TJ-OSINT-Notebook-v1.jex

082562ba794843dbb2a6307b8c983101.md000644 0000002271 14336061324012304 0ustar00000000 000000 Dark Web

# General Notes
- https://github.com/fastfire/deepdarkCTI
- https://www.osintcombine.com/post/dark-web-searching

# Sub Reddits
- https://www.reddit.com/r/darknet/
- https://www.reddit.com/r/TOR/
- https://www.reddit.com/r/onions/
- https://reddit.com/r/DarkWebDread

# News/Information Sites
- Darknetlive: https://darknetlive.com/
- Darknet stats: https://www.darknetstats.com/
- DNStats: https://dnstats.net/
- The Daily Swig: https://portswigger.net/daily-swig/dark-web
- DarknetOne: https://darknetone.com/
- DarknetMarkets: https://www.darknetmarkets.com/




id: 082562ba794843dbb2a6307b8c983101
parent_id: 66ad12d80e514ed2858f35c2c5ad0d0e
created_time: 2022-06-27T15:26:17.224Z
updated_time: 2022-06-27T19:28:29.458Z
is_conflict: 0
latitude: 34.74648090
longitude: -92.28959480
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1665859587635
user_created_time: 2022-06-27T15:26:17.224Z
user_updated_time: 2022-06-27T19:28:29.458Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 108ccf2a382e1431f8fc8aef81bf7f3a7.md000644 0000002513 14336061324013036 0ustar00000000 000000 Other Resources

## Places to learn more about OSINT
- https://www.overtoperator.com/s/daily-intel-brief
- https://www.maltego.com/blog/top-osint-infosec-resources-for-you-and-your-team/

## Image-Based OSINT Investigations Tips & Techniques:
- https://www.skopenow.com/resource-center/image-based-osint-investigations-tips-techniques

## Telegram
- Telegram OSINT References: https://github.com/Ginsberg5150/Discord-and-Telegram-OSINT-references

## Books
- Open Source Intelligence Techniques: https://inteltechniques.com/book1.html
- Open Source Intelligence Handbook: https://i-intelligence.eu/uploads/public-documents/OSINT_Handbook_2020.pdf
- Nowhere To Hide: https://www.danielfarberhuang.com/nowheretohidedownload

id: 08ccf2a382e1431f8fc8aef81bf7f3a7
parent_id: 66ad12d80e514ed2858f35c2c5ad0d0e
created_time: 2022-09-12T04:26:44.027Z
updated_time: 2022-11-18T08:07:44.283Z
is_conflict: 0
latitude: 0.00000000
longitude: 0.00000000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 829829100801.25
user_created_time: 2022-09-12T04:26:44.027Z
user_updated_time: 2022-11-18T08:07:44.283Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 113ca7acfa30342c4a3271ebd5398e833.md000644 0000004155 14336061324012576 0ustar00000000 000000 Main Template

# Template Breakdown 

# Summary Overview

Describe the case of this subject and why they are a interest to your assignment?

# Personal Information: 

- Full Name: 
- Alias Names/Handles: 
- Age:
- Address:
- Height/Weight:
- Gender: 
- Birth Date:
- Single/Married: 
- Forms of Identification: 
- Vehicle Information (Make, Year, Color, License): 

# Social Media: 

- Facebook:
- Twitter:
- Instagram:
- Vysco:
- Snapchat: 
- TikTok: 
- Tumblr:
- PinInterest:
- Telegram:
- Signal:
- Vk: 
- Reddit: 
- Craiglist: 
- Kijiji: 
- ebay:
- wechat:
- kik:

# Other accounts/handles: 
- Gamer Handles:
- Blog Posts: 
- Forum profiles:

# Work/Careers: 

- Linkedin:
- Company Name:
- Job Description:  
- Start/End Date: 
- Work Email: 
- Work Phone Number: 
- Work Address: 

- Interesting comments from employees: 

# Home/Place of Living: 
- Address: 
- Noticeable Habits: 

## Owns the Home/Place: 
- Information/Tips from the neighbors: 
- Any Issues in the area?

## Lives in a rental place: 

- Landlords Name: 
- Landlords Phone Number:
- Information/Tips from other tenants:
- Any Issues in the Area?

# Other Information about the Person: 
- Unique Identifiers (Tattos, scars, piercings/jewlery):
- Habits (Smoking, Drinking, Hitch Hiking, Hangouts, Gang Affliation):
- Tips/Other information where the subject may be headed: 
- History of the person missing in the past: 

# Technical Information/Devices: 
- Device: 
- Brand/Modfel: 
- Carrier: 
- ISP: 
- IP Addresses:
- Accounts involved in a breach:

id: 13ca7acfa30342c4a3271ebd5398e833
parent_id: e6223dc485394d7db5c0d870fa13fd63
created_time: 2020-12-06T03:19:20.263Z
updated_time: 2022-11-18T05:37:36.947Z
is_conflict: 0
latitude: 0.00000000
longitude: 0.00000000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1641090699181
user_created_time: 2020-12-06T03:19:20.263Z
user_updated_time: 2022-11-18T05:37:36.947Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 116ac71d2552744ce9b56bb5cce16f2dd.md000644 0000022360 14336061324012747 0ustar00000000 000000 Search Engines

# General Search Engines: 

- [Intel Techniques Search Engine Tool](https://inteltechniques.com/tools/Search.html)

### General Search Engines
- [Google](https://www.google.com/)
- [Bing](https://www.bing.com/)
- [Yahoo!](http://www.yahoo.com/)
- [Yandex](https://yandex.com/)


### Servers
- [Shodan](https://shodan.io) - Search Engine for the Internet of Everything
- [Criminal IP](https://www.criminalip.io/)
- [Censys](https://censys.io/)
- [Onyphe.io](https://www.onyphe.io/)
- [ZoomEye](https://www.zoomeye.org/)
- [GreyNoise](https://viz.greynoise.io/)
- [Natlas](https://natlas.io/)
- [FOFA](https://fofa.info/)
- [criminalip.io](https://www.criminalip.io/)
- [LeakIX](https://leakix.net/)
- [Netlas](https://app.netlas.io/responses/)


### Public Files

- [Archie](http://archie.icm.edu.pl/) - Search for files in Public FTP Servers
- [Grayhatwarefare](https://buckets.grayhatwarfare.com/) - Search for files in public AWS S3 buckets


### Vulnerabilities
- [NIST NVD](https://nvd.nist.gov/vuln/search)
- [MITRE CVE](https://cve.mitre.org/cve/search_cve_list.html)
-  [Exploit-DB](https://www.exploit-db.com/)
- [osv.dev](https://osv.dev/list) - Open Source Vulnerabilities
- [Vulners.com](https://vulners.com/)
- [security.snyk.io](https://security.snyk.io/)
- [Rapid7 - DB](https://www.rapid7.com/db/)
- [CVEDetails](https://www.cvedetails.com/)
- [VulnIQ](https://vulniq.com/)
- [SynapsInt](https://synapsint.com/)


### Exploits
- [Exploit-DB](https://www.exploit-db.com/)
- [Shodan Exploits](https://exploits.shodan.io/)
- [Sploitus](https://sploitus.com/)
- [Rapid7 - DB](https://www.rapid7.com/db/)


### Attack Surface
- [FullHunt.io](https://fullhunt.io/)
- [BinaryEdge](https://www.binaryedge.io/)
- [RedHunt Labs](https://redhuntlabs.com/)
- [SecurityTrails](https://securitytrails.com/)
- [Binary Edge](https://app.binaryedge.io/login)

### Code Search Engines
- [GitHub Code Search](https://cs.github.com/)
- [grep.app](https://grep.app/)
- [publicwww.com](https://publicwww.com/)
- [SearchCode](https://searchcode.com/)
- [NerdyData](https://www.nerdydata.com/)
- [RepoSearch](http://codefinder.org/)


### Mail addresses
- [Hunter.io](https://hunter.io/)
- [PhoneBook](https://phonebook.cz/)
- [IntelligenceX](https://intelx.io/)
- [Reacher.email](https://reacher.email/)
- [RocketReach](https://rocketreach.co/)
- [email-format.com](https://www.email-format.com/)
- [EmailHippo](https://tools.emailhippo.com/)
- [ThatsThem](https://thatsthem.com/reverse-email-lookup) - Reverse email lookup
- [verify-email.org](https://verify-email.org/)
- [Melissa - Emailcheck](https://www.melissa.com/v2/lookups/emailcheck/email/)
- [VoilaNorbert](https://www.voilanorbert.com/)
- [SynapsInt](https://synapsint.com/)
- [skymem.info](http://www.skymem.info/)


### Domains
- [PhoneBook](https://phonebook.cz/)
- [IntelligenceX](https://intelx.io/)
- [Omnisint](https://omnisint.io/subdomain-enumeration) - Subdomain enumeration
- [Riddler](https://riddler.io/)
- [RobTex](https://www.robtex.com/)
- [CentralOps - DomainDossier](https://centralops.net/co/DomainDossier.aspx)
- [DomainIQ](https://www.domainiq.com/)
- [whois.domaintools.com](https://whois.domaintools.com/)
- [grayhatwarfare.com - domains](https://shorteners.grayhatwarfare.com/domains)
- [whoisology.com](https://whoisology.com/)
- [who.is](https://who.is/)
- [pentest-tools.com](https://pentest-tools.com/information-gathering/find-subdomains-of-domain)
- [BuiltWith](https://builtwith.com/)
- [MoonSearch](http://moonsearch.com/)
- [sitereport.netcraft.com](https://sitereport.netcraft.com/)
- [SynapsInt](https://synapsint.com/)
- [statscrop.com](https://www.statscrop.com/)
- [securityheaders.com](https://securityheaders.com/)
- [visualsitemapper.com](http://www.visualsitemapper.com/)
- [similarweb.com](https://www.similarweb.com/)
- [buckets.grayhatwarfare.com](https://buckets.grayhatwarfare.com/) - Public buckets
- [C99.nl](https://api.c99.nl/)


