You are made of the stones of those fortresses, that were once razed to the ground. I fear that even this short communication will change my character, my former lightness will be replaced by gloom. It is better for us to separately each perform our own suerte de muerte!
OSINT Repos List, Repository with gathered from GitHub utilities for OSINT, Development and DevOps. The number of artifacts in the repository exceeded 2600: https://github.com/bormaxi8080/osint-repos-list
One of the most prominent employees of the Department of Government Efficiency (DOGE), which is run by oligarch Elon Musk, once worked for a cybercrime group that sold stolen data and carried out blackmail. The man in question is 19-year-old Edward Coristin, also known by the nickname Big Balls.
According to a Reuters investigation, starting in 2022, when Coristin was still in high school, he ran a company called DiamondCDN, which facilitated the cybercrime organization EGodly. Digital records reviewed by Reuters showed that the EGodly website and dataleak.fun were linked to Internet Protocol addresses registered to DiamondCDN and other entities owned by Coristin.
Neither Coristin nor DOGE commented on the investigation's findings and declined to answer questions from reporters. The teenager currently holds the position of "senior adviser" at the State Department and the Cybersecurity and Infrastructure Security Agency.
The EGodly cyber group reported on its Telegram channel that it intercepts phone numbers, hacks into law enforcement accounts in Latin America and Eastern Europe, and steals cryptocurrency. In addition, in early 2023, it posted the details of an FBI employee online, distributing his address, phone number, and so on.
It is believed that the agent was investigating EGodly's activities. For this, the organization began to deanonymize him. The employee is now retired. He reported that members of the criminal organization also practiced swatting - calling armed special forces to false addresses.
BEST OSINT Books. Digital Investigations, cybersecurity, investigative journalism, OPSE, sourcing, national security, intelligence mindset: https://osintteam.com/books/
Mastering Image Geolocation (OSINT): https://medium.com/@preciousvincentct/mastering-image-geolocation-osint-d046d715c70c
OSINT Tools, Services and Investigations:
OSINT USA. Criminal records, Government records, Bussines entity search, Charites/non-profit search, People search, Radio signals and more: https://start.me/p/GEQXv7/osint-us
HANDLEHAWK. By nickname, collects profile information across multiple platforms. Bluesky, Mastodon, Nostr, TruthSocial, Reddit, Snapchat, Twitter (via optional RapidAPI): https://github.com/C3n7ral051nt4g3ncy/HandleHawk
Asia Pacific Business OSINT Tools. Trusts & foundations, real estate, charities, wealth indicators, individuals and business entities search: https://start.me/p/3KMwaw/hbg-asia-pacific-resources
Venicle OSINT. Stolen car databases, check insurance for registration numbers, licence plates search, VIN search, model recognition, road and traffic info and more: https://start.me/p/q6mmMA/17-road-transportation
Companies Intelligence. List of tools for companies investigation from Shally Stecker: https://start.me/p/Bn4evw/srcn
Discord OSINT. Useful resources to conduct research on Discord: https://github.com/thepseudonym/DiscordOSINT
Browservice. §Browser as a Service. A web "proxy" server that enables browsing the modern web on historical browsers. It works by rendering the browser viewport into images, which are then shown by a JavaScript application running on the client browser: https://github.com/ttalvitie/browservice
AI is not new however it has recently taken a leap forward not just in technology but also public awareness. For that reason it cannot be ignored as a potential OSINT tool. There are Privacy concerns with some European counteries already taking note and maybe action in the future. Like with any OSINT tool, understand what it does and ensure you are happy that you maybe giving up your data ro help build future AI capabilities: https://github.com/The-Osint-Toolbox/AI-Resources
Namus Missing Persons Search. Database of missing, unidentified and unclaimed persons with a lot of advanced search filters (USA). Age/ethnicity, case created/last contact date, hair/eye color, clothing and accessories, piercing/tattoo: https://www.namus.gov/MissingPersons/Search
