Cyber Tours
Interactive intelligence map — click a country to explore raw data, scan results, and analysis.
Active Tours
Countries with available intelligence datasets
Haiti
The Government With No Lock — a nationwide OSINT audit of Haiti's .gouv.ht infrastructure exposed a wide-open tax application, 3,233 Customs candidates' PII, a hijacked National Police domain, and an unpatched Exchange server.
Pakistan
65% offline under war — 12 live government targets mapped during the Pakistan-Afghanistan conflict. WordPress APIs dumped, admin panels exposed, 340+ officials named, 1,471 CKAN datasets extracted, NADRA identity API documented.
Venezuela
DGCIM military intelligence personnel network analysis. Interactive visualization of organizational structure, rank distribution, and geographic deployment across 247 units.
Iran
Government & Hezbollah infrastructure mapping — IRNA private IP leaks, 182 embassy subdomains, khamenei.ir admin exposure, and FTO hosting strategy.
Cuba
GAESA military conglomerate exposed — 2,052 domains, 31K+ payment records, unauthenticated APIs, and critical credential leaks.
Rwanda
MIFOTRA government blacklist exposed — 675 public servants with full PII, 6,977 domains, Russia-Rosatom nuclear links, and surveillance architecture.
Colombia
The Open Presidency — 26GB military intelligence, unauthenticated ArcGIS with FARC camp GPS, 400+ military subdomains, exposed AWS credentials.
Mexico
No Authentication Required — 520K+ PII records, 162 federal agencies exposed via ATDT, 1,675 CSV files, 14GB government data.
Ecuador
A national OSINT audit of Ecuador's executive, military, police, telecom, and tax infrastructure - 26.25 GB of evidence, exposed APIs, shared Oraculo credentials, and public GitLab code.
Albania
Parliament Wide Open — Unauthenticated API exposes 236 MPs' full PII, 54,545 parliamentary documents. The AI anti-corruption minister was built by a corrupt agency.
Trinidad & Tobago
The Caribbean Caliphate — Jamaat al-Muslimeen digital footprint, ISIS recruitment pipeline, and the Western Hemisphere's top per capita jihadist exporter mapped through OSINT.
Russia
Behind Russia in Africa — Wagner/Africa Corps operational footprint mapped across 19 confirmed sites. Mineral extraction, military projection, and proxy infrastructure across 9 African states.
Burkina Faso
The Open Junta — 110+ organizations audited, 7.1 GB of evidence, an unauthenticated SQL endpoint returning 83,770 government procurement records, 4,611 CVs publicly downloadable from a major bank, and 14 ministries on EOL software.
Ghana
Black Star, Open Files — Ghana's national drug safety system feeding WHO VigiBase had its production database credentials committed to a public git repository. So did the Ghana Armed Forces recruitment portal's encryption key.
Guatemala
Fields of Green, Servers Unseen — Guatemala's Ministry of Agriculture committed GeoServer admin credentials, PostGIS database passwords, and three AI API keys to a public git repository. The file's own header says it must never be committed. Six government domains audited.
Nigeria
Where the Payroll Meets the Public — Nigeria's federal payroll system (IPPIS) had production database credentials committed to a public git repository alongside adminer.php. The maritime agency, Lagos judiciary, and Rivers State tax authority were also exposed. Forty-seven domains audited.
Argentina
SHE for the Soldiers, None for the Secrets — Argentina's armed forces social insurance institute committed military personnel credentials to public git repositories. A prison visits system was deployed with a placeholder JWT secret. The Ministry of Economy's national gas subsidies API runs on default postgres credentials. Ninety-one domains audited.
Indonesia
Government digital infrastructure audit across Indonesian federal and provincial systems.
Dominican Republic
Government digital infrastructure audit and exposed API analysis across Dominican federal systems.
Angola
Trade licensing, revenue systems and national identity provider credentials. SICOEX, SILAC, SRI production secrets exposed.
Panama
Attorney General legal case management system and MUPA ministry credentials exposed across government portals.
DR Congo
Mining ministry credentials exposed across digital infrastructure supporting Congo's extraction sector.
Kenya
AGPO government procurement system and Treasury TPAD2 credential exposure across federal digital systems.
Ethiopia
University systems and 20.6 GB of education ministry data exposed across national academic infrastructure.
Uganda
Parish Development System, water authority and energy ministry credentials exposed across government repositories.
Tanzania
Government digital infrastructure credential exposure across federal and regional ministry systems.
Egypt
Government system credentials and API key exposure across Egyptian federal digital infrastructure.
Peru
Municipal system credentials and La Caleta database dump exposed across Peruvian government repositories.
South Africa
Durban municipal permit system and Bitbucket access token exposure across South African government repositories.
Bolivia
Government system credentials and database access exposed across Bolivian federal ministry repositories.
Paraguay
Government digital infrastructure credentials exposed across Paraguayan ministry and agency repositories.
Belize
Full source code for the Hurricane Early Warning System exposed alongside critical infrastructure credentials.
El Salvador
Azure DevOps access token and government portal credentials exposed across Salvadoran ministry repositories.
Ivory Coast
Transport ministry API credentials and Education Ministry system access exposed across Ivorian repositories.
Nicaragua
Government system credentials and database access exposed across Nicaraguan federal repositories.
Sierra Leone
EPA root database credentials and PPRC WordPress admin access exposed across Sierra Leonean government systems.
Honduras
Government digital infrastructure credentials and database access exposed across Honduran ministry repositories.
Brazil
Federal and state government credentials exposed across Brazilian ministry and agency digital repositories.
Libya
Government system credentials and database access exposed across Libyan federal digital infrastructure.
Liberia
Government digital infrastructure credentials and API keys exposed across Liberian ministry repositories.
Barbados
Government system credentials and database access exposed across Barbadian public sector repositories.
South Sudan
Ministry of Finance database credentials and SMTP mail server access exposed in government repositories.
Somalia
Government credential exposure across Somali federal digital infrastructure and ministry systems.
Saint Kitts and Nevis
National traffic management system credentials and infrastructure access exposed across Caribbean government repositories.
Dominica
Government system credentials and database access exposed across Dominican public sector repositories.
Madagascar
Municipal e-government mail platform credentials and database access exposed across Malagasy repositories.
Togo
National education statistics platform credentials exposed across Togolese government digital repositories.
Fiji
Critical government system credentials and database access exposed across Fijian public sector repositories.
Malawi
Government system credentials and database access exposed across Malawian federal ministry repositories.
Benin
Government digital infrastructure credentials exposed across Beninese ministry and agency repositories.
Zambia
Government system credentials and database access exposed across Zambian public sector repositories.