### URLs
- [PhoneBook](https://phonebook.cz/)
- [IntelligenceX](https://intelx.io/)
- [URLScan](https://urlscan.io/)
- [HackerTarget](https://hackertarget.com/ip-tools/)
- [MOZ Link Explorer](https://moz.com/link-explorer)
- [spyonweb.com](https://spyonweb.com/)
- [shorteners.grayhatwarfare.com](https://shorteners.grayhatwarfare.com/)


### DNS
- [DNSDumpster](https://dnsdumpster.com/)
- [RapidDNS](https://rapiddns.io/)
- [DNSdb](https://docs.farsightsecurity.com/#dnsdb)
- [Omnisint](https://omnisint.io/reverse-dns-lookup) - Reverse DNS lookup
- [HackerTarget](https://hackertarget.com/ip-tools/)
- [passivedns.mnemonic.no](https://passivedns.mnemonic.no/)
- [ptrarchive.com](http://ptrarchive.com/)
- [dnshistory.org](http://dnshistory.org/)
- [DNSTwister](https://dnstwister.report/)
- [DNSviz](https://dnsviz.net/)
- [C99.nl](https://api.c99.nl/)


### Certificates
- [Crt.sh](https://crt.sh/)
- [CTSearch](https://ui.ctsearch.entrust.com/ui/ctsearchui)
- [TLS.BufferOver.run](https://tls.bufferover.run/)
- [CertSpotter](https://sslmate.com/certspotter/)
- [SynapsInt](https://synapsint.com/)
- [Censys - Certificates](https://search.censys.io/certificates)


### WiFi networks
- [Wigle.net](https://wigle.net/)


### Credentials
- [Have I Been Pwned](https://haveibeenpwned.com/)
- [Dehashed](https://www.dehashed.com/)
- [Leak-Lookup](https://leak-lookup.com/)
- [Snusbase](https://snusbase.com/)
- [LeakCheck.io](https://leakcheck.io/)
- [crackstation.net](https://crackstation.net/)
- [breachdirectory.org](https://breachdirectory.org/)
- [Intel Techniques Breach Tool](https://inteltechniques.com/tools/Breaches.html)

### Social Networks

These can be useful for osint and social engineering.

- [Facebook](https://www.facebook.com/)
- [Intel Techniques Facebook Tool](https://inteltechniques.com/tools/Facebook.html)
- [Instagram](https://www.instagram.com/)
- [Intel Techniques Instagram Tool](https://inteltechniques.com/tools/Instagram.html)
- [YouTube](https://www.youtube.com/)
- [Twitter](https://twitter.com/)
- [Intel Techniques Twitter Tool](https://inteltechniques.com/tools/Twitter.html)
- [LinkedIn](https://www.linkedin.com/)
- [Intel Techniques Linkedin Tool](https://inteltechniques.com/tools/Linkedin.html)
- [Reddit](https://new.reddit.com/)
- [Pinterest](https://www.pinterest.com/)
- [Tumblr](https://www.tumblr.com/)
- [Flickr](https://www.flickr.com/)
- [SnapChat](https://www.snapchat.com/)
- [Whatsapp](https://www.whatsapp.com/)
- [Quora](https://www.quora.com/)
- [TikTok](https://www.tiktok.com/)
- [Vimeo](https://vimeo.com/)
- [Medium](https://medium.com/)
- [WeChat](https://www.wechat.com/)
- [VK](https://vk.com/)
- [Weibo](https://weibo.com/)
- [Tinder](https://tinder.com/)
- [WhatsMyName](https://whatsmyname.app/)

### Phone numbers
- [RocketReach](https://rocketreach.co/)
- [NumLookup](https://www.numlookup.com/)
- [WhitePages](https://www.whitepages.com/)
- [National Cellular Directory](https://www.nationalcellulardirectory.com/)
- [Phone Validator](https://www.phonevalidator.com/)
- [Free Carrier Lookup](https://freecarrierlookup.com/)
- [sync.me](https://sync.me/)
- [EmobileTracker](https://www.emobiletracker.com/)
- [SpyDialer](https://spydialer.com/)
- [Reverse Phone Lookup](https://www.reversephonelookup.com/)
- [ThatsThem](https://thatsthem.com/reverse-phone-lookup) - Reverse phone lookup
- [thisnumber.com](https://www.thisnumber.com/)
- [usphonebook.com](https://www.usphonebook.com/)
- [truecaller.com](https://www.truecaller.com/)
- [truepeoplesearch.com](https://www.truepeoplesearch.com/#)
- [SynapsInt](https://synapsint.com/)
- [C99.nl](https://api.c99.nl/)


### Threat Intelligence
- [PulseDive](https://pulsedive.com/)
- [ThreatCrowd](https://threatcrowd.org/)
- [ThreatMiner](https://www.threatminer.org/)
- [VirusTotal](https://www.virustotal.com/)
- [Rescure](https://rescure.me/)
- [otx.alienvault](https://otx.alienvault.com/)
- [urlquery.net](https://urlquery.net/)
- [bazaar.abuse.ch](https://bazaar.abuse.ch/browse/)
- [feodotracker.abuse.ch](https://feodotracker.abuse.ch/browse/)
- [sslbl.abuse.ch](https://sslbl.abuse.ch/ssl-certificates/)
- [urlhaus.abuse.ch](https://urlhaus.abuse.ch/browse/)
- [threatfox.abuse.ch](https://threatfox.abuse.ch/browse/)


### Web History
- [Web Archive](https://web.archive.org/)
- [Archive.ph](https://archive.ph/)
- [Archive.is](https://archive.is/)
- [CachedPages](http://www.cachedpages.com/)
- [stored.website](https://stored.website/)
- [CommonCrawl](https://commoncrawl.org/)


### Uncategorized
- [Spyse](https://spyse.com/)
- [NetoGraph](https://netograph.io/)
- [DNS.BufferOver.run](https://dns.bufferover.run/)
- [Chaos](https://chaos.projectdiscovery.io/#/)
- [PassiveTotal](https://api.passivetotal.org/)


References:
- https://osintframework.com/
- https://github.com/edoardottt/awesome-hacker-search-engines/blob/main/README.md

id: 16ac71d2552744ce9b56bb5cce16f2dd
parent_id: 51c0b6c8691f4a4db4fb8283ecb40b58
created_time: 2022-06-27T14:21:51.901Z
updated_time: 2022-09-12T18:04:37.204Z
is_conflict: 0
latitude: 34.74648090
longitude: -92.28959480
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1656339711901
user_created_time: 2022-06-27T14:21:51.901Z
user_updated_time: 2022-09-12T18:04:37.204Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 12e0cd2b39e5f49ef98c086209a048875.md000644 0000004241 14336061324012474 0ustar00000000 000000 Main Template

# Template Breakdown: 

# Summary Overview
- Summary about the company. 

# Leadership: 

## List out the directors/leaders that operate the company:

(copy and paste the bullets if multiple people are identified)
- Name: 
- Role: 
- Email:
- Phone Number: 
- Address: 
- Executives/Leadership:
- Employees that work under them: 
- Social Media: 

# Corporate Locations:

## Headquarters:
-

## Offices/Facilities of Interest: 
-

# Social Media Precensce:

## List company social media presences that the company uses:
-

# Job postings: 

## List the current job postings that the company is offering that could show a value of interest:
-

# Companies technical systems/assets:

## List systems that are found publicly that may be operated/managed by the company:

- Citrix Remote Access:
- SSL/VPN Gateways:
- Email Gateways (Office 365, Hosted Exchange, Gmail):
- Identity Providers (Azure, GSuite):
- External Identity:
- External User Access Portals:
- Public Websites:
- IP Addressing:
- Cloud Providers:
- Hosting Providers:
- SAAS Systems:

# Recent cases of the company being involved in certain incidents:

## General Incidents: 
-

## Technical Incidents 
-

# Relevant People of Interest: 

## List people that could be of interest to the case
-

# Third Party Suppliers/Supply Chain Companies: 

## Main Subsidaries:
-

# Other Related Companies:
- 

## Competitors: 
-

# Analyst notes: 

## Sensitive data or documents found through public websites or dark web/breaches:

## Email addresses found through search engines:


## Leaked Credentials:

id: 2e0cd2b39e5f49ef98c086209a048875
parent_id: 96cd33181ac446419b2cbefec51c0739
created_time: 2020-12-04T01:22:38.806Z
updated_time: 2022-11-18T05:22:30.020Z
is_conflict: 0
latitude: 0.00000000
longitude: 0.00000000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1627530699569
user_created_time: 2020-12-04T01:22:38.806Z
user_updated_time: 2022-11-18T05:22:30.020Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 133fa54146da947f68099687eb461a0eb.md000644 0000004632 14336061324012473 0ustar00000000 000000 Dark Web

# Notes:

Links on the TOR network will constantly change. 

