Welcome to the first mid-month OSINT review. I’ll be publishing these every month in the middle of the month showcasing all of the interesting research and content I’ve looked into so far as part of my research into open source intelligence.

This issue is broken up into an OSINT Reads section that contains longer form content followed by OSINT Twitter which highlights the top research I’ve seen so far this month.

If there’s anything I left out that you think is worth mentioning, please let me know!

Thanks again for reading and if you haven’t already subscribed, here’s an easy way to do it.

OSINT Reads

How a Montenegrin Gang Used Open-Source Intelligence to Kill

Hitmen working for a criminal group active in Montenegro and Serbia used open-source intelligence techniques, poring over apartment listing sites, satellite images, and tourist photos posted online, to track down and kill the leader of a rival clan as he hid out in Greece. Read more

A Private Company Is Using Social Media to Track Down Russian Soldiers

Open-source investigations were once potent journalistic tools, but in Ukraine, they’re being used on the battlefield. Read more

It took a TikToker barely 30 minutes to doxx me

Kristen Sotakoun found out way too much about me in a consensual test of my online security. Read more

OSINT Twitter

Tactical OSINT Analyst writes about confirming Google Groups and email addresses with Gmail accounts exist using existing functionality in Google Chat.

𝚃𝚊𝚌𝚝𝚒𝚌𝚊𝚕 𝙾𝚂𝙸𝙽𝚃 𝙰𝚗𝚊𝚕𝚢𝚜𝚝 @OSINT_Tactical

Thread 🧵1/4: Confirming if Gmail addresses & Google Groups exist thanks to Google Chat 🔍. *Tried to search for this technique and did not find it mentioned anywhere. To start, head to Google Chat👇 mail.google.com/chat/u/1/#chat… #OSINT #GOSINT #Googleint

9:06 PM ∙ Mar 13, 2023

---

56Likes18Retweets

I write about using ChatGPT for writing and reading regex for OSINT use cases.

Jake Creps @jakecreps

☕️ Good morning. You can use ChatGPT to write regex for you. Here are some examples for OSINT. Emails: ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ Phone numbers: ^(\+?\d{1,3}[- ]?)?\(?\d{3}\)?[- ]?\d{3}[- ]?\d{4}$ Bitcoin wallets: ^[13][a-km-zA-HJ-NP-Z1-9]{25,34}$

1:20 PM ∙ Mar 7, 2023

---

207Likes54Retweets

I also used ChatGPT to write a bookmarklet that extracts all email addresses on your active web page and saves them to a CSV including the source domain they were found on.

Jake Creps @jakecreps

☕️ Good morning. I created a bookmarklet that extracts emails from a page, including the domain of the page extracted from, and saves the results as a CSV named the URL of the page it was extracted from. It's been a useful tool for #OSINT automation:

github.comosint-bookmarklets/Extract Emails at main · jakecreps/osint-bookmarkletsBookmarklets created for OSINT applications. Contribute to jakecreps/osint-bookmarklets development by creating an account on GitHub.

1:27 PM ∙ Mar 9, 2023

---

54Likes15Retweets

Ivano Somaini writes about using password recovery methods to disclose partial mobile phone number and credit card information from a PayPal account.

Ivano Somaini @IvanoSomaini

#OSINT🧵Tipp PayPal : How to diclose someone’s 5 digits of mobile and country prefix by email: - click on password forgot - insert target e-mail -...and the mobile phone digits are diclosed... -...in some cases even information about the credit card

9:45 AM ∙ Feb 26, 2023

---

871Likes174Retweets

On the note of password recovery methodology, remember that this is a grey area and should be used carefully and ethically.

I write about using the Bitmoji API to verify if a Snapchat, or any other Bitmoji-enabled account, is associated with an email address.

Jake Creps @jakecreps

#OSINT Snapchat reverse email / verification 1⃣Request URL: bitmoji.api.snapchat.com/api/user/find 2⃣Request Body: {"email":"<email address>"} ✅ Response Body: If response, email match

10:31 PM ∙ Mar 2, 2023

---

273Likes68Retweets

Nuclei creates a username module of their open source application.

nuclei @pdnuclei

#hackwithautomation #osint

12:08 PM ∙ Mar 3, 2023

---

536Likes99Retweets

Cyb_detective shares a method for finding sites that allow you to use ChatGPT without registration.

Cyber Detective🇺🇦 @cyb_detective

Interesting trick from @fofabot (fofa.so search engine): This query will help you find applications that allow you to use ChatGPT without registration: FOFA Query: "loading-wrap" && "balls" && "chat" && is_domain=true en.fofa.info/result?qbase64…

5:11 PM ∙ Mar 14, 2023

---

169Likes56Retweets