Skip to content

Latest commit

 

History

History
516 lines (428 loc) · 46.7 KB

README.md

File metadata and controls

516 lines (428 loc) · 46.7 KB

Australia's OSINT - Open Source Intelligence List

Description:

This repository will assist with your Open Source Intelligence Gathering + Investigation on your target. This repository will have Open Source Intelligence Gathering tools to scrape the Internet and Deep Web for information this list was designed to assist cybersecurity professionals, investigators, security officers, law enforcement, council workerz, rangers etc for any, many purposes from finding the missing Australians to verifying someones identity, not just used for only Open Source Intelligence.

Australias Largest Open Source Intelligence Repository

Please read the Contributing file for information if you wish to start contributing to this respository.

📖 Table of Contents

Introduction

I have created this for the purposes of Open Source Intelligence Gathering known as (OSINT) this is a guide and cheat sheet or just somthing you can use to speed up your process for Background Checks, Employee Information Scraping, Finding Missing People and much more this list would benefit, Government Agencies, Recruiting Officers, Employees, Managers, Police Services, Intelligence Services and more this has been targeted towards OSINT in Australia only for finding missing people and other reasons.

Start by downloading a OSINT Operating System (OS), create burner accounts for all social media platforms so you do not use your real information as websites sometimes show who has been on there profile or similar use a VPN or even if your doing it for a short time use a free VPN but dont be sure to rely on free VPN services you get what you pay for and use this list to assist in finding OSINT information on your target good luck.

OSINT Operating Systems

Below will be listed the Two best known operating systems to start conducting OSINT to scrape the wider Internet and Deep web on your target use a Android Emulator to create a burner phone to secure your devices and identity.

Linux Operating Systems

  • Buscador OS - This Operating System is setup for Investigators and Ethical Hackers for OSINT purposes.
  • Kali Linux OS - Kali Linux Operating System is widely used by Offensive Security Teams, Hackers and Ethical Hackers.

Android Emulators

  • Android Studio’s Emulator - Android Studio provides the fastest tools for building apps on every type of Android device.
  • BlueStacks - Made mostly for gamers but runs other apps as well.
  • AMIDuOS - AMIDuOS Android emulator by American developers allows using your computer for launching programs that were developed for Android OS.
  • Genymotion - Widely used by developers but also has a free version for personal use.
  • ARChon - ARChon runtime lets you run unlimited number of Android APKs created with chromeos-apk on Chrome OS and across any desktop platform that supports Chrome.
  • Bliss - Bliss is something a little bit different. It works as an Android emulator for PC via virtual machine.

Virtual Machines

Google Hacking

Google Hacking also known as Dorking is a passive information gathering method it uses queries that might be useful during domain investigation or searching for specific files on the internet on your target or organisation.

  • Site:.google.com — Shows all subdomains.
  • intext:exampleword — search for pages on websites that contain the specific word that you are searching for.

Live Cams Australia

Have you seen anything suspicious happening in these live cams streaming all around Australia?

Online Fake Identification

So you are making burn accounts to do your OSINT on the internet and deep web wouldnt it be easy for you to create a quick easy fake identity online to save to a notepad to remember your fake address, username, email, burner phone numbers these websites will assist you in creating a fake identity in a matter of minutes to help with OSINT on burn accounts.

  • Burner Mobile Numbers - mobile numbers to verify yourself to any service as Facebook or WhatsApp.
  • New York Address Generator - Use generated Addresses for your online fake identity to sign up to sites.
  • Burner - Burner is the original second phone number app for calling, texting and picture messaging, however this isnt free.
  • RecieveSMS - They are a service that allows you to use our free phone numbers to receive SMS online and anonymously.
  • Random Address Generator - Generated addresses covering all cities and states in the United States.
  • SpinXO Username Generator - Use there username generator to combine various popular keywords with your name, words that are important to you or characterize you and your personality.
  • TempSMS - Recieve SMS online instantly using New Zealand burner mobile numbers.

Large Free Email Providers

This list will provide you with the largest email providers to assist you in either creating burner accounts or running email scrapes against there email domain servers on your target.