# Finding the latest onion links:

- https://thehiddenwiki.org/
- https://dark.fail/
- https://onionlandsearchengine.com/

# Search Engines
Onion Live: https://onion.live/
Ahmia: http://juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion/
http://msydqstlz2kzerdg.onion
Ahmia (Public Site): https://ahmia.fi/
Abiko: http://abikogailmonxlzl.onion   
Darksearch.io: http://darkschn4iw2hxvpv2vy2uoxwkvs2padb56t3h4wqztre6upoc5qwgid.onion
Haystack:	http://haystak5njsmn2hqkewecpaxetahtwhsbsa64jom2k22z5afxhnpxfid.onion/
http://haystakvxad7wbk5.onion
Torch: http://torch4st4l57l2u2vr5wqwvwyueucvnrao4xajqr2klmcmicrv7ccaad.onion/
tor66: http://tor66sewebgixwhcqfnp5inzp5x5uohhdy3kvtnyfxc2e5mxiuh34iid.onion/	
OnionLand: http://3bbad7fauom4d6sgppalyqddsqbf5u5p56b5k5uk2zxsy3d6ey2jobad.onion/
http://3bbaaaccczcbdddz.onion
Kilos: http://mlyusr6htlxsyc7t2f4z53wdxh3win7q3qpxcrbam6jf3dmua7tnzuyd.onion/
Phobos: http://phobosxilamwcg75xt22id7aywkzol6q6rfl2flipcqoc4e4ahima5id.onion/
Recon: http://recon222tttn4ob7ujdhbn3s4gjre7netvzybuvbq2bcqwltkiqinhad.onion/


## V2 Onion Links
Quo: http://quosl6t6c64mnn7d.onion/
tor77: http://tor77orrbgejplwp.onion 
NotEvil: http://hss3uro2hsxfogfq.onion   
Searx: http://searx7gwtu5rh6wr.onion  
Sindbad: http://sinbad66644fr5lq.onion   
Caronte: http://carontevaha5x626.onion   
Dark Matter: http://dark23456yyx57ny.onion   
OnionSearch: http://5u56fjmxu63xcmbk.onion   
Gibberfish: http://o2jdk5mdsijm2b7l.onion   
Pickle: http://k65nsnwos76xfwsj.onion   

# Public Search Engines for Tor:
- https://onion.live/

## Monitoring for new search urls:

- https://www.hunch.ly/darkweb-osint/
- http://jncyepk6zbnosf4p.onion/onions.html
- http://tor66sewebgixwhcqfnp5inzp5x5uohhdy3kvtnyfxc2e5mxiuh34iid.onion/fresh





id: 33fa54146da947f68099687eb461a0eb
parent_id: 51c0b6c8691f4a4db4fb8283ecb40b58
created_time: 2022-06-27T14:57:57.357Z
updated_time: 2022-11-19T04:35:01.875Z
is_conflict: 0
latitude: 34.74648090
longitude: -92.28959480
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1656355744887
user_created_time: 2022-06-27T14:57:57.357Z
user_updated_time: 2022-11-19T04:35:01.875Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 13a4d05e63db04fc4b76cc7e4903625fe.md000644 0000000554 14336061324012672 0ustar00000000 000000 Sock Accounts

id: 3a4d05e63db04fc4b76cc7e4903625fe
created_time: 2021-07-27T03:55:41.611Z
updated_time: 2022-11-12T22:34:29.656Z
user_created_time: 2021-07-27T03:55:41.611Z
user_updated_time: 2021-07-27T03:55:41.611Z
encryption_cipher_text: 
encryption_applied: 0
parent_id: 90987d9954be415d89fe7cc093c5f8c9
is_shared: 0
share_id: 
master_key_id: 
icon: 
type_: 23a5cb99f707b4a0fb90fe277c98ea4d2.md000644 0000001671 14336061324012767 0ustar00000000 000000 Searching the Internet

# Site References
- Mastering Google Search Operators: https://www.moz.com/mastering-google-search-operators-in-67-steps

# Talks
- https://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf

# Books: 
- https://www.amazon.com/Google-Hacking-Penetration-Testers-Johnny/dp/1597491764



id: 3a5cb99f707b4a0fb90fe277c98ea4d2
parent_id: 66ad12d80e514ed2858f35c2c5ad0d0e
created_time: 2020-12-07T04:52:07.607Z
updated_time: 2022-11-18T07:48:32.051Z
is_conflict: 0
latitude: 0.00000000
longitude: 0.00000000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1659658201602.5
user_created_time: 2020-12-07T04:52:07.607Z
user_updated_time: 2022-11-18T07:48:32.051Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 13bbd231305eb471ab904aa9b9d324124.md000644 0000033724 14336061324012506 0ustar00000000 000000 Hunting for ICS/SCADA Systems


# Using Shodan Website Filters: 

1. Search organization IP range: net:x.x.x.x/y
2. Search by organization name: org:”name”
3. Search by IP : x.x.x.x
4. Search by city: city:”name of city”
5. Search by webpage title: title:”text here”
6. Search for common remote access: port:"3389"

# Common Ports for ICS SCADA Deveices

## Standard Protocol Ports

The standard protocol ports table lists the ports for protocols that are considered industry standards and are used be multiple vendors.

| Protocol                |                 Ports                  |
| ----------------------- | :------------------------------------: |
| BACnet/IP               |               UDP/47808                |
| DNP3                    |          TCP/20000, UDP/20000          |
| EtherCAT                |               UDP/34980                |
| Ethernet/IP             |     TCP/44818, UDP/2222, UDP/44818     |
| FL-net                  |           UDP/55000 to 55003           |
| Foundation Fieldbus HSE |   TCP/1089 to 1091, UDP/1089 to 1091   |
| ICCP                    |                TCP/102                 |
| Modbus TCP              |                TCP/502                 |
| OPC UA Binary           |      Vendor Application Specific       |
| OPC UA Discovery Server |                TCP/4840                |
| OPC UA XML              |            TCP/80, TCP/443             |
| PROFINET                | TCP/34962 to 34964, UDP/34962 to 34964 |
| ROC PLus                |              TCP/UDP 4000              |

## Vendor Specific Ports

The vendor specific ports tables lists ports that are used by only one or a small number of vendors. These protocols are usually unpublished and proprietary.

| Vendor           |    Product or Protocol    |                                                                                                                                                                             Ports                                                                                                                                                                             |
| ---------------- | :-----------------------: | :-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: |
| ABB              |        Ranger 2003        |                  TCP/10307, TCP/10311, TCP/10364 to 10365, TCP/10407, TCP/10409 to 10410, TCP/10412, TCP/10414 to 10415, TCP/10428, TCP/10431 to 10432, TCP/10447, TCP/10449 to 10450, TCP/12316, TCP/12645, TCP/12647 to 12648, TCP/13722, TCP/13724, TCP/13782 to 13783, TCP/38589, TCP/38593, TCP/38600, TCP/38971, TCP/39129, TCP/39278                   |
| Emerson / Fisher |         ROC Plus          |                                                                                                                                                                         TCP/UDP/4000                                                                                                                                                                          |
| Foxboro/Invensys |    Foxboro DCS FoxApi     |                                                                                                                                                                         TCP/UDP/55555                                                                                                                                                                         |
| Foxboro/Invensys |    Foxboro DCS AIMAPI     |                                                                                                                                                                         TCP/UDP/45678                                                                                                                                                                         |
| Foxboro/Invensys |   Foxboro DCS Informix    |                                                                                                                                                                         TCP/UDP/1541                                                                                                                                                                          |
| Iconics          | Genesis32 GenBroker (TCP) |                                                                                                                                                                           TCP/18000                                                                                                                                                                           |
| Johnson Controls |        Metasys N1         |                                                                                                                                                                         TCP/UDP/11001                                                                                                                                                                         |
| Johnson Controls |      Metasys BACNet       |                                                                                                                                                                           UDP/47808                                                                                                                                                                           |
| OSIsoft          |         PI Server         |                                                                                                                                                                           TCP/5450                                                                                                                                                                            |
| Siemens          |     Spectrum Power TG     |                                                                                                                              TCP/50001 to 50016, TCP/50018 to 50020, UDP/50020 to 50021, TCP/50025 to 50028, TCP/50110 to 50111                                                                                                                               |
| SNC              |           GENe            | TCP/38000 to 38001, TCP/38011 to 38012, TCP/38014 to 38015, TCP/38200, TCP/38210, TCP/38301, TCP/38400, TCP/38700, TCP/62900, TCP/62911, TCP/62924, TCP/62930, TCP/62938, TCP/62956 to 62957, TCP/62963, TCP/62981 to 62982, TCP/62985, TCP/62992, TCP/63012, TCP/63027 to 63036, TCP/63041, TCP/63075, TCP/63079, TCP/63082, TCP/63088, TCP/63094, TCP/65443 |
| Telvent          |         OASyS DNA         |                                                                                                                                         UDP/5050 to 5051, TCP/5052, TCP/5065, TCP/12135 to 12137, TCP/56001 to 56099                                                                                                                                          |
| OMRON          |         FINS communication protocol         |                                                                                                                                                                           TCP/UDP/9600

## All Control System Ports Sorted By Port Number

The control system ports table combines the previous two tables and sorts the entries by port number.

