Overview

This will be another of a hopefully long series of practical OSINT blog posts from the Security Research team here at DomainTools. This time around I’ll be briefly comparing the reverse image search capabilities of some major image search engines. We’ll look at Google, Yandex, Bing, and TinEye. Hopefully you’re familiar with these search engines already but if you aren’t this post is a good crash course for what kind of results you can expect from each.

First we’ll have Emily give an overview of reverse image searching, and then I’ll break down some comparisons between the most popular image search engines. We won’t be covering any of the more complex aspects of image analysis but instead we’ll be focusing purely on what you can expect when uploading images for reversing.

Reverse Image Searching

In security research, we deal a lot with various types of data: IOCs, malware binaries, reports, and more. One type of data that may oftentimes be overlooked is images, such as profile pictures on forum posts, photos in malware advertisements, and more. By searching on those images in various ways, it can be possible to learn a lot about the subject of your investigation.

For some investigations, it may be enough to reverse image search using a regular search engine like Google or Bing. For example, if you come across a logo that you’re unfamiliar with, a simple reverse image search may return information about the logo’s origin that could be useful to you, such as information about the brand or location.

For example, during the course of an investigation I came across an avatar used by a malware author that I was investigating. The avatar seemed specific, but I was unfamiliar with it and wondered if learning more about the avatar could help me to learn more about the malware author.

In this example, I went to images.google.com and clicked on the camera icon in the search bar.

From there, you can choose whether or upload an image from your files or paste a URL of an image. I uploaded the avatar and clicked “Search by Image.” Google quickly returns a page that shows the image I uploaded, a possible related search, and a few articles and wikipedia pages related to the image.

In this case, the image I uploaded was unique enough for me to learn that it is an image closely associated with Russian criminal organizations, which helped narrow down that the subject of my investigation might be Russian (or at least have a fascination with Russia).

At times Google may not return specific enough results; in those cases, it can be useful to try reverse image searching with Yandex, Bing, or TinEye as well.

Sometimes when trying to conduct a reverse image search, it can be useful to alter the original image in some way in order to find the best results. For example, sometimes an image may be posted and claim to be an original, but is actually just a flipped/reversed version of an existing photo. By flipping the photo and then searching for it, you may be able to find additional results that might not have been returned from searching only one photo. Careful cropping may also yield much better results, as other objects in photos may cause the search engine to focus on the wrong subject.

While images and photos aren’t the most common piece of information investigators come across in their research, these tactics can still prove to be useful on occasion when you are trying to identify a logo or avatar, geolocate a photo, or identify an individual in a photo. I hope this guide was helpful! - Emily Hacker

Comparing Platforms for Reverse Image Searches

The best website to use for reverse image searching: All of them.

It's 2019, here are the results up front so we can all go back to Twitter or Tik-Tok or whatever.

Reverse Image Search Capabilities Comparison Table (as of August, 2019)

A note on the table above: I avoided my usual scale of “Skull and crossbones emoji to star-struck eyes” because I feel like all of these engines have a good amount of merit for each category. These scores are based on my personal biases and experiences while investigating.

The Contenders

Google Images

Google does its best to identify what is the subject of an image and not who. Results are generally split between three sections: A few search results for what the algorithm thinks is in the photo, visually similar (but not identical) results, and pages that include identical images. Between these three sections and the ability to perform additional sizes of identical images, Google is a strong reversing resource. The downside is a lot of the matching focuses on social subjects, so if the subject of your image search isn’t well known you may not get quality results. The search also limits itself to a single subject so assuming an input of a photo of a house near a lake with mountains you won’t get pictures of houses near a lake with mountains, but just visually similar houses, with no regard for lakes or mountains.

Yandex Images

Yandex, which is akin to a Russian Google, is a goldmine for reverse image searching. It provides additional sizes of the same image, visually similar images, and lots of results where similar images are featured on pages. Yandex tends to be the strongest search engine for face matching and location identification. If you’ve got a photo of an obscure riverbend somewhere in Europe (thanks Aric!) this is likely where you’ll find some results.

