ODINT is an independent, nonprofit research organization dedicated to analyzing publicly accessible government digital infrastructure using open-source intelligence methodologies.
Our work transcends national boundaries. We examine government digital systems, APIs, and public-facing infrastructure across jurisdictions, documenting our findings through rigorous, reproducible research.
We believe transparency strengthens democratic accountability. By systematically documenting what information is publicly accessible from government systems, we help citizens, journalists, and policymakers understand the digital landscape.
Our research spans multiple domains of government digital infrastructure, using standardized methodologies to ensure reproducibility and accuracy.
Systematic identification of misconfigured REST APIs, WordPress installations, GraphQL endpoints, and web services exposing sensitive data.
Analyzing hash exposure vulnerabilities (MD5, SHA256, Gravatar) that can be cracked to reveal PII and demonstrate identity correlation risks.
Comprehensive enumeration of domains, subdomains, IP ranges, netblocks, CDNs, and hosting infrastructure using passive DNS and CT logs.
Mass collection and archiving of PDFs, Office documents, data exports, and government publications before they disappear.
Extracting embedded metadata from documents and images - author info, GPS coordinates, software versions, edit history, and hidden data.
Certificate transparency monitoring, expiry tracking, issuer analysis, and discovering hidden infrastructure through cert relationships.
Archiving photos, videos, and multimedia from government sources with full metadata preservation and chain of custody documentation.
Identifying exposed log files, error logs, database backups, .sql dumps, .bak files, and configuration files left publicly accessible.
Discovering exposed API keys, tokens, SSH keys, PGP keys, and credentials inadvertently published in government repositories and configs.
IP geolocation, server location mapping, GPS extraction from media, and correlating digital infrastructure with physical facilities.
Fingerprinting CMS platforms, frameworks, server software, and third-party services to map technical dependencies and vulnerabilities.
Special focus on digital vulnerabilities in authoritarian governments where exposure serves democratic accountability and human rights documentation.
We use proprietary methodologies combined with open-source tools. All research is documented and can be independently verified.
We collaborate with journalists, researchers, human rights organizations, and civil society groups worldwide.
Journalists and researchers can request access to our datasets for legitimate investigative purposes. All requests are reviewed for ethical compliance.
Know of exposed government infrastructure? Have a lead worth investigating? Contact us securely via Signal or encrypted email.
We're always looking for skilled OSINT researchers, developers, and analysts who share our commitment to transparency and accountability.
Our published research documents government digital infrastructure vulnerabilities worldwide.
Comprehensive documentation of publicly exposed APIs across 50+ Venezuelan government domains. Methodology validated by VE Sin Filtro, Venezuela's premier digital rights organization who stated they had "never seen extracting so much valuable OSINT from exposed WP APIs."
Systematic survey of publicly accessible API endpoints across government websites worldwide, documenting common exposure patterns and vulnerabilities.
Methodological framework for analyzing identity exposure risks from publicly accessible hash values and correlated data points.
ODINT is led by experienced researchers in open-source intelligence and digital rights.
Creator of the Crystal Vault methodology. Background in open-source intelligence, API analysis, and government infrastructure research. Develops reproducible research frameworks for infrastructure analysis.
We are establishing an advisory board of experts in digital rights, security research, journalism, and international law to provide guidance and oversight for our research programs.
Common questions about our work, methods, and how to engage with us.
Yes. We only collect publicly accessible information using passive reconnaissance techniques. We never attempt unauthorized access, exploit vulnerabilities, or conduct any form of hacking. All our methods are the same used by security researchers, journalists, and academics worldwide.
Upon request from digital rights organizations or the individuals themselves, we scrub journalist and activist data from our datasets within 24 hours. We prioritize protection of vulnerable individuals over publication.
For critical vulnerabilities that pose immediate risk to individuals, we attempt to notify affected parties before publication. However, for authoritarian regimes that may use this information to harm citizens, we prioritize public disclosure and documentation.
Yes. Journalists, researchers, and human rights organizations can request access to our datasets. Contact us via encrypted channels with details about your investigation and how the data will be used.
You can support us through direct donations, grants, or by spreading awareness of our research. We're also always looking for skilled volunteers in OSINT, development, and analysis.
Digital vulnerabilities in authoritarian governments often expose surveillance infrastructure, censorship mechanisms, and human rights abuses. Documenting these serves democratic accountability and supports civil society organizations working on the ground.
News, research releases, and announcements from ODINT.
After months of research and development, ODINT officially launches its public-facing website and opens collaboration channels.
Our foundational research documenting Venezuelan government infrastructure vulnerabilities is complete and validated by VE Sin Filtro.
ODINT is actively expanding research to additional countries and regions. Contact us if you have leads worth investigating.
We work with leading digital rights organizations, journalists, and researchers worldwide.
LAST UPDATED: January 18, 2026
As of the date above, ODINT has NOT received:
[0] National Security Letters
[0] Secret court orders or warrants
[0] Gag orders preventing disclosure
[0] Requests to compromise our systems or research
[0] Requests to hand over encryption keys or user data
This canary is updated monthly. If this statement disappears or is not updated,
assume that ODINT has received a legal demand it cannot disclose.
This canary will be cryptographically signed once PGP keys are established.
ODINT operates independently, without government or corporate funding. Your support enables us to continue holding power accountable through rigorous open-source intelligence research.