  • Protonmail - This Email Provider is based in Switzerland and has encryption protection used as @protonmail.com.
  • Outlook Live - Used as @outlook.com @hotmail.
  • iCloud - Most Mac, iPad, and iPhone users have an account used as @icloud.com.
  • Zoho Mail - Zoho Mail is part of a larger office productivity suite.
  • GMX Mail - One of Germany’s largest internet service providers used as @gmx.com & @gmx.ch.
  • Yahoo Mail - Yahoo! Mail had 281 million users, making it the third largest web-based email service in the world.
  • Mailinator - The Mailinator Email System puts millions of inboxes right at your fingertips. It is an amazing Email Workflow Testing tool for your Software or Service, great use for throw away burn emails.

Large Social Networks

Social Media OSINT Tools

Facebook Tools

  • Facebook Search Basics - Learn to use Facebook Search take advantage of it to find out data on your target.
  • Facebook ID Identifier - Lookup-ID.com helps you to find the Facebook ID for your profile or a Group.
  • Facebook Information Publisher - What does Facebook publish about you and your friends?
  • Facebook Social Monitoring - People are talking about you, your brand and your industry all around the social web. Fanpage Karma Social Monitoring shows you, what they are talking about.
  • ExtractFace - Investigators, researchers or other analysts often have to get local copies of Facebook data.
  • Facebook Sleep Status - A small tool to show the potential privacy implications modern social media have. By tracking online/offline status of people on Facebook, it is possible to get an accurate image of their sleep pattern.

Twitter Tools

LinkedIn Tools

  • LinkedIn Automation Email Retrieval - Automation of domain and email retrieval in addition to randomized headers and xml output support through LinkedIn.
  • LinkedIn Recon Tool - Providing you with Linkedin Intelligence.
  • ScrapedIn - Tool assists in performing reconnaissance using the LinkedIn.com website/API. Provide a search string just as you would on the original website and let ScrapedIn do all the dirty work.

Australian Dating Networks

You may find informaiton on your target on these dating websites or find them listed on it, it could become a potential lead to find out if they were listed on a dating site before they went missing or anything releated to your target.

Username Identifiers

The person you are searching do you know the username they go under like on reddit, xbox, playstation, steam here are some links that scan through sites to find what sites they are registered on.

  • Knowem - Searches for usernames on social media sites.
  • User Search - Searches for usernames on social media sites.
  • Xbox Username Checker - Search for you're targets gamer tag on xbox when was the last time they where online?
  • Check Usernames - Check the use of your brand or username on 160 Social Networks.

Person Investigations

This will assist you with quick references to websites that could speed up your research on people.

Australia

Job Search Networks

This list is the main job search networks used in Australia to find job employment did your target recently apply for a job on any of these sites before they went missing or maybe you want to find out information about companies your doing OSINT research on.

Australia

Online Alerts

Specifically use these to get alerts when somthing changes or is posted with specific enteries online. Wouldn't be a bad idea to put alerts on your targets social media accounts or name online.

  • Google Alert - Create Google Alerts.
  • Mention - Get live updates about your brand from the web and social media.
  • Talkwalker Alerts - Monitor the Web for interesting new content about your name, brand, competitors, events or any favorite topic with Talkwalker Alerts!
  • Meltwater - Social and marketing teams go beyond media monitoring. Try Monitoring your targets bussiness or organisation.
  • PasteLert - Set up alerts (like google alerts) for pastebin.com entries.
  • VisualPing - Select an area and relax: We’ll send you an email alert when something changes.

Email Data Dumps

Assuming you have know or have obtained your targets email you can always check if there email has been compromised which results in Email data dump and password dumps and what if you got a encrypted text relating to the password data dump use the tools I list below to help you with getting the informaiton on your target or even yourself.

  • Haveibeenpwned - Check if you have an account that has been compromised in a data breach
  • DeHashed - Display usernames & passwords from an account that has been compromised in a data breach
  • Citadel - Display usernames & passwords from an account that has been compromised in a data breach
  • MD5 Decryption and Encryption - Decrypt MD5 Hashes this website also provides many other decryption tools such as Sha512 decryption, Sha256, Morse Code Decryption etc.

