Post

Important OSINT steps

Posted Updated
By
11 min read
Important OSINT steps

Search engine operators

Search engine operators, often called “search commands” or “advanced search operators,” are special characters and commands you can use in search queries to refine your results and find very specific information. For Open Source Intelligence (OSINT) investigations, these operators are invaluable as they allow investigators to cut through vast amounts of data and pinpoint relevant details that would be difficult or impossible to find with simple keyword searches.

Here’s a breakdown of how they’re used in OSINT, along with examples for the search engines you’ve listed:

Why are Search Engine Operators Crucial for OSINT?

  • Precision: OSINT often requires finding a needle in a haystack. Operators help narrow down results to exactly what you need, eliminating irrelevant information.
  • Efficiency: Instead of sifting through thousands of generic results, operators help you get to targeted data quickly.
  • Information Uncovering: They can reveal hidden or less-obvious information that isn’t easily discoverable through regular Browse.
  • Targeted Investigations: Whether you’re looking for public records, social media profiles, news articles, or specific file types, operators allow for highly focused searches.
  • Evading Filters: In some cases, operators can help bypass basic content filters or discover information that search engines might otherwise deprioritize.

Common Search Engine Operators and Their OSINT Applications:

While operators can vary slightly between search engines, here are some of the most common and how they’re applied in OSINT:

  1. site: (Domain Specific Search)

    • Purpose: Restricts your search to a specific website or domain.
    • OSINT Use: Finding information about an individual or organization only on their official website, a specific forum, or a social media platform.

    • Examples:

      • site:linkedin.com "John Doe" security analyst (Find John Doe’s LinkedIn profile with “security analyst” in his title/description)
      • site:reddit.com "ransomware attack" "company name" (Find discussions about a ransomware attack on a specific company within Reddit)
      • site:example.com confidential filetype:pdf (Searching for confidential PDF documents specifically on example.com)

  2. filetype: (Specific File Types)

    • Purpose: Searches for specific file types (e.g., PDF, DOC, XLSX, PPT).
    • OSINT Use: Discovering publicly accessible documents, reports, presentations, or spreadsheets that might contain sensitive or valuable information.

    • Examples:

      • "budget report 2024" filetype:xlsx (Looking for publicly accessible budget spreadsheets)
      • "employee directory" filetype:pdf site:company.com (Finding potential employee directories on a company’s website)
      • "meeting minutes" filetype:doc site:gov.in (Searching for meeting minutes on Indian government websites)

  3. intitle: / allintitle: (Keywords in Title)

    • Purpose: Narrows results to pages where your keywords appear in the page’s HTML title.
    • OSINT Use: Finding official documents, reports, or pages explicitly titled with your search terms, suggesting high relevance.

    • Examples:

      • intitle:"press release" "data breach" (Finding press releases specifically about data breaches)
      • allintitle:"vulnerability disclosure policy" (Finding policies related to vulnerability disclosure)

  4. inurl: / allinurl: (Keywords in URL)

    • Purpose: Restricts results to pages where your keywords appear in the URL.
    • OSINT Use: Identifying specific types of pages like login portals, administrative interfaces, or directories.

    • Examples:

      • inurl:admin site:example.com (Looking for potential admin login pages on a specific site)
      • inurl:careers "job openings" (Finding career pages or job listings)

  5. " (Exact Match)

    • Purpose: Forces the search engine to look for the exact phrase as typed.
    • OSINT Use: Crucial for searching for names, specific quotes, product names, or any multi-word phrase that needs to be treated as a single unit.

    • Examples:

      • "Jane Doe" (Ensuring you get results for Jane Doe, not Jane or Doe separately)
      • "advanced persistent threat" (Searching for the exact term)

  6. - (Exclusion)

    • Purpose: Excludes a specific word or phrase from the results.
    • OSINT Use: Removing irrelevant noise or disambiguating common terms.

    • Examples:

      • Apple -fruit (Searching for Apple the company, not the fruit)
      • "ISIS" -magazine (Searching for the terrorist group, excluding results about ISIS magazine)

  7. OR (Boolean OR)

    • Purpose: Finds pages that contain either one keyword or another.
    • OSINT Use: Broadening a search to include synonyms or alternative spellings.

