I’ve written a few posts on this topic before, but I thought it might be useful to connect the concepts together. Creating highly sophisticated RSS feeds is something I find very valuable for passive OSINT collection. In this post, I’m going to write about how you can use advanced Google operators within Google Alerts and convert that query into a custom RSS feed. I’ll also discuss my recent switch from Feedreader to Feeder.co and why I made the switch.
If you haven’t read my post about Google Dorks, I recommend reading it first.
For reference, I also recommend reading my original post about using Feedreader to create RSS feeds for OSINT at scale.
Let’s get started with the problem I am trying to solve with this post. Many of us monitor RSS feeds as part of our jobs. The problem is, we have a ton of them and they’re hard to manage. We also have a bunch of false positives. I’ve recently run into issues with Webhose where I constantly get throwaway articles whose only purpose is generating backlinks through certain keywords. I want to eliminate the false positives, limit the amount of noise coming in, and be left with a sophisticated, highly tailored product. I think this new process is one step closer in that direction.
Once you have a grasp on Google Dorks, head on over to Google Alerts and type in the following query: “active shooter”. Now, you will see all kinds of active shooter articles, most of them being training sessions (a new fad in consulting). Now, try this instead: intext:”active shooter” -training -tool. The results are drastically different. This search will look for “active shooter” within the text of the article and remove the mentions of “training” or “tool”. That way you don’t get bad squeeze pages selling you bogus products. Below are my results.
intext:”active shooter” -training -tool
The results are much different. Using the “intext:” and “-” operators, you can narrow down your search and get very specific. You can use the preview provided by Google before you convert it into an RSS feed and actively monitor it. Try using a variety of Google Operators I defined in my previous post.
Converting to RSS/Feeder.co
Now that you have a list of customized search operators that you’d like to turn into RSS feeds, convert them. If you don’t know how, next to the “create alert” button on Google Alerts there’s a “show options” drop down. Click that, navigate down to “deliver to” and change it to RSS feed. Note: you can change “how many” to “all results” instead of “only the best results” if you wish. Hit create alert, right click on the RSS feed icon and select “copy link address” (Chrome). Paste that into your RSS reader. It looks something like this.
Now, as promised I will go over Feeder.co and why I switched from Feedreader. Feeder.co is a relatively new RSS reader from developers in Sweden. It’s user interface is much nicer than Feedreader, and it has a bunch of options Feedreader doesn’t. Here’s a list of a few options that changed my mind.
Feeder has a mobile app
At last. I can set up all of my RSS feeds on my desktop, then I can receive all of the alerts when I’m on the go. This is great for screenshots that I can then send to affected parties. I can also simply click the “share” button and text or email the article to someone who needs to read the alert. Much faster, more convenient, and very cool!
I can filter out keywords
So that custom RSS feed that we made with Google Alerts using Google Dorks, that does a decent job filtering. But what if you’ve made 35 RSS feeds and you’re still getting false positives? Without Feeder, you’d have to go back through and recreate them all, adding a bunch of other search operators to narrow your search. With Feeder, you can simply exclude certain keywords or phrases straight from the dashboard. You might not even have to use Google Dorks at all, but I’d still recommend doing it to start.
I can schedule when I will receive alerts from feeds
I get RSS feeds throughout the day, and if they’re relevant I pass the alert or include the content in one of my weekly or daily reports. However, what am I going to do with an alert coming in at 1:00 am? Nothing. I’m going to wake up in the middle of the night only to be told an update on a hurricane that isn’t even significant (continue to filter!). With Feeder, I can set a window where I receive alerts and pick back up the next day when the clock starts again. Easy.
Feeder has a dashboard
Now, I have to admit, I haven’t tried this feature yet, but it looks awesome. So you know that awesome tool called TweetDeck? Feeder’s dashboard is like Tweetdeck for RSS feeds. Disclaimer: it is paid. It’s $50 a month. As far as a business solution is concerned, $600 a year is a drop in the bucket. It’s probably worth it. If I activate the feature, I’ll update this post. Disclaimer 2: Feeder has a free and paid option. Their “Feeder Pro” is $5 a month. DO IT! Without the Pro package, you can’t do all of the customization of RSS feeds and you have to deal with ads. I probably should have mentioned that earlier in this post, but for $5 a month, it’s sort of hard to say no. For businesses looking for a full scale solution, you can do “Feeder Business” for $15 a month. Boost that with the dashboard and you have an enterprise RSS function for $65 a month. Think about it.