| Protocol           |                 Ports                 |
| ------------------ | :-----------------------------------: |
| TCP/502            |              Modbus TCP               |
| TCP/UDP/1089       |        Foundation Fieldbus HSE        |
| TCP/UDP/1090       |        Foundation Fieldbus HSE        |
| TCP/UDP/1091       |        Foundation Fieldbus HSE        |
| TCP/UDP/1541       | Foxboro/Invensys Foxboro DCS Informix |
| UDP/2222           |              EtherNet/IP              |
| TCP/3480           |        OPC UA Discovery Server        |
| TCP/UDP/4000       |        Emerson/Fisher ROC Plus        |
| UDP/5050 to 5051   |           Telvent OASyS DNA           |
| TCP/5052           |           Telvent OASyS DNA           |
| TCP/5065           |           Telvent OASyS DNA           |
| TCP/5450           |           OSIsoft PI Server           |
| TCP/UDP/9600       |           OMRON FINS protocol         |    
| TCP/10307          |            ABB Ranger 2003            |
| TCP/10311          |            ABB Ranger 2003            |
| TCP/10364 to 10365 |            ABB Ranger 2003            |
| TCP/10407          |            ABB Ranger 2003            |
| TCP/10409 to 10410 |            ABB Ranger 2003            |
| TCP/10412          |            ABB Ranger 2003            |
| TCP/10414 to 10415 |            ABB Ranger 2003            |
| TCP/10428          |            ABB Ranger 2003            |
| TCP/10431 to 10432 |            ABB Ranger 2003            |
| TCP/10447          |            ABB Ranger 2003            |
| TCP/10449 to 10450 |            ABB Ranger 2003            |
| TCP/12316          |            ABB Ranger 2003            |
| TCP/12645          |            ABB Ranger 2003            |
| TCP/12647 to 12648 |            ABB Ranger 2003            |
| TCP/13722          |            ABB Ranger 2003            |
| TCP/UDP/11001      |      Johnson Controls Metasys N1      |
| TCP/12135 to 12137 |           Telvent OASyS DNA           |
| TCP/13724          |            ABB Ranger 2003            |
| TCP/13782 to 13783 |            ABB Ranger 2003            |
| TCP/18000          |   Iconic Genesis32 GenBroker (TCP)    |
| TCP/UDP/20000      |                 DNP3                  |
| TCP/UDP/34962      |               PROFINET                |
| TCP/UDP/34963      |               PROFINET                |
| TCP/UDP/34964      |               PROFINET                |
| UDP/34980          |               EtherCAT                |
| TCP/38589          |            ABB Ranger 2003            |
| TCP/38593          |            ABB Ranger 2003            |
| TCP/38000 to 38001 |               SNC GENe                |
| TCP/38011 to 38012 |               SNC GENe                |
| TCP/38014 to 38015 |               SNC GENe                |
| TCP/38200          |               SNC GENe                |
| TCP/38210          |               SNC GENe                |
| TCP/38301          |               SNC GENe                |
| TCP/38400          |               SNC GENe                |
| TCP/38600          |            ABB Ranger 2003            |
| TCP/38700          |               SNC GENe                |
| TCP/38971          |            ABB Ranger 2003            |
| TCP/39129          |            ABB Ranger 2003            |
| TCP/39278          |            ABB Ranger 2003            |
| TCP/UDP/44818      |              EtherNet/IP              |
| TCP/UDP/45678      |  Foxboro/Invensys Foxboro DCS AIMAPI  |
| UDP/47808          |               BACnet/IP               |
| TCP/50001 to 50016 |       Siemens Spectrum Power TG       |
| TCP/50018 to 50020 |       Siemens Spectrum Power TG       |
| UDP/50020 to 50021 |       Siemens Spectrum Power TG       |
| TCP/50025 to 50028 |       Siemens Spectrum Power TG       |
| TCP/50110 to 50111 |       Siemens Spectrum Power TG       |
| UDP/55000 to 55002 |           FL-net Reception            |
| UDP/55003          |          FL-net Transmission          |
| TCP/UDP/55555      |  Foxboor/Invensys Foxboro DCS FoxAPI  |
| TCP/56001 to 56099 |           Telvent OASyS DNA           |
| TCP/62900          |               SNC GENe                |
| TCP/62911          |               SNC GENe                |
| TCP/62924          |               SNC GENe                |
| TCP/62930          |               SNC GENe                |
| TCP/62938          |               SNC GENe                |
| TCP/62956 to 62957 |               SNC GENe                |
| TCP/62963          |               SNC GENe                |
| TCP/62981 to 62982 |               SNC GENe                |
| TCP/62985          |               SNC GENe                |
| TCP/62992          |               SNC GENe                |
| TCP/63012          |               SNC GENe                |
| TCP/63027 to 63036 |               SNC GENe                |
| TCP/63041          |               SNC GENe                |
| TCP/63075          |               SNC GENe                |
| TCP/63079          |               SNC GENe                |
| TCP/63082          |               SNC GENe                |
| TCP/63088          |               SNC GENe                |
| TCP/63094          |               SNC GENe                |
| TCP/65443          |               SNC GENe                |

# Looking at Traffic Analysis:

## ICS/SCADA PCAP Samples: 
- https://github.com/ITI/ICS-Security-Tools/tree/master/pcaps

## Wireshark
Always review the statistics. Check the following: 
- Endpoints
- Protocols
-  Conversations


# References: 
- https://www.linkedin.com/pulse/osint-tips-icsscada-assessment-strategy-ashwani-kumar
- https://github.com/ITI/ICS-Security-Tools/blob/master/protocols/PORTS.md
- https://www.offensiveosint.io/offensive-osint-s04-e03-tracking-internet-facing-industrial-control-system-devices-with-kamerka-lite/

id: 3bbd231305eb471ab904aa9b9d324124
parent_id: 8166c2cb2ed54ecbbada07441e427fea
created_time: 2022-11-18T07:55:54.162Z
updated_time: 2022-11-18T08:06:45.528Z
is_conflict: 0
latitude: 0.00000000
longitude: 0.00000000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 0
user_created_time: 2022-11-18T07:55:54.162Z
user_updated_time: 2022-11-18T08:06:45.528Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 13e6844734f73490ebccc3048d293af2e.md000644 0000000562 14336061324012542 0ustar00000000 000000 Missing Person Case

id: 3e6844734f73490ebccc3048d293af2e
created_time: 2020-10-19T01:18:07.512Z
updated_time: 2020-10-19T01:18:07.512Z
user_created_time: 2020-10-19T01:18:07.512Z
user_updated_time: 2020-10-19T01:18:07.512Z
encryption_cipher_text: 
encryption_applied: 0
parent_id: 93c15daf2f4c486fb2f14ed7bf85bff5
is_shared: 0
share_id: 
master_key_id: 
icon: 
type_: 2400b72fc58084fc697dcf153a3804f78.md000644 0000001612 14336061324012462 0ustar00000000 000000 Google Dorks for finding Various Online Devices

# Searching for Public Querys:
- https://www.exploit-db.com/google-hacking-database?category=13

# Pi-Hole Admin Dashboard: 
- 	intitle:"Pi-hole-ip" inurl:admin

# Cisco ASDM Devices:
- inurl:/admin/public/asdm.jnlp "ASDM on"

id: 400b72fc58084fc697dcf153a3804f78
parent_id: 8166c2cb2ed54ecbbada07441e427fea
created_time: 2022-09-12T02:39:47.851Z
updated_time: 2022-09-12T04:23:48.169Z
is_conflict: 0
latitude: 0.00000000
longitude: 0.00000000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1662950387851
user_created_time: 2022-09-12T02:39:47.851Z
user_updated_time: 2022-09-12T04:23:48.169Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 151c0b6c8691f4a4db4fb8283ecb40b58.md000644 0000000544 14336061324012671 0ustar00000000 000000 Sites

id: 51c0b6c8691f4a4db4fb8283ecb40b58
created_time: 2020-10-19T01:24:06.107Z
updated_time: 2022-06-08T01:10:08.089Z
user_created_time: 2020-10-19T01:24:06.107Z
user_updated_time: 2022-06-08T01:10:08.089Z
encryption_cipher_text: 
encryption_applied: 0
parent_id: 90987d9954be415d89fe7cc093c5f8c9
is_shared: 0
share_id: 
master_key_id: 
icon: 
type_: 2543ff1b66169453cac0931c55fcdb1ca.md000644 0000005330 14336061324012660 0ustar00000000 000000 Browser Extensions

# Joplin Web Clipper

The web clipper that allows you to clip web pages and take screenshots while you're browsing the internet. You can either save complete web pages or simplified versions of it.

To install Joplin's Web Clipper you need to run through the following setup.
1. In Joplin select "Tools" > Options
2. Go to the Web Clipper tab and follow the instructions to install the web clipper exstention for Google Chrome or Firefox.

# Google Chrome, Brave, Opera, and Microsoft Edge

## Note: All of these exstensions can be installed in these browsers because they are built off the same underlying technology as Google Chrome.

