Red — Live
Yellow — Pending
Green — Will Not Scan

Active Tours

Countries with available intelligence datasets

Active

Haiti

The Government With No Lock — a nationwide OSINT audit of Haiti's .gouv.ht infrastructure exposed a wide-open tax application, 3,233 Customs candidates' PII, a hijacked National Police domain, and an unpatched Exchange server.

50+ .gouv.ht domains 3,233 Customs PII records 710 MB evidence 6 critical exposures
Active

Pakistan

65% offline under war — 12 live government targets mapped during the Pakistan-Afghanistan conflict. WordPress APIs dumped, admin panels exposed, 340+ officials named, 1,471 CKAN datasets extracted, NADRA identity API documented.

57 domains 12 live targets 46 MB data 340+ officials named
Active

Venezuela

DGCIM military intelligence personnel network analysis. Interactive visualization of organizational structure, rank distribution, and geographic deployment across 247 units.

6,924 personnel records 247 org units 500 risk flagged 1 dataset
Active

Iran

Government & Hezbollah infrastructure mapping — IRNA private IP leaks, 182 embassy subdomains, khamenei.ir admin exposure, and FTO hosting strategy.

23 findings 182 subdomains 12 ASNs
Live

Cuba

GAESA military conglomerate exposed — 2,052 domains, 31K+ payment records, unauthenticated APIs, and critical credential leaks.

2,052 domains 31,684 payment records 307 MB evidence
Active

Rwanda

MIFOTRA government blacklist exposed — 675 public servants with full PII, 6,977 domains, Russia-Rosatom nuclear links, and surveillance architecture.

6,977 domains 689 blacklisted 1 investigation
Active

Colombia

The Open Presidency — 26GB military intelligence, unauthenticated ArcGIS with FARC camp GPS, 400+ military subdomains, exposed AWS credentials.

26 GB data 24 FARC camps 400+ mil subdomains
Active

Mexico

No Authentication Required — 520K+ PII records, 162 federal agencies exposed via ATDT, 1,675 CSV files, 14GB government data.

520K+ records 162 agencies 83 GB data
Active

Ecuador

A national OSINT audit of Ecuador's executive, military, police, telecom, and tax infrastructure - 26.25 GB of evidence, exposed APIs, shared Oraculo credentials, and public GitLab code.

26.25 GB evidence 4,714 domains 659 gov emails
Active

Albania

Parliament Wide Open — Unauthenticated API exposes 236 MPs' full PII, 54,545 parliamentary documents. The AI anti-corruption minister was built by a corrupt agency.

236 MP records 54,545 documents 251 MB data
Active

Trinidad & Tobago

The Caribbean Caliphate — Jamaat al-Muslimeen digital footprint, ISIS recruitment pipeline, and the Western Hemisphere's top per capita jihadist exporter mapped through OSINT.

240+ ISIS fighters 90 nationals in Syria #1 per capita Americas
Active

Russia

Behind Russia in Africa — Wagner/Africa Corps operational footprint mapped across 19 confirmed sites. Mineral extraction, military projection, and proxy infrastructure across 9 African states.

19 sites mapped 9 African states 40+ states with Russian military ties
Active

Burkina Faso

The Open Junta — 110+ organizations audited, 7.1 GB of evidence, an unauthenticated SQL endpoint returning 83,770 government procurement records, 4,611 CVs publicly downloadable from a major bank, and 14 ministries on EOL software.

110+ orgs audited 83,770 records dumped 4,611 CVs exposed 7.1 GB evidence
Active

Ghana

Black Star, Open Files — Ghana's national drug safety system feeding WHO VigiBase had its production database credentials committed to a public git repository. So did the Ghana Armed Forces recruitment portal's encryption key.

9 domains audited 2 CRITICAL findings 1 WHO pipeline affected ~1.1 GB evidence
Active

Guatemala

Fields of Green, Servers Unseen — Guatemala's Ministry of Agriculture committed GeoServer admin credentials, PostGIS database passwords, and three AI API keys to a public git repository. The file's own header says it must never be committed. Six government domains audited.

6 domains audited 2 CRITICAL findings 1 national geoportal exposed ~402 MB evidence
Active

Nigeria

Where the Payroll Meets the Public — Nigeria's federal payroll system (IPPIS) had production database credentials committed to a public git repository alongside adminer.php. The maritime agency, Lagos judiciary, and Rivers State tax authority were also exposed. Forty-seven domains audited.

47 domains audited 3 CRITICAL findings 1 federal payroll exposed ~800 MB evidence
Active

Argentina

SHE for the Soldiers, None for the Secrets — Argentina's armed forces social insurance institute committed military personnel credentials to public git repositories. A prison visits system was deployed with a placeholder JWT secret. The Ministry of Economy's national gas subsidies API runs on default postgres credentials. Ninety-one domains audited.

91 domains audited 2 CRITICAL findings 1 military personnel DB exposed ~2.5 GB evidence
Coming Soon

Indonesia

Government digital infrastructure audit across Indonesian federal and provincial systems.

