The OSINT Newsletter - Issue #85
Contributing to Free OSINT Tools using AI
👋 Welcome to the 85th issue of The OSINT Newsletter. This issue contains OSINT news, community posts, tactics, techniques, and tools to help you become a better investigator. Here’s an overview of what’s in this issue:
OSINT tips for China
Prompts can be subpoenaed
OSINT for bad
BreachedForums search
Geolocation using AI
Web reconnaissance
🪃 If you missed the last newsletter, here’s a link to catch up.
⚡ Username OSINT That Goes Beyond Tools
Let’s get started. ⬇️
OSINT News
📰 OSINT Tips for China
Keyword searches aren’t enough. Sometimes it’s not what you’re specifically looking for that’s important. Justen is at it again with more OSINT tips for China. This tip is my favorite.
Make a list of every infrastructure company in China that does overseas business and monitor their news and social media feeds.🎩 H/T: Justen Charters
📰 DHS Ordered OpenAI To Share User Data In First Known Warrant For ChatGPT Prompts
This is an OPSEC reminder. ChatGPT will send your prompts to law enforcement if they ask for it. There’s no precedent of this happening with non-US entities. Yet. If you’re using LLMs to do OSINT investigations, make a sock puppet account for those prompts.
🎩 H/T: Thomas Brewster
📰 OSINT: The Digital Force-Multiplier for Extremist Violence
Swatting. Stalking. Arson. There’s a dark side to OSINT. If it’s publicly available, it’s available to everyone. As investigators we tend to think of tools, tactics, and techniques for ethical use cases; however, it’s important to note that anything you create or share online can be used for bad, too.
Read on The Global Network on Extremism and Technology…
🎩 H/T: Timothy Kappler
OSINT Tools
🔎 BF Database Search
Look up a username that was used on Breach Forums. Find information about that user. Email address and IPs, too.
🔎 GeoVLM
Upload any image and let AI predict where it was taken! No setup required. No GitHub scripts. No paywalls.
🎩 H/T: Surya Dantuluri
🔎 WebRecon
Another OSINT multi-tool built for penetration testers and cybersecurity professionals. This tool automates: Web crawling & data extraction, technology stack detection, email harvesting, DNS intelligence & WHOIS lookup, historical analysis via Wayback Machine, professional JSON reporting, etc.
🎩 H/T: Precious Vincent
✅ That’s it for the free version of The OSINT Newsletter. Consider upgrading to a paid subscription to support this publication and independent research.
By upgrading to paid, you’ll get access to the following:
⚡ Contributing to Free OSINT Tools using AI
I recently had an issue with an open source tool on GitHub. I spent a while trying to debug it myself to get the tool to work. I realized I could put the entire repository into VS Code and fix the issue directly. Then, it hit me. I could use this exact same method to improve tools, adding new features and functionality. Even user interfaces! Follow along as I make improvements to popular tools like Sherlock.
👀 All paid posts in the archive. Go back and see what you’ve missed!
🚀 If you don’t have a paid subscription already, don’t worry there’s a 7-day free trial. If you like what you’re reading, upgrade your subscription. If you can’t, I totally understand. Be on the lookout for promotions throughout the year.
🚨 The OSINT Newsletter offers a free premium subscription to all members of law enforcement. To upgrade your subscription, please reach out to LEA@osint.news from your official law enforcement email address.
Keep reading with a 7-day free trial
Subscribe to The OSINT Newsletter to keep reading this post and get 7 days of free access to the full post archives.