Data-Acquisition-OSINT

You can find links to data acquisition websites, all on the clear-web. Some sites will charge you for their service, however some will also offer a small amount of data for free. From a CTI perspective it is important for organisations, whether in the public or private sector to understand what risks exist that might make them vulnerable. These resources are not just for OSINT investigations, they are also for individuals to be able to check for your own data. You may have to check more tham one resource to truely understand the risk and exposure, as they tend to hold different data.

Public data and publically available data are two different concepts. Within the UK and the US individual local authority areas / states have there own local public data searches available, to many for rme to list here. The same is true of many other counteries.

It is always important to understand and acknowledge that for certain types of data, you have to consider the following, Legislation, Lawfulness, Regulations, Ethics, Morals and Polices. Be under no illusion, in some countries and jurisdictions certain types of data maybe out of bounds for some OSINT practitioners and I recommend you understand those limitations placed upon you before embarking on acquiring data for OSINT, especially when it comes to the lawfulness of your activity.

It is important to remember Data Acquisition OSINT is not just about one stream of Data. It includes both Public Data and Publicly Available Data.  You must ensure that if you acquire data for OSINT that you use it responsibly and lawfully regardless of its origins. This is the same of any OSINT material you acquire.

Another stream of data worth considering is Data Broker data. Data collected when you sign up for an online service or when you download an app, and is then subsequently sold to Data Brokers. This is then aggregated with other Public Data and Publicly Available Data and combined to provide a product to sell, You can find some of these sites on the People Search repo.

         

People Search

When researching data sites always be careful what you click or download as malware maybe present. Telegram is included however you will have to find groups and bots on the platfrom and these change frequently. You can check my Telegram repository for more resources.

Telegram

If you find your data on a site, and it is a reputable site, it may offer you a means to remove it. You could also consider other ways to remove it, such as rights under GDPR or CCPA as examples. You will find some resources in my Privacy Opt-Out repository that may help too.

Privacy Opt-Out

   

Publicly Available Data Acquisition Sites

• Archive Datasets
• Breachbase
• Breach Directory
• Breach Forums
• Cryptome
• Cybernews
• DataBreaches
• DBpedia
• Ddosecrets
• DeepDark CTI
• Dehashed
• eBreached
• EmploLeaks
• Exposed
• File Pursuit
• FindPDF
• FiveThirtyEight
• Fuck Facebook
• Google Dataset Search
• Grep App  
• H8mail
• Hacxx Underground
• Haveibeenpwned
• Haveibeensold
• Haveibeenzuckered
• Hudson Rock Cybercrime Intelligence Tools
• Intelius
• Id Strong
• Inteltechniques
• Intelx
• Kaggle
• Leakbase
• Leakcheck
• Leaked Domains
• Leaked Passwords
• Leakix
• Leaksx
• Leak-Lookup
• Leakpeek
• LeakSearch
• Lol Archiver
• LosePrivacy PWNED!
• Mozilla Monitor
• Myth
• Nuclear Leaks
• Offshore Leaks
• Online Newspapers
• Operation Archive
• Open Directory
• ATT Pentester
• NPD Pentester
• PeopleFinder
• Predicta Search
• Periksa Data
• Proxynova
• Scattered Secrets
• Search 0t Rocks  Currently Down
• Sherlockeye
• SnusBase
• SourceGraph
• SpyBot
• The Accountability Project
• WhatsMyIp-DataBreachTool
• Wikileaks
• Wikileaks V2
• WhiteIntel
• Whitepages

Public Data Acquisition Sites

• Acedemic Torrents
• Australian Government Data Portal
• AWS Dataset Search
• Canadian Legal Database
• CDRC Data
• European Open Data Monitor
• Google Copyright Explore
• Google Public Data Search
• OCCRP Aleph
• Open Data Impact Map
• UCI Machine Learning Repository
• UK Land Registry
• UK Companies House
• UK Courts & Tribunals Judiciary.
• UK Information Commissioner's Office
• UK GMC Medical Register
• UK Government Data Portal
• UK Library Search
• UK National Archives
• UK Planning Portal
• UK Phonebook
• UK Public Data Portal
• UK Surpreme Court
• UK Trademark Search
• Unicef Open Data
• US Census Data
• US Federal State Voting Links
• US Government Data Portal
• US Securities & Exchange Commission
• US Phonebook
• WHO Open Data
• World Bank Open Data
• Yelp Dataset

   

Paste Sites

• CybDetective
• Google CSE for Pastbin
• Just Paste It
• Mozilla Community Pastebin
• Pastbin
• PasteCode
• Psbdmp
• Redhunt Labs

   

Ransomware Threat Intelligence

• FastFire
• RansomFeed
• RansomLook

   

Reverse Hash Sites

• Crackstation
• Decrypt Tools
• Dehash
• Hashcat
• HashMob
• HashPals
• Hash Ziggi
• John The Ripper
• MD5 Gromweb
• Nitrxgen
• Hash Crack

   

News

• Daily Darkweb
• DarkWeb Informer
• Data Breaches
• Hackmanac
• InfoSecurity Magazine
• The Hacker News

   

Videos

• SANS
Breach Data Infrastructure. (2024)