Observatory for Digital Infrastructure and Network Transparency
ODINT is an independent, nonprofit research organization dedicated to analyzing publicly accessible government digital infrastructure using open-source intelligence methodologies.
Our work transcends national boundaries. We examine government digital systems, APIs, and public-facing infrastructure across jurisdictions, documenting our findings through rigorous, reproducible research.
We believe transparency strengthens democratic accountability. By systematically documenting what information is publicly accessible from government systems, we help citizens, journalists, and policymakers understand the digital landscape.
Our Principles
- Passive reconnaissance only - no active exploitation
- Public data only - all research is reproducible
- Ethical standards - journalist/activist data protected
- Full documentation - methodology always published
- Independent - no government or corporate influence
Research Areas
Our research spans multiple domains of government digital infrastructure, using standardized methodologies to ensure reproducibility and accuracy.
Exposed Government APIs
Systematic identification of misconfigured REST APIs, WordPress installations, GraphQL endpoints, and web services exposing sensitive data.
Identity Exposure Research
Analyzing hash exposure vulnerabilities (MD5, SHA256, Gravatar) that can be cracked to reveal PII and demonstrate identity correlation risks.
Infrastructure Mapping
Comprehensive enumeration of domains, subdomains, IP ranges, netblocks, CDNs, and hosting infrastructure using passive DNS and CT logs.
Document Scraping & Archiving
Mass collection and archiving of PDFs, Office documents, data exports, and government publications before they disappear.
Metadata & EXIF Analysis
Extracting embedded metadata from documents and images - author info, GPS coordinates, software versions, edit history, and hidden data.
SSL/TLS Certificate Analysis
Certificate transparency monitoring, expiry tracking, issuer analysis, and discovering hidden infrastructure through cert relationships.
Media Collection
Archiving photos, videos, and multimedia from government sources with full metadata preservation and chain of custody documentation.
Log & Backup Discovery
Identifying exposed log files, error logs, database backups, .sql dumps, .bak files, and configuration files left publicly accessible.
Credential Exposure
Discovering exposed API keys, tokens, SSH keys, PGP keys, and credentials inadvertently published in government repositories and configs.
Geolocation Intelligence
IP geolocation, server location mapping, GPS extraction from media, and correlating digital infrastructure with physical facilities.
Technology Stack Analysis
Fingerprinting CMS platforms, frameworks, server software, and third-party services to map technical dependencies and vulnerabilities.
Authoritarian Regime Focus
Special focus on digital vulnerabilities in authoritarian governments where exposure serves democratic accountability and human rights documentation.
Methodology & Tools
We use proprietary methodologies combined with open-source tools. All research is documented and can be independently verified.
Passive Reconnaissance Only
ODINT never attempts unauthorized access or active exploitation. Every data point we collect is publicly accessible — meaning anyone with the right tools and knowledge could find the same information. This keeps our work legal, ethical, and reproducible.
Our research pipeline follows a standardized process: target identification through public records, passive data collection, structured analysis, peer review, and responsible disclosure before publication.
Core Approach
- DNS enumeration and certificate transparency logs
- Public API endpoint discovery and documentation
- Metadata extraction and correlation analysis
- Open-source tooling with custom frameworks
- Reproducible findings with published methodology
Work With Us
We collaborate with journalists, researchers, human rights organizations, and civil society groups worldwide.
Request Data
Journalists and researchers can request access to our datasets for legitimate investigative purposes. All requests are reviewed for ethical compliance.
Submit a Tip
Know of exposed government infrastructure? Have a lead worth investigating? Submit anonymously via our tip form or OnionShare (Tor).
Join Our Research
We're always looking for skilled OSINT researchers, developers, and analysts. Contribute directly on GitHub or contact us to get involved.
Publications & Research
Our published research documents government digital infrastructure vulnerabilities worldwide.
Crystal Vault: Venezuelan Government Infrastructure Analysis
Comprehensive documentation of publicly exposed APIs across 50+ Venezuelan government domains. Methodology validated by VE Sin Filtro, Venezuela's premier digital rights organization who stated they had "never seen extracting so much valuable OSINT from exposed WP APIs."
Global Government API Exposure Survey
Systematic survey of publicly accessible API endpoints across government websites worldwide, documenting common exposure patterns and vulnerabilities.
Hash Exposure & Identity Correlation Framework
Methodological framework for analyzing identity exposure risks from publicly accessible hash values and correlated data points.
Leadership
ODINT is led by experienced researchers in open-source intelligence and digital rights.
Patrick Quirk
M.S. Cybersecurity Management | Licensed Private Investigator (FL)
Cybersecurity analyst, OSINT specialist, and licensed PI with 15+ years in digital investigations and threat intelligence. Creator of the Crystal Vault methodology — ODINT's flagship research framework.
Henry Sulbaran
Computer Engineering | Offensive Security | OSINT
Intelligence advisor specializing in OSINT, cyber investigations, and red team-oriented analysis. Experienced in pentesting, critical infrastructure protection, and investigations into corruption, money laundering, and censorship.