In development
Coming Soon

Dominican Republic

Government digital infrastructure audit and exposed API analysis across Dominican federal systems.

In development
Jun 15

Angola

Trade licensing, revenue systems and national identity provider credentials. SICOEX, SILAC, SRI production secrets exposed.

15 domains 2.2 GB evidence 3 CRITICAL
Jun 19

Panama

Attorney General legal case management system and MUPA ministry credentials exposed across government portals.

9 domains 2 GB evidence 3 CRITICAL
Jun 22

DR Congo

Mining ministry credentials exposed across digital infrastructure supporting Congo's extraction sector.

9 domains 3 CRITICAL
Jun 26

Kenya

AGPO government procurement system and Treasury TPAD2 credential exposure across federal digital systems.

42 domains 3.6 GB evidence 2 CRITICAL
Jun 29

Ethiopia

University systems and 20.6 GB of education ministry data exposed across national academic infrastructure.

51 domains 20.6 GB evidence
Jul 3

Uganda

Parish Development System, water authority and energy ministry credentials exposed across government repositories.

36 domains 7.6 GB evidence 1 CRITICAL
Jul 6

Tanzania

Government digital infrastructure credential exposure across federal and regional ministry systems.

50 domains 1.7 GB evidence 1 CRITICAL
Jul 10

Egypt

Government system credentials and API key exposure across Egyptian federal digital infrastructure.

29 domains 1.9 GB evidence 1 CRITICAL
Jul 13

Peru

Municipal system credentials and La Caleta database dump exposed across Peruvian government repositories.

24 domains 2.9 GB evidence 1 CRITICAL
Jul 17

South Africa

Durban municipal permit system and Bitbucket access token exposure across South African government repositories.

24 domains 3.3 GB evidence 1 CRITICAL
Jul 20

Bolivia

Government system credentials and database access exposed across Bolivian federal ministry repositories.

27 domains 4.5 GB evidence
Jul 24

Paraguay

Government digital infrastructure credentials exposed across Paraguayan ministry and agency repositories.

10 domains 3.5 GB evidence 1 CRITICAL
Jul 27

Belize

Full source code for the Hurricane Early Warning System exposed alongside critical infrastructure credentials.

4.7 GB evidence 2 CRITICAL
Jul 31

El Salvador

Azure DevOps access token and government portal credentials exposed across Salvadoran ministry repositories.

5 domains 1.6 GB evidence 1 CRITICAL
Aug 3

Ivory Coast

Transport ministry API credentials and Education Ministry system access exposed across Ivorian repositories.

5 domains 1 CRITICAL
Aug 7

Nicaragua

Government system credentials and database access exposed across Nicaraguan federal repositories.

3 domains 697 MB evidence 1 CRITICAL
Aug 10

Sierra Leone

EPA root database credentials and PPRC WordPress admin access exposed across Sierra Leonean government systems.

6 domains 2 CRITICAL
Aug 14

Honduras

Government digital infrastructure credentials and database access exposed across Honduran ministry repositories.

4 domains 2.7 GB evidence
Aug 17

Brazil

Federal and state government credentials exposed across Brazilian ministry and agency digital repositories.

17 domains 659 MB evidence
Aug 21

Libya

Government system credentials and database access exposed across Libyan federal digital infrastructure.

13 domains 290 MB evidence
Aug 24

Liberia

Government digital infrastructure credentials and API keys exposed across Liberian ministry repositories.

16 domains
Aug 28

Barbados

Government system credentials and database access exposed across Barbadian public sector repositories.

4 domains 1.1 GB evidence
Aug 31

South Sudan

Ministry of Finance database credentials and SMTP mail server access exposed in government repositories.

1 CRITICAL
Sep 4

Somalia

Government credential exposure across Somali federal digital infrastructure and ministry systems.

1 CRITICAL
Sep 7

Saint Kitts and Nevis

National traffic management system credentials and infrastructure access exposed across Caribbean government repositories.

6 domains 2.6 GB evidence
Sep 11

Dominica

Government system credentials and database access exposed across Dominican public sector repositories.

4 domains 501 MB evidence
Sep 14

Madagascar

Municipal e-government mail platform credentials and database access exposed across Malagasy repositories.

2 domains 296 MB evidence
Sep 18

Togo

National education statistics platform credentials exposed across Togolese government digital repositories.

4 domains 82 MB evidence
Sep 21

Fiji

Critical government system credentials and database access exposed across Fijian public sector repositories.

3 domains 2 CRITICAL
Sep 25

Malawi

Government system credentials and database access exposed across Malawian federal ministry repositories.

4 domains 1.1 GB evidence 1 CRITICAL
Sep 28

Benin

Government digital infrastructure credentials exposed across Beninese ministry and agency repositories.

3 domains 316 MB evidence
Oct 1

Zambia

Government system credentials and database access exposed across Zambian public sector repositories.

4 domains 352 MB evidence
Donate