Better History: https://chrome.google.com/webstore/detail/better-history/

Instant Data Scraper: https://chrome.google.com/webstore/detail/instant-data-scraper/

Map Switcher: https://chrome.google.com/webstore/detail/map-switcher/

Privacy Badger: https://privacybadger.org/

RevEye Reverse Image Search: https://chrome.google.com/webstore/detail/reveye-reverse-image-sear/

Session Buddy: https://chrome.google.com/webstore/detail/session-buddy

Search by Image: https://chrome.google.com/webstore/detail/search-by-image/

U-Block Orgin: https://ublockorigin.com/

UnPaywall: https://chrome.google.com/webstore/detail/unpaywall/

User-Agent-Switcher: https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/

Vortimo: https://chrome.google.com/webstore/detail/vortimo-osint-tool/

Wayback Machine: https://chrome.google.com/webstore/detail/wayback-machine/

Wappalyzer: https://chrome.google.com/webstore/detail/wappalyzer-technology-pro/

# Firefox:

Wayback Machine: https://addons.mozilla.org/es/firefox/addon/wayback-machine_new/?target=_blank&rel=nofollow,noopener,noreferrer&target=_blank

Exif Viewer: https://addons.mozilla.org/es/firefox/addon/exif-viewer/?target=_blank&rel=nofollow,noopener,noreferrer&target=_blank

Sputnik: https://addons.mozilla.org/es/firefox/addon/sputnik-osint/

User Agent Switcher: https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher-revived/

Link Gopher: https://addons.mozilla.org/en-GB/firefox/addon/link-gopher/


id: 543ff1b66169453cac0931c55fcdb1ca
parent_id: 87bb11fb4c5e42d59249557f9c8b31ff
created_time: 2022-06-08T01:10:40.298Z
updated_time: 2022-11-18T09:05:18.447Z
is_conflict: 0
latitude: 39.04375670
longitude: -77.48744160
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1668755166394.5
user_created_time: 2022-06-08T01:10:40.298Z
user_updated_time: 2022-11-18T09:05:18.447Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 1588c8ced26e443ff81a28a790ae60cc1.md000644 0000001701 14336061324012676 0ustar00000000 000000 General Notes

# This is a placeholder to keep a track of the sock accounts you have created and have burned.


## Resources to help create your sock accounts: 
Profile Image Maker:

- https://thispersondoesnotexist.com/
- https://fakenamegenerator.com
- https://en.namefake.com/
- https://www.fakepersongenerator.com/fake-name-generator

id: 588c8ced26e443ff81a28a790ae60cc1
parent_id: 3a4d05e63db04fc4b76cc7e4903625fe
created_time: 2021-07-27T03:55:46.803Z
updated_time: 2022-06-08T01:09:10.940Z
is_conflict: 0
latitude: 40.56220000
longitude: -111.92970000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 0
user_created_time: 2021-07-27T03:55:46.803Z
user_updated_time: 2022-06-08T01:09:10.940Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 161be7949633e48ba93ad403cfb7bf79d.md000644 0000001415 14336061324012711 0ustar00000000 000000 Images/Screenshots Template

# Image #1:
- Where was the image found:
- Description of the image: 
-  Other details about the image:
-  EXIF Data:

id: 61be7949633e48ba93ad403cfb7bf79d
parent_id: e6223dc485394d7db5c0d870fa13fd63
created_time: 2021-07-29T04:34:40.740Z
updated_time: 2022-11-18T18:41:58.905Z
is_conflict: 0
latitude: 42.90740000
longitude: -78.81970000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1627530681345
user_created_time: 2021-07-29T04:34:40.740Z
user_updated_time: 2022-11-18T18:41:58.905Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 166ad12d80e514ed2858f35c2c5ad0d0e.md000644 0000000562 14336061324012662 0ustar00000000 000000 References/Articles

id: 66ad12d80e514ed2858f35c2c5ad0d0e
created_time: 2020-10-19T01:25:09.324Z
updated_time: 2020-10-19T01:25:14.464Z
user_created_time: 2020-10-19T01:25:09.324Z
user_updated_time: 2020-10-19T01:25:09.324Z
encryption_cipher_text: 
encryption_applied: 0
parent_id: 90987d9954be415d89fe7cc093c5f8c9
is_shared: 0
share_id: 
master_key_id: 
icon: 
type_: 276acc1833938495b9e16e882d3ded849.md000644 0000002242 14336061324012507 0ustar00000000 000000 ICS/SCADA

# Kamerka GUI
- https://github.com/woj-ciech/Kamerka-GUI

## Setup and Installation: 

```
sudo apt install redis redis-server
git clone https://github.com/woj-ciech/Kamerka-GUI/
pip3 install -r requirements.txt
python3 manage.py makemigrations
python3 manage.py migrate
python3 manage.py runserver
```

1. Execute this command in the main directory: ```celery worker -A kamerka --loglevel=info```
2.  Intialize Celery: ```celery --app kamerka worker```
3.  Karmerka should be running by going to the following URL: http://localhost:8000/

id: 76acc1833938495b9e16e882d3ded849
parent_id: 87bb11fb4c5e42d59249557f9c8b31ff
created_time: 2022-11-18T07:39:28.015Z
updated_time: 2022-11-18T07:55:45.122Z
is_conflict: 0
latitude: 0.00000000
longitude: 0.00000000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1668754025180.1562
user_created_time: 2022-11-18T07:39:28.015Z
user_updated_time: 2022-11-18T07:55:45.122Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 18166c2cb2ed54ecbbada07441e427fea.md000644 0000000555 14336061324013077 0ustar00000000 000000 Search Queries

id: 8166c2cb2ed54ecbbada07441e427fea
created_time: 2020-10-19T01:24:36.379Z
updated_time: 2022-11-19T04:30:54.812Z
user_created_time: 2020-10-19T01:24:36.379Z
user_updated_time: 2022-11-19T04:30:54.812Z
encryption_cipher_text: 
encryption_applied: 0
parent_id: 90987d9954be415d89fe7cc093c5f8c9
is_shared: 0
share_id: 
master_key_id: 
icon: 
type_: 287bb11fb4c5e42d59249557f9c8b31ff.md000644 0000000544 14336061324012634 0ustar00000000 000000 Tools

id: 87bb11fb4c5e42d59249557f9c8b31ff
created_time: 2022-06-08T01:09:45.778Z
updated_time: 2022-06-08T01:10:17.097Z
user_created_time: 2022-06-08T01:09:45.778Z
user_updated_time: 2022-06-08T01:10:17.097Z
encryption_cipher_text: 
encryption_applied: 0
parent_id: 90987d9954be415d89fe7cc093c5f8c9
is_shared: 0
share_id: 
master_key_id: 
icon: 
type_: 290987d9954be415d89fe7cc093c5f8c9.md000644 0000000550 14336061324012603 0ustar00000000 000000 Resources

id: 90987d9954be415d89fe7cc093c5f8c9
created_time: 2020-10-19T01:24:02.137Z
updated_time: 2020-10-19T01:24:02.137Z
user_created_time: 2020-10-19T01:24:02.137Z
user_updated_time: 2020-10-19T01:24:02.137Z
encryption_cipher_text: 
encryption_applied: 0
parent_id: 93c15daf2f4c486fb2f14ed7bf85bff5
is_shared: 0
share_id: 
master_key_id: 
icon: 
type_: 293c15daf2f4c486fb2f14ed7bf85bff5.md000644 0000000523 14336061324013125 0ustar00000000 000000 OSINT/Recon Notebook

id: 93c15daf2f4c486fb2f14ed7bf85bff5
created_time: 2020-10-19T00:22:57.662Z
updated_time: 2022-11-12T22:35:03.572Z
user_created_time: 2020-10-19T00:22:57.662Z
user_updated_time: 2022-11-12T22:35:03.572Z
encryption_cipher_text: 
encryption_applied: 0
parent_id: 
is_shared: 0
share_id: 
master_key_id: 
icon: 
type_: 29680c3b4fae5496884daa48ee21626d0.md000644 0000002364 14336061324012550 0ustar00000000 000000 Social Media Scrapers

# Instagram: 

## Instaloader
- https://github.com/instaloader/instaloader

## Installation
In Kali Linux: ```sudo apt install instaloader```

## Toutatis:
- https://github.com/megadose/toutatis

## Installation:
```
git clone https://github.com/megadose/toutatis.git
cd toutatis/
python3 setup.py install
```

Usage: 
- toutatis -u username -s instagramsessionid

# Masto 
- https://github.com/C3n7ral051nt4g3ncy/Masto

## Installation
```
git clone https://github.com/C3n7ral051nt4g3ncy/Masto
pip3 install -r requirements.txt
```

## Using Masto
- python3 masto.py -u {username}
- python3 masto.py -i {instance}

id: 9680c3b4fae5496884daa48ee21626d0
parent_id: 87bb11fb4c5e42d59249557f9c8b31ff
created_time: 2022-07-01T20:34:35.709Z
updated_time: 2022-11-18T08:44:57.882Z
is_conflict: 0
latitude: 0.00000000
longitude: 0.00000000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1656707675709
user_created_time: 2022-07-01T20:34:35.709Z
user_updated_time: 2022-11-18T08:44:57.882Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 196cd33181ac446419b2cbefec51c0739.md000644 0000000553 14336061324012610 0ustar00000000 000000 Company Case

id: 96cd33181ac446419b2cbefec51c0739
created_time: 2020-10-19T01:18:18.913Z
updated_time: 2020-10-19T01:18:18.913Z
user_created_time: 2020-10-19T01:18:18.913Z
user_updated_time: 2020-10-19T01:18:18.913Z
encryption_cipher_text: 
encryption_applied: 0
parent_id: 93c15daf2f4c486fb2f14ed7bf85bff5
is_shared: 0
share_id: 
master_key_id: 
icon: 
type_: 29d5d41c8398745a28c9b54277f2a2918.md000644 0000002620 14336061324012340 0ustar00000000 000000 OSINT SiteMaps

## Summary Overview:

Each Link contains a dashboard or a set of tools that they recommend to use for OSINT. Although these lists may not be up to date from time to time they can come in handy depending on what you are looking for.