    • Examples:

      • "cybersecurity" OR "information security" (Finding results related to either term)
      • "terrorist attack" OR "insurgent activity" (Broadening search for specific incidents)

  8. AROUND(X) (Proximity Search - Google/Bing specific)

    • Purpose: Finds words that are within a certain number of words (X) of each other.
    • OSINT Use: Connecting specific pieces of information that might not be in an exact phrase.
    • Examples:
      • "John Smith" AROUND(5) "data breach" (Finding instances where John Smith is mentioned within 5 words of “data breach”)

  9. cache: (View Cached Version)

    • Purpose: Shows the Google cached version of a webpage.
    • OSINT Use: Accessing content that might have been removed or changed since Google last crawled it. Useful for examining historical website content.
    • Example: cache:example.com/old-page

  10. related: (Find Similar Sites)

    • Purpose: Finds websites that are similar to a given URL.
    • OSINT Use: Discovering competitor websites, affiliated sites, or other resources relevant to a target.
    • Example: related:nytimes.com (Finds news websites similar to the New York Times)

Search Engine Specific Nuances:

While many operators are universal, some have specific quirks or additional operators for each engine:

  • Google: The most widely used, with a robust set of operators. The Google Search Guide you provided is an excellent resource.
  • Bing: Similar to Google but with some unique operators or slight variations. Bruce Clay’s guide is very helpful. Bing also sometimes offers more direct integration with LinkedIn results.
  • Yandex: Popular in Russia and Eastern Europe, it has its own set of operators, some of which are unique to its language and indexing. OSINT practitioners often use Yandex for finding information in these regions.
  • DuckDuckGo: Known for its privacy features, it also supports many standard operators and has its own “bangs” (!g for Google, !w for Wikipedia, etc.) which can be useful for quickly redirecting searches. Its search syntax guide is straightforward.
  • Baidu: Predominantly used in China, its operators are often designed for Chinese language searches and may not directly mirror Western search engines. For OSINT targeting information within China, understanding Baidu’s specific operators is essential.

Google Dork Cheat Sheet : Cheat Sheet

Search engine operators are a fundamental tool in the OSINT toolkit. Mastering them allows investigators to conduct more precise, efficient, and effective searches, ultimately leading to the discovery of critical information that might otherwise remain hidden. By combining these operators, OSINT professionals can construct highly complex queries to uncover specific details about individuals, organizations, events, and more, making them indispensable for any serious open-source investigation.

Reverse Image Searching

Imagine you’re scrolling through social media, and you come across a picture. It could be anything: a person, a landmark, a document, or even a meme. A simple keyword search might tell you nothing, but with reverse image searching, you can often unlock a treasure trove of information.

What is Reverse Image Searching?

At its core, reverse image searching is the opposite of a regular search. Instead of typing in keywords to find images, you upload an image (or provide its URL) to a search engine, and the engine then attempts to find:

  • Identical copies of that image.
  • Visually similar images.
  • Websites where the image appears.
  • Metadata associated with the image (though this is often stripped by social media platforms).
  • Potentially even information about the subject within the image (e.g., identifying a landmark, a famous person, or an object).

    Why is Reverse Image Searching so Vital for OSINT?

For OSINT investigations, reverse image searching is like having a digital magnifying glass. Here’s why it’s so important:

  1. Verification and Authenticity: In an age of deepfakes and misinformation, verifying the authenticity of an image is paramount. Has this image been altered? Has it been used out of context? Reverse image searching can help you determine its original source and if it has been manipulated.

    • Scenario: A news report shows an image claiming to be from a recent event in Dhaka. Reverse image searching can quickly reveal if that image was actually taken years ago or from a completely different location.

  2. Tracking Digital Footprints: People often use the same profile pictures across multiple social media platforms or online forums. By reverse image searching a profile picture, you can potentially link different online identities to the same individual, expanding your target’s digital footprint.

    • Scenario: You have a suspect’s profile picture from a forum. A reverse image search might lead you to their LinkedIn, Facebook, or even a hidden blog, revealing more about their professional or personal life.

