OSINT – Brian.Carnell.Com

Web-Check–Website OSINT Tool

Web-Check is a comprehensive OSINT tool for grabbing detailed information about any website. It’s nice to have this level of detail about a website available from a single source.

Get an insight into the inner-workings of a given website: uncover potential attack vectors, analyse server architecture, view security configurations, and learn what technologies a site is using.

Currently the dashboard will show: IP info, SSL chain, DNS records, cookies, headers, domain info, search crawl rules, page map, server location, redirect ledger, open ports, traceroute, DNS security extensions, site performance, trackers, associated hostnames, carbon footprint.

The tool can be self-hosted, and there is also a publicly available web version of the software.

Discovering If An Email Address Is Associated With A Google Account

For Google accounts, users can set up an alternate email address which Google explains can be used . . .

to sign in to your account. They can also be used to reach you in case you get locked out.

There is an odd feature about those alternate emails, however, which is buried in Google’s Account Help documentation–Google will, in some cases, publicly associate/reveal the alternate email address with the Google account.

When people might see your Gmail address instead of your alternate email address
When people share things with your alternate email address, they will sometimes see your primary Google Account email (Gmail) address listed instead. Some examples include:
– Google Docs: When someone shares content, like a document, with your alternate email address, your Gmail address will show instead of the alternate address.
– Google Sites: When someone shares a site with your alternate email address, your Gmail address will show instead of your alternate address.
– Calendar: When you respond to invitations forwarded from your alternate address, the event organizer will see the responses come from your Gmail address.
– Google Keep: When someone shares a note with your alternate email address, your Gmail address will show instead of your alternate address.
– Google Groups: If you remove an alternate email address that was part of a group, your Gmail address might show up instead.
– Google Ads: When you accept an invitation to use a Google Ads account with your alternate email address, your Gmail address and your alternate email address will show on the account access page.

This post at subfn.net notes that it is possible to use Google Analytics to determine if a given email address is an alternate email for any Google account.

1. Log into Google Analytics

2. Navigate to Admin > Account User Management > Add user

3. At this point, enter an email address. If the email is a backup email of a Google account, the primary Google email (e.g. the Google login email) will be disclosed

This seems like something that Google should make a lot clearer to users adding alternate emails.

Python Script to Download YouTube Comments Without the YouTube API

Egbert Bouman has a YouTube Comment Downloader script hosted on a Github repository that will download YouTube comments for a specific ID without using the YouTube API.

Saveddit–Open Source Bulk Downloader for Reddit

Saveddit is an open source tool to bulk download media and comments from Reddit.

SocialPath–Open Source OSINT Tool to Track Username Reuse

SocialPath is an open-source intelligence tool designed to track usernames across social media.

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit and Stackoverflow. Collected data is sorted according words frequency, hashtags, timeline, mentions, similar accounts and presented as charts with the help of D3js. This technique allows me to track darknet users who does not use unique nicknames.

This sounds kind of crazy, right? I mean, if you were engaged in illegal activity or wanted to remain anonymous, using the same or similar usernames on various social media platforms would seem to be an obvious no-no.

And yet, sometimes these folks aren’t the brightest, or they need to use similar usernames to signal to potential collaborators that the Twitter and Reddit profile are reputationally identical.

On the defensive side, if you absolutely must use social media, it is probably best to start generating random usernames to avoid automated attacks like this.

As the SocialPath creator puts it,

From obvious reason I won’t publish results of my research but you can repeat it by yourself. When engaging in illegal activity on darknet, one should remember to treat their username as already compromised and should not share it across different services or even mention about it anywhere. Reality is often different and criminals get caught very often because of that mistake. SocialPath shows that it’s not hard to create this kind of app by anyone hence LE has more powerful tools, real time monitoring and bigger database including dumps from previous seized markets.

Null Byte Video on OSINT Browser Extension Mitaka

There’s also an accompanying article on the Null Byte website about using the OSINT-oriented browser extension Mitaka.