Another week, another set of OSINT tools. This week we'll be looking at tools for OSINT investigations including effective screenshots for evidence capture, scraping pages with HAR files, and collecting OSINT from Google documents. The goal is to expand your mindset on what's possible using tools, increase your efficiency, and amplify your outcomes. Let's get started.
Capturing evidence is a key part of the intelligence cycle. Many tools focus on OSINT collection using automation; however, this hasn't reduced the need for manual investigation and collection methods. I've used tools like GoFullPage and Hunchly in the past, each of them providing immense value. I recently discovered Flameshot which is an advanced screencapturing tool with an abundance of onboard features. Here's a quick preview.
Flameshot is free to use and is open source. I've used the QuickTime screenshot tool for quick captures for quite sometime on my Mac. It's a great tool, but it has its limitations. The reason I've switched to Flameshot is mainly because of the blur/depixel tool that's built in. It's common to need to redact information before sharing it. Flameshot allows you to do that with ease. Additionally, the ability to create an ordered list within the screenshot and reference it later is great for report creation. If you haven't considered Flameshot already, definitely check it out.
HAR File Web Scraper
People in the OSINT community frequently use tools like Instant Data Scraper and other scraping tools as a regular part of their workflow. Over the years, scraping from valuable sources like social media platforms has become more complicated and difficult to achieve. The use of proxyfarms and sock puppets at scale has caused many social media platforms to implement sophisticated anti-scraping measures to counter mass data collection. While researching this problem, I came across an alternative method that I think is worth exploring. Along with it, I discovered a great resource on the topic. Before explaining the tool, it's important to understand the method. Give this video a listen before continuing on.
Using the HAR File Web Scraper, you can convert you own web traffic into a scraper and automate your OSINT collection without any special tools, scripts, or resources. Along the way, you'll also get more familiar with developer tools, specifically the network tab within your browser. If you're new to the technical aspect of OSINT, it'll also get you more familiar with JSON files and parsing JSON for cleaning datasets. HAR File Web Scraper is a great tool for medium-scale projects across social media platforms where traditional web scraping is limited.
Google Drive has grown significantly over the years. Many people, myself included, have completely ditched Microsoft Office in favor of the free, easy to use Google Docs suite. If you've used Google Drive for Docs, Sheets, Slides, or have used utilities like MyMaps, then you're aware of the sharing feature that's built in. Xeuledoc is a Python script that allows you to identify who is the author of a Google document, including their name and email address. It's simple to use and incredibly powerful.
I recommend testing Xeuledoc on some of your own Google Drive links first. This will allow you to get familiar with the tool and validate its capabilities. Then, if you come across a Google Drive link that is relevant to your investigation, use this tool to find the original author of the document. This should be used for official purposes only. I'd recommend cloning this repo as soon as you can in the event it's taken down after what will likely be significant abuse.
Remember OSINT != tools. Tools help you plan and collect data, but the end result of that tool is not OSINT. You have to analyze, receive feedback, refine, and produce a final, actionable product of value before you can call it intelligence.
Thanks for reading. If you enjoyed this post, make sure to subscribe. A new one just like this will be posted every Tuesday at 6:00 PM UTC-5:00.