Kurt Jordan
Global Intermodal Supply Chain Security | Licensed Private Investigator (FL)
Decades of law enforcement and intelligence experience spanning federal, state, and local agencies. InfraGard member and intelligence liaison officer with multiple fusion centers, specializing in global supply chain security and threat awareness.
Joshua Graham
USMC Security Force Regiment
United States Marine specializing in physical security. Honor Graduate from the Physical Security Specialist course. Expert qualifications in multiple weapons systems including counter-drone defense.
Ken Nevers
OSEP | OSCP | CRTE | CRTO | CRTP
Offensive security professional with 10+ years leading APT-style red team operations for Fortune 500 companies. Co-founder of HackSpaceCon and HackRedCon. DefCon presenter.
Matt Hodges
Pentester
Offensive security leader with extensive experience in penetration testing, red team operations, and adversary simulation. Conference organizer, mentor, and community volunteer.
Cory Gautereaux
U.S. Army Veteran | Founder, The Goat Initiative
Army veteran (UH-60 Blackhawk crew chief). Founder of The Goat Initiative combating human trafficking. Testified before House Judiciary Committee on border security.
Nicholas Valencia
U.S. Army Veteran (Sgt.) | IDF Veteran
Army cavalry scout and IDF combat search and rescue veteran. Former researcher at the International Institute for Counterterrorism. Specializes in mapping terrorist networks and financing.
Joaquin Camarena
Cybersecurity & OSINT Analyst | Mandarin Chinese & Taiwanese Fluent
Cybersecurity and OSINT analyst with 17+ years of experience. Research on PLA modernization published and cited by the Army War College, The Washington Post, and the South China Morning Post. Specializes in Chinese disinformation and influence operations across the Indo-Pacific.
Brian Walters
PMP | FAA Part 107 UAS
Communications and business development professional with 10+ years as the public face of organizations. Former Director of Communications and Sales with expertise in PR, trade shows, and building 500+ strategic business accounts.
Daniel W. Dieterle
Author of 11 Books | International Security Speaker
Internationally published cybersecurity author whose training material has been used by all branches of the U.S. military, including Tier One Special Forces and two War Colleges. Trusted advisor to Red Team and Executive Protection organizations with expertise in penetration testing, threat intelligence, and OSINT.
Frequently Asked Questions
Common questions about our work, methods, and how to engage with us.
Is what you do legal?
Yes. We only collect publicly accessible information using passive reconnaissance techniques. We never attempt unauthorized access, exploit vulnerabilities, or conduct any form of hacking. All our methods are the same used by security researchers, journalists, and academics worldwide.
How do you protect journalists and activists?
Upon request from digital rights organizations or the individuals themselves, we scrub journalist and activist data from our datasets within 24 hours. We prioritize protection of vulnerable individuals over publication.
Do you practice responsible disclosure?
For critical vulnerabilities that pose immediate risk to individuals, we attempt to notify affected parties before publication. However, for authoritarian regimes that may use this information to harm citizens, we prioritize public disclosure and documentation.
Can I request data for my investigation?
Yes. Journalists, researchers, and human rights organizations can request access to our datasets. Contact us via encrypted channels with details about your investigation and how the data will be used.
How can I support your work?
You can support us through direct donations, grants, or by spreading awareness of our research. We're also always looking for skilled volunteers in OSINT, development, and analysis.
Why focus on authoritarian regimes?
Digital vulnerabilities in authoritarian governments often expose surveillance infrastructure, censorship mechanisms, and human rights abuses. Documenting these serves democratic accountability and supports civil society organizations working on the ground.
Latest Updates
News, research releases, and announcements from ODINT.
ODINT Launches Public Website
After months of research and development, ODINT officially launches its public-facing website and opens collaboration channels.
Crystal Vault Research Complete
Our foundational research documenting Venezuelan government infrastructure vulnerabilities is complete and validated by VE Sin Filtro.
Expanding Global Coverage
ODINT is actively expanding research to additional countries and regions. Contact us if you have leads worth investigating.
Partners & Collaborators
We work with digital rights organizations, journalists, and researchers worldwide.
Work With Us
We're building partnerships with digital rights organizations, academic institutions, newsrooms, and civil society groups. If your organization works in government accountability, OSINT, or digital transparency, we'd like to hear from you.
Partnership DetailsWarrant Canary
LAST UPDATED: January 18, 2026
As of the date above, ODINT has NOT received:
[0] National Security Letters
[0] Secret court orders or warrants
[0] Gag orders preventing disclosure
[0] Requests to compromise our systems or research
[0] Requests to hand over encryption keys or user data
This canary is updated monthly. If this statement disappears or is not updated, assume that ODINT has received a legal demand it cannot disclose.
This canary will be cryptographically signed once PGP keys are established.
Support Independent Research
ODINT operates independently, without government or corporate funding. Your support enables us to continue holding power accountable through rigorous open-source intelligence research.