Australian Police and Intelligence Services

This section is dedicated to assist Australian, Ethical hackers, Police Services, Intelligence Agencies or Private investigators in quickly finding all law enforcement bodies in one place for quick access to information or policies you are looking for or leads on your targets.

Australian Police Services

Australian Intelligence Services

  • Australian Secret Intelligence Service - ASIS is part of the Australian Intelligence Community responsible for the collection of foreign intelligence, including both counter-intelligence and liaising with the intelligence agencies of other countries.
  • Australian Security Intelligence Organisation - Australia's national security agency responsible for the protection of the country and its citizens from espionage, sabotage, acts of foreign interference, politically motivated violence, attacks on the Australian defence system, and terrorism.
  • Office of National Intelligence Australia - Australian statutory intelligence agency responsible for advising the Prime Minister and National Security Committee, the production of all-source intelligence assessments, and the strategic development and enterprise management of the National Intelligence Community.
  • Australian Defence Intelligence Organisation - Responsible for strategic intelligence and technical intelligence assessments, advising defence and government decision-making on national security and international security issues, and the planning and conduct of Australian Defence Force operations.
  • Australian Signals Directorate - Responsible for foreign signals intelligence, support to military operations, cyber warfare, and information security.
  • Australian Geospatial-Intelligence Organisation - Responsible for the collection, analysis, and distribution of geospatial intelligence (GEOINT) in support of Australia's defence and national interests.

Australian National Intelligence

Australian Cyber Departments

  • Australian Cyber Security Centre - Responsible for cybersecurity including analysing, investigating and reporting cyber threats and coordinating national security capabilities and operations for incidents of cybercrime, cyberterrorism, and cyberwarfare.

Internet Search Engines

List of big known search engines used to browse the internet.

IoT Search Engines

  • Shodan - Shodan is a search engine that lets the user find specific Internet of Things connected to the internet.
  • ZoomEye - Search engine for Cyberspace Searches.
  • Censys - Get a current view of all of your organization's assets so you can proactively prevent targeted attacks and investigate suspicious activity.
  • FOFA Pro - FOFA is a cyberspace search engine developed by BAIMAOHUI.

Best Browser Add-ons for OSINT

Mozilla Firefox

Google Chrome

  • Adblock - Blocks Ads.
  • FireShot - Take Webpage Screenshots.
  • Mostly Harmless - Tells you whether or not it’s on Reddit.
  • Distill Web Monitor - Distill runs in your browser to check monitored pages for changes. Get instant alerts as soon as a change is detected.
  • Treeverse - It takes a conversation on Twitter and breaks it down into a hierarchical tree and tells you who is talking to who and where the connections are.
  • RevEye - Reverse Image Search.
  • LinkedIn Sales Navigator - Engage with Sales Navigator insights where you’re already communicating with prospects and customers.

Internet Browsers

This section will list known Internet Browsers.

Most Visited Sites

This Section will list the most visited sites in Australia the benefit of this list will give you quick access to sites you could use to scrape for usernames or emails registered to it to locate or find information on people.

Australia

Search Australian Vechicle Registrations

Find out what type of car your target, employee, boss or company has what colour, engine type, brand is it this information would benefit you if you find there registration plate number this information could be used to locate their car passing through live cams on Australian highways to find out where your target was heading towards or dissapeared at this could unlock a whole new piece of information on your targets location it gives you the ability to find out where they were heading if you find it the direction the vechicle was traveling.

Live Traffic Cameras for OSINT Gathering

Australian Prison System

Is your target from prison or family, maybe a person went missing near a jail this section will list, how to locate Australian prisoners, corrective services in australia and prison locations for quick OSINT research of areas that could pose a risk to the Australian society if somthing was to happen in the surrounding area.

Australian Corrective Services

Australian Capital Cities

Australia

Geolocation Tools & Sites

These programs and tools can be used for OSINT Research to try get a understanding of the area and the surroundings to research the area for any clues in the surrounding area that could help with person finding.

Tools

  • Google Earth Pro
  • Creepy - A Geolocation OSINT Tool. Offers geolocation information gathering through social networking platforms.
  • Echosec - However this is a alternate for data discovery for threat intelligence it does cost $500 a month.