DaProfiler is an OSINT tool allowing you to collect certain information about yourself in order to rectify by rgpd requests the traces you may have left on the net. DaProfiler is indeed able to recover: Addresses, Social media accounts, e-mail addresses, mobile / landline number, jobs: https://github.com/daprofiler/DaProfiler
Gixposed is a powerful command-line tool designed to search the commit history of Git repositories for sensitive information, such as API keys and access tokens. Its purpose is to help developers and security professionals quickly identify and remediate exposed sensitive informations in their codebases: https://github.com/whxitte/gixposed
Official implementation of Video Seal. Training and inference code for image and video watermarking, and state-of-the-art open-sourced models: https://github.com/facebookresearch/videoseal
FakeEmail. A Fake Email Server with a Web Front End: https://github.com/tomwardill/FakeEmail
IP-Tracer. A basic Termux IP address tracer tool that can fetch all publicly available information about an IP address: https://github.com/Achik-Ahmed/Ip-Tracer
White IP-Tracer. Just a simple light weight tool for simple ip information gathering: https://github.com/whxitte/white-IpTracer
CSVKit. A suite of utilities for converting to and working with CSV, the king of tabular file formats: https://github.com/wireservice/csvkit
Universal Search & AI:
DEEP FACE UI. Self-hosted tool for analysing and comparing face photos. Does not require API keys. x.com/GONZOs_int published it on Github just yesterday and feel free to write him about any issues: https://github.com/GONZOsint/deepfaceui
Software Development & APIs:
File Systam Spec. A specification that python filesystems should adhere to: https://github.com/fsspec/filesystem_spec
Data Engineer Handbook. This is a repo with links to everything you'd ever want to learn about data engineering: https://github.com/DataExpert-io/data-engineer-handbook
FastAPI Guard. A security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. It integrates seamlessly with FastAPI to offer robust protection against various security threats: https://github.com/rennf93/fastapi-guard
Machbase is a blazing fast time-series database designed specifically for IoT applications and implemented in C. machbase-neo is an IoT Database Server that embeds the Machbase engine and offers essential and convenient features for building IoT platforms, including MQTT and HTTP APIs. It is highly versatile and can be installed on a wide range of machines, from Raspberry Pi devices to high-performance servers: https://github.com/machbase/neo-server/?tab=readme-ov-file
Linux & DevOps:
nginx-proxy sets up a container running nginx and docker-gen. docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped: https://github.com/nginx-proxy/nginx-proxy
bpytop. Linux/OSX/FreeBSD resource monitor: https://github.com/aristocratos/bpytop
Flipper Zero & Other Devices:
FlepperZero NFS Tools. Repository contains nfc tools for Flipper companions: https://github.com/flipperdevices/flipperzero-nfc-tools
New from CyberDetective:
In this article, talk about how solve the problem of not being able to export my subscribers after Substack account was locked. Will be useful also for anyone who needs to automate data collection from Gmail: https://medium.com/@cyb_detective/substack-locked-my-account-9880b56f5ab0
FilePhish. Free online query builder for searching sensitive data files on a target domain in different search engines: https://greylensresearch.github.io/filephish/
Crime Mapper. Cyber crime mapping tool. Import IOCs, data enrichment from API (Shodan, InternetDB, Google DNS), import and export to JSON. Self-hosted (https://github.com/mr-r3b00t/crime-mapper) or online demo (https://mr-r3b00t.github.io/crime-mapper/)
New from GitHub Community:
Browser-use is the easiest way to connect your AI agents with the browser: https://github.com/browser-use/browser-use
LinkedIn: OSINTech's Featured Timeline
SubStack: OSINTech's Substack
WARNING! All tools, programs and techniques published in this article and repository are used for informational, educational purposes or for information security purposes. The authors are not responsible for the activities that users of these tools and techniques may carry out, and urge them not to use them to carry out harmful or destructive activities directed against other users or groups on the Internet.