OSINT: some usefull script for gathering information

by do son · Published · Updated

OSINT

OSINT

Small scripts for OSINT.

Download

git clone https://github.com/woj-ciech/OSINT.git

#1. Instagram

Small proof of concept to show how to retrieve exact location of photos from instagram. At instagram.com you can only see approximate location like country and city. This script gets latitude and longitude from photos and next checks this values with GeoPy. Additionaly can count all hashtags.

Tested with >600 photos
Do not forget to change api credentials

Functions:

  • Count and show all hashtags
  • Get exact location of all photos (thanks to GeoPy) with timestamp

Requirements:

  • GeoPy (pip install geopy)
  • InstagramApi for python (https://github.com/LevPasha/Instagram-API-python) (pip install -e git+https://github.com/LevPasha/Instagram-API-python.git#egg=InstagramAPI)

Usage: #python insta.py ID
You can check user’s ID easily by adding double underscore at the end of the request, like this https://www.instagram.com/USERNAME/?__a=1 and look for owner id in json response.

Examples: (random person)

alt text

alt text

#2. Shodan

Search multiple organization with Shodan.
Prepare txt file with organizations names and pass it to script as argument.

Edit line #140 and change your api key.

Needed libraries:

gopkg.in/ns3777k/go-shodan.v1/shodan (Shodan API)
github.com/PuerkitoBio/goquery (gathering organization from Bugcrowd) (optional)

Example

Hosts.txt includes:
Sony
Facebook
Dropbox

Run ./shodan hosts.txt

Output

As output script makes directory with organization’s name and writes response as txt file

#3. Amazon S3

Amazon roulette

  1. It scans each bucket from provided dictionary for extensions
  2. You can check all files with chosen extension or random one
  3. Follow the instructions in script and it will be working, otherwise it won’t

Dictionary in form:
company1.s3.amazonaws.com
company2.s3.amazonaws.com

One screen explains all Alt Text

Source: https://github.com/woj-ciech/

Tags: OSINT