source intelligence that relates to the target.

@Sacha_Roussakis

@Sacha Roussakis-Notter

Radio/Signal Broadcasts

Many Australian radio and signal feeds are streamed and/or archived across the web. For example, the ACT's emergency services broadcast feed and its archives can be found here:

These feeds can be incredibly useful. The ABC used this particular feed to time the emergency response to the Namadgi bushfire in January 2020.

Aerial Imagery

Beyond satellite data from providers like MODIS, Australian jurisdictions often release aerial imagery and other geospatial data through public GIS servers (often running ArcGIS behind the scenes).

Geoscience Australia has a vast online collection of historic aerial imagery that is available for free access:

Other providers include State/Territory governments themselves. The ACT and NSW governments both provide ArcGIS access to historic and current(ish) aerial imagery:

Transport

Flights

Like pretty much anywhere else in the world, you can track Australian airlines and flights with flight trackers like Flightradar24.

Public Transport

Many jurisdictions have open data feeds that provide current or near-current information about public transport systems. The ACT has a data feed for their ACTION buses as well as live data feeds for their tram system. More information canb e found here. If you have access to the Google Maps API, you can get a general interface into most jurisdictions' transport systems where Google has already done the API integration work for you. More info can be found here.

Courts and Tribunal Hearings

Most courts in Australia are open, meaning the public is allowed to know about who each hearing is for, and can visit the court (or in some cases dial in remotely) to watch/listen to the hearing's proceedings.

NSW provides a central list for all court cases. If you can pass a CAPTCHA, you can access them all:

The ACT does the same (pretty easy, as it only has 2 courts beyond the Childrens Court):

Some other jurisdictions like Queensland make the process a bit harder, where some local/magistrate courts (e.g., Toowoomba) have their own websites with their own hearing list system. These can range from well-maintained to copy-and-pasted-PDF to non-existing levels of accessibility:

The Federal courts (including the High Court) provide regularly updated hearing lists:

Tenders and Contracts

Each government around Australia contracts out certain activities to private third parties. Tenders (proposals for this work) and contracts (agreements between 3rd parties and the government to complete the work and constraints, etc.) are publicly available to different degrees depending on jurisdiction. The Commonwealth's one-stop shop for contracts and tenders is AusTender. Each state and territory provides their contract listings to varying degrees of accessibility.

Contracts and tenders, and surrounding media reports, can help paint a picture of why certain decisions were made and can be full of information relevant to an investigation.

Intellectual Property & Trade Marks

IP Australia offers a search function for trade marks and copyright. This may help an investigation directly, but it's also important to respect trade mark and copyright legislation as part of the investigation and reporting process, so as to not jeapordise your work.

Public Service Gazettes

Most governments in Australia publish employment gazettes. These documents contain the names of new internal employees within the public service. You're not going to find any ASIO agents this way, but they can offer some quick wins if you have a full name to use within your investigation:

etc., you can easily Google the rest.