# List of sites that collect OSINT Tools, Sites, and Resources: 

IntelTechniques Search Tools: https://inteltechniques.com/tools/index.html

OSINT Tools Dashboard: https://start.me/p/7kxyy2/osint-tools-curated-by-lorand-bodo

Terrorism Radicalisation Research Dashboard: https://start.me/p/OmExgb/terrorism-radicalisation-research-dashboard

OSINT Techniques: https://www.osinttechniques.com/osint-tools.html

OSINT Framework: https://osintframework.com/

NixIntel OSINT Resource List: https://start.me/p/rx6Qj8/nixintel-s-osint-resource-list

id: 9d5d41c8398745a28c9b54277f2a2918
parent_id: 51c0b6c8691f4a4db4fb8283ecb40b58
created_time: 2022-11-18T07:29:54.431Z
updated_time: 2022-11-18T20:53:51.392Z
is_conflict: 0
latitude: 0.00000000
longitude: 0.00000000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1656351122377
user_created_time: 2022-11-18T07:29:54.431Z
user_updated_time: 2022-11-18T20:53:51.392Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 1a2fdfafa387c4232b8cdabf3dde5dae2.md000644 0000003740 14336061324013401 0ustar00000000 000000 Google Dorks

Google Hacking Database: https://www.exploit-db.com/google-hacking-database

Do not forget to include icons, emojism or unicode charecters in your searchs depending on the subject. 

## Searching for names: 

- "james king" site:<site you want query your search on>
- "james king" -"site:<site you want to query your search on>/jamesking" site:<site you want query your search on>
- "james" "king" -site:<site you want query your search on>
- intile:final.attendee.list OR inurl:final.attendee.list "james king"

## Searching for names in files: 
- inurl:<domain> filetype:<file exstension> "username, password, email"
- inurl:resume :"james king"
- intext:resume "james king"
- allintext: "james king"

# Searching for names in Github Code: 
- site https://github.com/orgs/*/people

# Search for emails with passwords: 

- site:pastebin.com "*@gmail.com password"
- site:pastebin.com "*@outlook.com password"
- 	site:gitlab.* intext:password intext:@gmail.com | @yahoo.com | @hotmail.com

# Searching for social media accounts

- site:facebook.com "display name"
- inurl:facebook.com "display name"
- inurl:facebook.com inurl:username
- inurl:facebook.com inurl:firstname inurl:secondname

# Searching for telegram groups
- site:t.me/joinchat
- site:t.me/*
- site:t.me
- site:telegram.me

# Searching for human resources
- intitle: "index of" intext: human resources


id: a2fdfafa387c4232b8cdabf3dde5dae2
parent_id: 8166c2cb2ed54ecbbada07441e427fea
created_time: 2020-12-06T03:32:59.304Z
updated_time: 2022-11-18T05:38:08.065Z
is_conflict: 0
latitude: 0.00000000
longitude: 0.00000000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1662950638467.5
user_created_time: 2020-12-06T03:32:59.304Z
user_updated_time: 2022-11-18T05:38:08.065Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 1ab4dbc65f6af49568044488963f13b61.md000644 0000003744 14336061324012476 0ustar00000000 000000 Breach Tools

### PwnedOrNot (https://github.com/thewhiteh4t/pwnedOrNot)
Installation:
```
Must make a payment to get a haveibeenpwned API key
Obtain an API Key: https://haveibeenpwned.com/API/Key
haveibeenpwned API v3 Documentation: https://haveibeenpwned.com/API/v3

git clone https://github.com/thewhiteh4t/pwnedOrNot.git
cd pwnedOrNot
chmod +x install.sh
./install.sh
```

Using pwnedornot:
Checking for a Single Email
- python3 pwnedornot.py -e <email>
- python3 pwnedornot.py --email <email>

Check Multiple Emails from File
- python3 pwnedornot.py -f <file name>
- python3 pwnedornot.py --file <file name>

Filter Result for a Domain Name [Ex : adobe.com]
- python3 pwnedornot.py -e <email> -d <domain name>
- python3 pwnedornot.py -f <file name> --domain <domain name>

Get only Breach Info, Skip Password Dumps
- python3 pwnedornot.py -e <email> -n
- python3 pwnedornot.py -f <file name> --nodumps

Get List of all Breached Domains
-python3 pwnedornot.py -l
- python3 pwnedornot.py --list

Check if a Domain is Pwned
- python3 pwnedornot.py -c <domain name>
- python3 pwnedornot.py --check <domain name>

### pwned (https://github.com/wKovacs64/pwned)

Installation:
```
Kali Linux:
apt install nodejs
apt install npm
npm install pwned -g
```

Using Pwned: 
Adding your haveibeenpwned API key
- pwned apikey <key>
Obtain all breaches for an account
- pwned ba <account|email>


id: ab4dbc65f6af49568044488963f13b61
parent_id: 87bb11fb4c5e42d59249557f9c8b31ff
created_time: 2022-11-10T05:56:13.907Z
updated_time: 2022-11-10T16:51:17.336Z
is_conflict: 0
latitude: 0.00000000
longitude: 0.00000000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1668756183008.25
user_created_time: 2022-11-10T05:56:13.907Z
user_updated_time: 2022-11-10T16:51:17.336Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 1b21cd37bae094aa4bff7e580c017ccba.md000644 0000005504 14336061324013147 0ustar00000000 000000 Main Template

# Template Breakdown: 

# Summary Overview

- Information/Intel about the person that went missing

# Personal Information: 

- Full Name: 
- Alias Names/Handles: 
- Age:
- Address:
- Height/Weight:
- Gender: 
- Birth Date:
- Personal Email:
- Phone Numbers:
- Breached Passwords:
- Single/Married: 
- Forms of Identification: 
- Vehicle Information (Make, Year, Color, License): 

# Social Media: 

- Facebook:
- Twitter:
- Instagram:
- Youtube:
- Vysco:
- Snapchat: 
- TikTok: 
- Tumblr:
- PinInterest:
- Vk: 
- Reddit: 
- Craiglist: 
- Kijiji: 
- Telegram:
-  Github
-  Discord: 
-  Skype:

# Gamer Handles:
- Steam:
- Xbox:
- Playstation Network:
-  Other:

# Other accounts/handles: 

- Blog Posts: 
- Forum profiles:

# Work/Careers: 

- Linkedin:
- Company Name: 
- Job Description: 
- Start/End Date: 
- Work Email: 
- Work Website:  
- Work Phone Number: 
- Work Address: 

- Interesting comments from employees: 

# Home/Place of Living: 
- Address: 
- Noticeable Habits: 

## Owns the Home/Place: 
- Information/Tips from the neighbors: 
- Any Issues in the area?

## Lives in a rental place: 

- Landlords Name: 
- Landlords Phone Number:
- Information/Tips from other tenants:
- Any Issues in the Area?

# Other Information about the Person: 
- Unique Identifiers (Tattos, scars, piercings/jewlery):
- Habits (Smoking, Drinking, Hitch Hiking, Hangouts, Gang Affliation):
- Tips/Other information where the subject may be headed: 
- History of the person missing in the past: 

# Technical Information/Devices: 
- Device: 
- Brand/Modfel: 
- Carrier: 
- ISP: 
- IP Addresses:
- Accounts involved in a breach: 

# Friends: 

- Name: 
- Relation:
- Address:
- Phone Number: 
- Email:
- Social Media Handle: 
- Proof/Evidence: 
- Interesting comments from there friend/friends:


# Family: 

- Name: 
- Relation:
- Address:
- Phone Number: 
- Email:
- Social Media Handle: 
- Proof/Evidence: 
- Interesting comments from family members:

# Other Intel: 

## Day Last Seen: 
- Details of the day the person was seen: 
- Location: 
- Any Mood Altercation, Conversations, or directions where they could be going to next. 
- Were they intending to meet someone?
- Other Information that can relate to when the person was seen. 




id: b21cd37bae094aa4bff7e580c017ccba
parent_id: 3e6844734f73490ebccc3048d293af2e
created_time: 2020-12-04T03:14:30.249Z
updated_time: 2022-11-18T05:37:25.560Z
is_conflict: 0
latitude: 0.00000000
longitude: 0.00000000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1641090706276.5
user_created_time: 2020-12-04T03:14:30.249Z
user_updated_time: 2022-11-18T05:37:25.560Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 1b44e043041144cb8b30ffef64c066d7c.md000644 0000001415 14336061324012574 0ustar00000000 000000 Images-Screenshots Template

# Image #1:
- Where was the image found:
- Description of the image: 
-  Other details about the image:
-  EXIF Data:

id: b44e043041144cb8b30ffef64c066d7c
parent_id: 96cd33181ac446419b2cbefec51c0739
created_time: 2021-07-29T03:51:21.345Z
updated_time: 2022-11-19T04:22:12.252Z
is_conflict: 0
latitude: 42.90740000
longitude: -78.81970000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1627530681345
user_created_time: 2021-07-29T03:51:21.345Z
user_updated_time: 2022-11-19T04:22:12.252Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 1c12240f433a147899b8127ac99b3330d.md000644 0000004443 14336061324012310 0ustar00000000 000000 Dark Web

# Setup and Initialization:

## In Kali Linux
```
# Commands to Install tor and the tor browser
sudo apt install tor
sudo apt install tor-browser

# Running the tor browser
Command Line: Open the terminal and type tor-browser

A new window will appear loading the tor browser
```

Configuring

## Browsers: 
Brave: https://brave.com/
I2P: https://geti2p.net/en/ 
Tor Broswer: https://www.torproject.org
Whonix: https://www.whonix.org/
Zeronet: https://zeronet.io/


# Dark Web Scanners:

Katana: https://github.com/TebbaaX/Katana

Installation: 
```
git clone https://github.com/TebbaaX/Katana
cd Katana
python3 -m pip install -r requirements.txt
python3 kds.py
```

