I know where you live: leveraging OSINT on municipal databases for fun and profit
Open source intelligence (OSINT) is an intelligence technique that uses automated tools to sift through open data sources in order to detect actionable signals. Of special interest, government databases are especially ripe with valuable information, which is often "secured" by the means of a search interface which restricts the ability to copy and freely analyse the data. Sadly, many implementations of such systems fail to protect against automation, and as such, are vulnerable to tool-assisted reconstruction of the underlying database. The City of Rimouski's taxation role query interface is such a system. It is available at the following address: https://rimouski.maps.arcgis.com/apps/webappviewer/index.html?id=1b3866ae746c48b6895c38993ba499db The city of Rimouski's tax evaluation ArcGIS webapp Readily, we can deduce that it is an ArcGIS application. Every ArgGIS application comes with a REST API that is uniquely identified using the app's ID, here 1b3866ae746c48