Sites

OSINT Tools

  • Maltego - Maltego is proprietary software used for open-source intelligence and forensics.
  • OSINT Framework - OSINT framework focused on gathering information from free tools or resources.
  • Grabify - Grabify IP Logger by Creating or Track URLs that you create you can find out there IP, location, Service provider, device being used this type of method is used if you are getting catfished or trying to get further information on your target.

Barcode Readers & Generators

Automated OSINT Tools

  • Photon - Incredibly fast crawler designed for OSINT.

  • Zen - Find email address of a user through the github website.

  • Spiderfoot - SpiderFoot is an open source intelligence (OSINT) automation tool. Its goal is to automate the process of gathering intelligence.

  • Sn1per - Sn1per is an automated Penetration Testing tool it can be used for information gathering I could gather data on your target in a very short amount of time.

  • theHarvester - This tool harvests informaration on your target best way to use these type of tools is through the operating systems like Kali Linux.

  • Orbit - Orbit is designed to explore network of a blockchain wallet by recursively crawling through transaction history. The data is rendered as a graph to reveal major sources, sinks and suspicious connections.

  • Belati - Belati is tool for Collecting Public Data & Public Document from Website and other service for OSINT purpose. This tools is inspired by Foca and Datasploit for OSINT.

  • Datasploit - This automation tool is outdated but it can be easily fixed within its code to work for your needs it scans the internet based on OSINT data.

  • Recon-ng - Tool used to perform information gathering thoroughly and quickly.

  • Metagoofil - Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company.

  • FOCA - FOCA is a tool used mainly to find metadata and hidden information in the documents it scans. These documents may be on web pages, and can be downloaded and analysed with FOCA.

  • Sherlock - Hunt down social media accounts by username across social networks.

    alt tag

Image Forensics

  • Deblur Image - Have you found a photo of what your looking for but its blurry and cant make it out use this tool to try make the image clearer for your investigation.
  • Blurity! - Works on making your blurry photo more sharp.
  • Lets Enchance - Enhance and upscale images online using AI.
  • CamFind - Have you ever wanted to Search the Physical World™? Enter CamFind. The world’s most accurate mobile visual search engine.
  • Image Identifier - Image Identification Project.
  • LunaPic - Decrypt your image with a password or phrase.
  • Decrypt Image Online - Image decryption tool help to restore your encrypted image to its original pixels.

Mobile Forensics

So your target has called you or you have found there number use these OSINT tools to assist with your investigation or background checks or however you want to use these resources.

  • PhoneInfoga - PhoneInfoga is one of the most advanced tools to scan phone numbers using only free resources.

Australian Credit Checks

So lets assume you have done a fair enough of OSINT gathering on your target and you have managed to get the basics of there details why not take it a step further and use those details to do a credit check on them this would increase your profile on your target as this may unlock, unpaid bills from missing or maybe there bills are up to date who knows.

Australian ABN Look Up

So you may have found the company or name of your target why not search if they have a ABN you may find some interesting details thats free and open source that could help you with your investigation or leads.

  • ABN Search - Trading names to continue to be displayed for a further five years, ABN Lookup will continue to display trading names for a further five years until 31 October 2023.

Report Generators

So now after you have so much information on your target you can use these report generator programs to do it automation or atleast assist you with generating a report at a fast rate, develop a report using these.

  • Canva - An engaging report is all about presenting your information clearly and beautifully. It could be an annual company report, sales report, budget report, expense report; even a white paper.
  • Reportivo - Upload the data for your report in Excel or CSV format.
  • Bug Bounty Report Generator - A quick tool for generating quality bug bounty reports.

VPN Services

Below will be well known VPN Services to keep you annonymous online and to ensure you cannot be tracked by hackers or others especially when browsing the dark web or scraping information from sites on the wider internet.

VPN Services

There are many other VPN Services this is just a handful look around find one that is right for you.

Dark Web Links

Support

Please Support me if this has helped you with OSINT Research or investigation by following me on Twitter or connecting with me on LinkedIn feel free to visit my site at Crimol. I hope this has helped with your investigation or OSINT or atleast given you ideas to where to start your search and the potential of open source intelligence that relates to the target.

@Sacha_Roussakis

@Sacha Roussakis-Notter