Onion Search: https://github.com/megadose/OnionSearch
 ```
git clone https://github.com/megadose/OnionSearch
cd onionseach
python3 setup.py install
onionsearch
```

Darkdump: https://github.com/josh0xA/darkdump
Note: Darksearch.io now forbids public queries so this tool may not work

```
git clone https://github.com/josh0xA/darkdump
cd darkdump
python3 -m pip install -r requirements.txt
python3 darkdump.py --help
```

# Other tools to crawl the TOR network
- https://github.com/DedSecInside/TorBot

# Commands to verify if onion links are active:
Note: You will needed to be connected or proxied into the tor network to check if the site.
nmap:
```
nmap -sT -PN -n -p 80,443 facebookcorewwwi.onion

proxychains4 -f /etc/proxychains.conf /usr/bin/nmap -sT -PN -n -p 80,443 facebookcorewwwi.onion
```
curl:
```
curl -I https://facebookcorewwwi.onion
```
netcat (nc):
```
nc -z 80 facebookcorewwwi.onion
nc -z 443 facebookcorewwwi.onion
```

# Resources: 
Installing Tor on Kali Linux: https://www.kali.org/docs/tools/tor/


id: c12240f433a147899b8127ac99b3330d
parent_id: 87bb11fb4c5e42d59249557f9c8b31ff
created_time: 2022-06-27T15:20:13.216Z
updated_time: 2022-11-19T04:54:50.300Z
is_conflict: 0
latitude: 34.74648090
longitude: -92.28959480
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1668754151981.75
user_created_time: 2022-06-27T15:20:13.216Z
user_updated_time: 2022-11-19T04:54:50.300Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 1cdfe668d66674ba79131d8327e5fea7b.md000644 0000002342 14336061324012716 0ustar00000000 000000 Uncovering Images:

# Reverse Image Search

- https://images.google.com/
- https://www.bing.com/images/
- https://tineye.com/
- https://pimeyes.com/en
- https://images.search.yahoo.com/
- https://www.gettyimages.com/
- https://www.shutterstock.com/

## Face image search engines:

- https://pimeyes.com/en

## EXIF Tools
- https://exif.tools/
- https://exifdata.com/
- https://www.metadata2go.com/
- https://jimpl.com/

# EXIF Metadata Editors: 
- https://www.thexifer.net/

## Checking for Deepfakes: 
- https://scanner.deepware.ai/
-  https://detectfakes.media.mit.edu/# (Resource to learn how to detect deepfakes)

id: cdfe668d66674ba79131d8327e5fea7b
parent_id: 51c0b6c8691f4a4db4fb8283ecb40b58
created_time: 2020-12-07T04:56:59.276Z
updated_time: 2022-11-18T18:51:27.504Z
is_conflict: 0
latitude: 0.00000000
longitude: 0.00000000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1641936618260.5
user_created_time: 2020-12-07T04:56:59.276Z
user_updated_time: 2022-11-18T18:51:27.504Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 1d30dc62f10b14cebb192bc907c56cd30.md000644 0000011104 14336061324012715 0ustar00000000 000000 OSINT Framework Tools

# OSIF

## Installation:
```
git clone https://github.com/fr4nc1stein/osint-framework osif
cd osif
pip3 install -r requirements.txt
```

Create an enviornment file (.env) and include your API keys: 
```
VT_API=""
CENSYS_APPID=""
CENSYS_SECRET=""
ABUSECH_API_KEY = ""
SHODAN_API_KEY = ""
HUNTER_API_KEY = ""
BITCOINABUSE_API_KEY = ""
WIGLE_API_NAME = ""
WIGLE_API_TOKEN = ""
SECURITY_TRAIL_API = ""
```

## Executing the program: 

```
python3 ./osif
```

# Recon-NG

## Installation: 
Already installed in Kali Linux

## Loading the program and installing modules:
```
$ recon-ng      
[*] Version check disabled.

    _/_/_/    _/_/_/_/    _/_/_/    _/_/_/    _/      _/            _/      _/    _/_/_/
   _/    _/  _/        _/        _/      _/  _/_/    _/            _/_/    _/  _/       
  _/_/_/    _/_/_/    _/        _/      _/  _/  _/  _/  _/_/_/_/  _/  _/  _/  _/  _/_/_/
 _/    _/  _/        _/        _/      _/  _/    _/_/            _/    _/_/  _/      _/ 
_/    _/  _/_/_/_/    _/_/_/    _/_/_/    _/      _/            _/      _/    _/_/_/    


                                          /\
                                         / \\ /\
    Sponsored by...               /\  /\/  \\V  \/\
                                 / \\/ // \\\\\ \\ \/\
                                // // BLACK HILLS \/ \\
                               www.blackhillsinfosec.com

                  ____   ____   ____   ____ _____ _  ____   ____  ____
                 |____] | ___/ |____| |       |   | |____  |____ |
                 |      |   \_ |    | |____   |   |  ____| |____ |____
                                   www.practisec.com

                      [recon-ng v5.1.2, Tim Tomes (@lanmaster53)] 
					  
[recon-ng][default] > marketplace search

  +---------------------------------------------------------------------------------------------------+
  |                        Path                        | Version |     Status    |  Updated   | D | K |
  +---------------------------------------------------------------------------------------------------+
  | discovery/info_disclosure/cache_snoop              | 1.1     | not installed | 2020-10-13 |   |   |
  | discovery/info_disclosure/interesting_files        | 1.2     | not installed | 2021-10-04 |   |   |
  | exploitation/injection/command_injector            | 1.0     | not installed | 2019-06-24 |   |   |
  | exploitation/injection/xpath_bruter                | 1.2     | not installed | 2019-10-08 |   |   |
  | import/csv_file                                    | 1.1     | not installed | 2019-08-09 |   |   |
  | import/list                                        | 1.1     | not installed | 2019-06-24 |   |   |
  | import/masscan                                     | 1.0     | not installed | 2020-04-07 |   |   |
  | import/nmap                                        | 1.1     | not installed | 2020-10-06 |   |   |
  | recon/companies-contacts/bing_linkedin_cache       | 1.0     | not installed | 2019-06-24 |   | * |
  | recon/companies-contacts/censys_email_address      | 2.0     | not installed | 2021-05-11 | * | * |
  | recon/companies-contacts/pen                       | 1.1     | not installed | 2019-10-15 |   |   |
  | recon/companies-domains/censys_subdomains          | 2.0     | not installed | 2021-05-10 | * | * |

[recon-ng][default] > marketplace install recon/companies-domains/viewdns_reverse_whois
[*] Module installed: recon/companies-domains/viewdns_reverse_whois
[*] Reloading modules...
```

## Using the module and setting the options:
```
[recon-ng][default] > modules load recon/companies-domains/viewdns_reverse_whois
[recon-ng][default][viewdns_reverse_whois] > options list

  Name    Current Value  Required  Description
  ------  -------------  --------  -----------
  SOURCE  default        yes       source of input (see 'info' for details)

[recon-ng][default][viewdns_reverse_whois] > options set source google.com
SOURCE => google.com
[recon-ng][default][viewdns_reverse_whois] > run

```









id: d30dc62f10b14cebb192bc907c56cd30
parent_id: 87bb11fb4c5e42d59249557f9c8b31ff
created_time: 2022-11-18T06:32:17.569Z
updated_time: 2022-11-18T06:49:12.207Z
is_conflict: 0
latitude: 0.00000000
longitude: 0.00000000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1668753137569
user_created_time: 2022-11-18T06:32:17.569Z
user_updated_time: 2022-11-18T06:49:12.207Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 1d4108e5618694c5ebc2bd7e7a98a0e96.md000644 0000004305 14336061324012632 0ustar00000000 000000 About This Notebook

# About This Notebook

This OSINT Notebook provides an overview of the tools, techniques, and resources that I use for a variety of situations when it comes to performing reconnaissance and OSINT operations. This Notebook has helped me in many situations to learn more about OSINT and how to analyze the data that is out there on the internet.

Included in the notebook are three templates that you can copy and fill in, or repurpose depending on the information you need for your research. These case templates helped me keep a track of things I found online depending on the situation that I was assigned to assess.

Although this notebook may be missing a tool, resource, or technique that other OSINT operators use, it is really hard to keep a track of what is out there. There will always be a new tool, search technique, or resource telling you how to OSINT. At the end of the day you should use this notebook as a way to start a baseline to create your own or to modify it for your use cases and situations.