  3. Geolocation and Context: Images often contain clues about their location. A distinctive building, a unique street sign, or even a specific type of vegetation can be a powerful geolocational indicator. Reverse image search can help you find other images of the same location, providing context or even helping you pinpoint the exact spot on a map.

    • Scenario: An image shows a protest in a seemingly generic urban setting. Reverse image searching might bring up other photos of the same area with more recognizable landmarks, allowing you to identify the specific street or neighborhood.

  4. Identifying Objects and Logos: If an image contains an unknown object, a specific product, or a company logo, a reverse image search can help you identify it, leading to further research about the associated entity.

    • Scenario: A photograph shows a piece of equipment with an unreadable logo. Reverse image searching might find other images of that equipment with clear branding, helping you identify the manufacturer.

  5. Uncovering Hidden Information: Sometimes, an image might be part of a larger story or a collection that provides more context. Reverse image searching can lead you to articles, reports, or other media that the original source might not have linked.

    • Scenario: You find a single image related to a historical event. Reverse image searching might uncover an entire photo album or news archive dedicated to that event, providing a much richer understanding.

Essential Reverse Image Search Engines for OSINT:

Let’s look at the tools you’ll be using for your Bangladeshi OSINT investigations:

  1. Google Images (https://images.google.com):

    • How to use: Click the camera icon in the search bar, then either paste an image URL or upload an image from your device. Google is incredibly vast and often the first stop. It’s excellent for general searches and identifying common objects or faces.
    • OSINT Tip: After a Google Image search, look for the “Visually similar images” and “Pages that include matching images” sections. These are goldmines. Also, combine your reverse image search with keywords in the regular Google search bar after you’ve uploaded the image to refine results (e.g., upload an image of a person, then add “Dhaka” to the search bar).

  2. Yandex Images (https://yandex.com):

    • How to use: Similar to Google, Yandex allows you to upload an image or paste a URL.
    • OSINT Tip: Yandex, being a prominent Russian search engine, often excels at finding images and information from non-Western sources. If Google yields limited results, especially for images originating from Eastern Europe, Asia, or the Middle East, Yandex is your next best bet. It’s surprisingly good at facial recognition and identifying locations.

  3. TinEye (https://tineye.com):

    • How to use: Upload an image or paste its URL. TinEye’s interface is very clean and straightforward.
    • OSINT Tip: TinEye is particularly strong at finding exact or slightly modified copies of an image and tracking their earliest appearance online. This is invaluable for copyright infringement cases, identifying image originality, and seeing how an image has spread or evolved across the web over time. It provides a timeline of when the image first appeared.

      Best Practices for Effective Reverse Image Searching in OSINT:

  • Use Multiple Tools: Don’t rely on just one search engine. Each engine has its own indexing methods and databases, so what one misses, another might catch. Always cross-reference your findings.

  • Crop and Isolate: If your image contains multiple subjects or a busy background, crop the image to focus on the specific element you’re investigating (a person’s face, a specific object, a distinct landmark). This helps the search engine prioritize what you want to find.
  • Consider Metadata (EXIF Data): While social media platforms often strip EXIF data (metadata embedded in an image like camera model, date/time taken, GPS coordinates), it’s always worth checking for. Tools like “Jeffrey’s Image Metadata Viewer” (online) or ExifTool (desktop) can extract this if available. GPS coordinates can be invaluable for geolocation!
  • Look for Small Details: Pay attention to background elements, clothing, shadows, light sources, weather conditions, and anything that can provide contextual clues.
  • Think About Your Target: If you’re investigating a person, are they likely to be on a specific type of platform (e.g., professional networks, gaming forums, fashion blogs)? This can guide your keyword additions after the image search.
  • Document Everything: Keep a meticulous record of the images you searched, the tools you used, the results you found, and the dates of your searches. This is crucial for maintaining an auditable trail of your OSINT investigation.

Reverse image searching is a potent weapon in the OSINT arsenal. By understanding how these tools work and applying smart investigative practices, you can transform seemingly innocuous pictures into powerful sources of intelligence for your investigations in Bangladesh and beyond!

To get in touch with me or for general discussion please visit ZeroDayMindset Discussion

Breach Detected, OSINT
study cybersecurity
This post is licensed under CC BY 4.0 by the author.