# Created by TJ Null

**Twitter:** https://twitter.com/TJ_Null
**Mastodon (Infosec.Exchange):** https://infosec.exchange/@Tjnull
**Github:** https://github.com/tjnull

## Special Thanks

I want to quickly recognize and thank those that helped me craft this notebook through their reviews and feedback, including:

- rag_sec
- Adrestia
- 0xDISREL
- Andrew Nowlin
- 5nacks
- Alethe Denis: https://twitter.com/AletheDenis

# Contribution:

If you would like to contribute to the template or provide improvements, you can submit an issue on the Github Repo here:

- https://github.com/tjnull/

id: d4108e5618694c5ebc2bd7e7a98a0e96
parent_id: 93c15daf2f4c486fb2f14ed7bf85bff5
created_time: 2022-11-19T00:18:50.666Z
updated_time: 2022-11-19T00:19:57.226Z
is_conflict: 0
latitude: 0.00000000
longitude: 0.00000000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 0
user_created_time: 2022-11-19T00:18:50.666Z
user_updated_time: 2022-11-19T00:19:57.226Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 1dcf89f663da448a3b703e5f145d97baf.md000644 0000001415 14336061324012767 0ustar00000000 000000 Images/Screenshots Template

# Image #1:
- Where was the image found:
- Description of the image: 
-  Other details about the image:
-  EXIF Data:

id: dcf89f663da448a3b703e5f145d97baf
parent_id: 3e6844734f73490ebccc3048d293af2e
created_time: 2021-07-29T04:34:33.850Z
updated_time: 2022-11-18T18:41:47.929Z
is_conflict: 0
latitude: 42.90740000
longitude: -78.81970000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1627530681345
user_created_time: 2021-07-29T04:34:33.850Z
user_updated_time: 2022-11-18T18:41:47.929Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 1e6223dc485394d7db5c0d870fa13fd63.md000644 0000000566 14336061324012622 0ustar00000000 000000 Person of Interest Case

id: e6223dc485394d7db5c0d870fa13fd63
created_time: 2020-10-19T01:17:41.886Z
updated_time: 2022-11-18T05:19:21.276Z
user_created_time: 2020-10-19T01:17:41.886Z
user_updated_time: 2022-11-18T05:19:21.276Z
encryption_cipher_text: 
encryption_applied: 0
parent_id: 93c15daf2f4c486fb2f14ed7bf85bff5
is_shared: 0
share_id: 
master_key_id: 
icon: 
type_: 2e7835ba6311d4cb8bd47a676677fa805.md000644 0000002110 14336061324012535 0ustar00000000 000000 Image Tools

# Tools to analyze EXIF metadata:
AnalogEXIF: https://sourceforge.net/projects/analogexif/
ExifTool: https://exiftool.org/
ExifTOOLGUI: https://exiftool.org/gui/
Exif Pilot: https://www.colorpilot.com/exif.html
ExifManager: https://sourceforge.net/projects/exifmanager/
Geosetter: https://geosetter.de/download-en/
Metadata++: https://www.logipole.com/metadata++-en.htm

# Tools that can remove EXIF metadata
EXIF Purge: http://www.exifpurge.com/

id: e7835ba6311d4cb8bd47a676677fa805
parent_id: 87bb11fb4c5e42d59249557f9c8b31ff
created_time: 2022-11-18T18:42:27.728Z
updated_time: 2022-11-18T18:48:35.483Z
is_conflict: 0
latitude: 0.00000000
longitude: 0.00000000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1668753898378.5625
user_created_time: 2022-11-18T18:42:27.728Z
user_updated_time: 2022-11-18T18:48:35.483Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 1e8186672de324c9a9237849dc8353f83.md000644 0000003243 14336061324012350 0ustar00000000 000000 Aviation, Marine, and Space Intel

# Aviation Sites
Radarbox24 
- https://www.radarbox24.com/
Flight Radar 24: 
- https://www.flightradar24.com/
Flight Aware: 
- https://flightaware.com/
Live Air Traffic Comms:
- https://www.liveatc.net/
ADS-B Exchange
- https://www.adsbexchange.com/
## International:
Freedar (Tracking Military Aircraft in the UK):
- https://radar.freedar.uk/VirtualRadar/desktop.html
- https://military.freedar.uk/VirtualRadar/mobile.html
## Information for different types of planes:
Airplane Tail Logo's
- https://airlinetaillogos.wordpress.com/
Plane Spotters: 
- https://www.planespotters.net/

# Marine Sites
Marine Traffic
- https://www.marinetraffic.com/

# Space Sites
Satellite Imagery:
- https://www.mapchecking.com
- https://www.phorio.com
- https://earthexplorer.usgs.gov/
- https://apps.sentinel-hub.com/eo-browser/


Live Weather Satellite Imagery:
- https://zoom.earth

Satellites in low orbit:
- https://platform.leolabs.space/visualization

Software for Satellite Imagery:
- Google Earth: https://www.google.com/earth/versions/

id: e8186672de324c9a9237849dc8353f83
parent_id: 51c0b6c8691f4a4db4fb8283ecb40b58
created_time: 2021-07-29T04:38:44.620Z
updated_time: 2022-11-19T04:33:38.633Z
is_conflict: 0
latitude: 42.90740000
longitude: -78.81970000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1662558471352
user_created_time: 2021-07-29T04:38:44.620Z
user_updated_time: 2022-11-19T04:33:38.633Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 1ef440c25007642f7a1efd169b3b840c3.md000644 0000002276 14336061324012525 0ustar00000000 000000 Cryptocurrency

# Crypto Market: 

- https://coinmarketcap.com/
- https://www.coinbase.com/explore
- https://www.binance.com/en/markets

# Bitcoin
### Wallet Transaction Analysis
- https://www.walletexplorer.com/
-  https://bitref.com/
###  Blockhain Transaction Analysis
- https://www.blockchain.com/explorer
- https://blockexplorer.com/
- https://live.blockcypher.com/

### Tracking Bitcoin Addresses:
- https://intelx.io/ 
- https://oxt.me/
- https://www.bitcoinwhoswho.com/

# Etherium
###  Blockhain Transaction Analysis
- https://etherscan.io/
- https://www.etherchain.org/

id: ef440c25007642f7a1efd169b3b840c3
parent_id: 51c0b6c8691f4a4db4fb8283ecb40b58
created_time: 2022-06-27T20:06:07.397Z
updated_time: 2022-09-12T04:02:44.867Z
is_conflict: 0
latitude: 34.74648090
longitude: -92.28959480
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1656360367397
user_created_time: 2022-06-27T20:06:07.397Z
user_updated_time: 2022-09-12T04:02:44.867Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 1f8b79179f9a848958b21ffef03580303.md000644 0000011174 14336061324012430 0ustar00000000 000000 What Is Intelligence? What is OSINT?

# What Is Intelligence? What is OSINT?

Intelligence is the asset generated by collecting and analyzing data, then forming that analysis in to an actionable output, such as a report. Well-formed intelligence products can aid with predicting future actions by understanding past behaviors, help determine appropriate courses of action for attacking or defending objectives (such as critical infrastructure), or even help improve situational awareness around macro-level industry or economic trends in a business.

Open-Source Intelligence (OSINT) refers to intelligence data gathered from public sources, and has quickly become one of the most important elements of intelligence programs for entities ranging from the Intelligence and Defense communities, to law enforcement, to businesses, and even journalists and hobbyist researchers. Common sources for OSINT collection include social media, video sharing platforms like YouTube and Vimeo, blog and news websites both the clear and dark web.

Understanding the Intelligence Cycle is key to a successful investigation, whether you are working exclusively with open sources, or you’re analyzing classified government intelligence. The Intelligence Cycle consists of five phases, and is a looping process where findings and feedback from each iteration can be used to help feed the planning and direction that goes into the next round of investigations. The five phases of the Intelligence Cycle are:

- **Planning and Direction:** Begin your investigation by understanding the need for data and defining specific requirements for intelligence collection and analysis, as well as identifying the scope of sources to be used for the investigation. If this is a continuation of an investigation based on past findings, leverage the previous finished intelligence product(s) from that investigation and the feedback from the intelligence consumers to drive your next steps.
- **Collection:** Gather the raw information that you need to produce your finished intelligence product. Information should be collected from all sources which are in-scope for the investigation, even if the information does not appear relevant at first.
- **Processing and Exploitation:** Convert the information you’ve collected into usable data. This can include decryption and decoding efforts, translation, data deduplication, reformatting data, and even conducting follow-up collection efforts to expand your dataset based on previously unknown selectors (search terms).
- **Analysis and Production:** This phase involves analyzing all the intelligence collected, and potentially intelligence gathered during previous efforts, to build your finished intelligence product (e.g., your intelligence report).
- **Dissemination:** Finished intelligence products should be distributed to the intended consumers of your intelligence product, so that the intelligence can be reviewed and actioned if necessary. Feedback and actions on the finished intelligence products can be used to fuel future iterations of the intelligence cycle for this case, or for future casework.

Intelligence can be a game changer, whether you’re looking to investigate a missing person’s case, looking to understand business and marketplace competition, assess vendor and supply chain risk, or even for planning a penetration test or red team engagement. Leveraging the Intelligence Cycle, along with this notebook and other tools at your disposal, can help you be successful in generating finished intelligence for your investigations, projects, and organizations.

# Further Reading
- The Threat Intelligence Lifecycle: https://www.recordedfuture.com/threat-intelligence-lifecycle
- Five Phashes of the Threat Intelligence Lifecycle: https://flashpoint.io/blog/threat-intelligence-lifecycle/
- Threat Intelligence Lifecycle | Phases & Best Practices Explained: https://snyk.io/learn/threat-intelligence/threat-intelligence-lifecycle/
- Open-Source Intelligence (OSINT) Cycle: https://securityorb.com/featured/the-open-source-intelligence-osint-cycle/




id: f8b79179f9a848958b21ffef03580303
parent_id: 93c15daf2f4c486fb2f14ed7bf85bff5
created_time: 2022-10-11T16:49:01.923Z
updated_time: 2022-11-19T00:26:13.392Z
is_conflict: 0
latitude: 0.00000000
longitude: 0.00000000
altitude: 0.0000
author: 
source_url: 
is_todo: 0
todo_due: 0
todo_completed: 0
source: joplin-desktop
source_application: net.cozic.joplin-desktop
application_data: 
order: 1668807578539
user_created_time: 2022-10-11T16:49:01.923Z
user_updated_time: 2022-11-19T00:26:13.392Z
encryption_cipher_text: 
encryption_applied: 0
markup_language: 1
is_shared: 0
share_id: 
conflict_original_id: 
master_key_id: 
type_: 1