Bing Images

Bing has a unique feature that I really enjoy - you can crop down areas of your photo in it and see live results. This is great for high quality images with a lot of identifiable subjects. Additionally, compared to Google, Bing tries to identify elements within a photo and find images that contain all of those elements. So a picture of an antique car parked next to a tree would trigger matches that contain a tree and an antique car, whereas Google picks a single strong subject and follows that. Bing also sets itself apart by trying to proactively identify faces, products, and other elements within images. A high definition image of several famous subjects will highlight each one of them.

TinEye

TinEye’s original sole purpose was finding other sizes of the same image, and for many years it provided just that. It’s my opinion that they’ve powered up their matching algorithm in the last year or so and now match on more visually similar images. This means you’re likely to find your image used within other images here, and if it’s a photo you might find other photos of the exact same composition. I want to note here that TinEye shouldn’t be seen as a direct competitor to these other engines. TinEye focuses wholly on finding other usage of the same image, which usually makes it the winner when dealing with purely digital media (avatars, logos, buttons, etc.). I’ve personally found it useful for tracing user avatars between forums where they may have a different username.

Selected Examples

We'll be looking at the following images for this comparison. These don't represent all of the nuances behind these search engines but they give a good idea of the surprising differences between them.

The DomainTools Logo





A screen capture of The Plague (Fisher Stevens) from Hackers





The Cult Of The Dead Cow Logo





A photo of the Milano Centrale Railway Station taken by one of our team members





Some Forum Flair from HackForums







I've summarized the results below but remember to click on the thumbnails as well to get a better idea of the exact results returned.

The DomainTools Logo

Google does a great job of linking us directly to the DomainTools website.

does a great job of linking us directly to the DomainTools website. Yandex zeroes in on DomainTools as well but goes for Twitter first. Surprisingly there are some suspiciously similar logos in the results...

zeroes in on DomainTools as well but goes for Twitter first. Surprisingly there are some suspiciously similar logos in the results... Bing doesn't identify DomainTools directly but does show images from the DomainTools Blog and our LinkedIn Page.

doesn't identify DomainTools directly but does show images from the DomainTools Blog and our LinkedIn Page. TinEye favors Twitter here, probably because I pulled this image from Twitter.

The Plague (Fisher Stevens) from Hackers

Google identifies this as "villain hackers", which is what I would google if I wanted that picture so that's pretty close. It clearly identifies Hackers in the results.

identifies this as "villain hackers", which is what I would google if I wanted that picture so that's pretty close. It clearly identifies Hackers in the results. Yandex shows mostly identical screencaps from various Torrent sites as well as a number of other pictures of The Plague (not just Fisher Stevens).

shows mostly identical screencaps from various Torrent sites as well as a number of other pictures of The Plague (not just Fisher Stevens). Bing really nails this one and identifies Fisher Stevens as the actor in the picture. It also tags the image as "Hacker Movie".

really nails this one and identifies Fisher Stevens as the actor in the picture. It also tags the image as "Hacker Movie". TinEye shows a couple of results for torrent sites.

Cult Of The Dead Cow Logo

Google thinks this is a picture of "Darkness". Visually similar images are all firey or red/skull themed.

thinks this is a picture of "Darkness". Visually similar images are all firey or red/skull themed. Yandex knocks this one out of the park, it shows the Cult of the Dead Cow pages as well as multiple other images that use the same skull stock photo.

knocks this one out of the park, it shows the Cult of the Dead Cow pages as well as multiple other images that use the same skull stock photo. Bing shows us pictures of fire and phoenixes.

shows us pictures of fire and phoenixes. TinEye interestingly shows us other images based on the same stock photo but no direct duplicates.

A Photo of the Milan Central Railway Station

Google actually provides a sidebar entry for our railway station. Perfect.

actually provides a sidebar entry for our railway station. Perfect. Yandex does a good job showing the right location in the first couple of results but doesn't identify the location directly.

does a good job showing the right location in the first couple of results but doesn't identify the location directly. Bing does relatively well too, but doesn't call out the name of the station either.

does relatively well too, but doesn't call out the name of the station either. TinEye has zero results. To be fair, this is expected, since the picture is unique.



A Snippet of Some Forum Flair

Google fails miserably here and thinks the image is of "monochrome". Results are all monochrome images of random themes.

fails miserably here and thinks the image is of "monochrome". Results are all monochrome images of random themes. Yandex does just as badly but at least keeps the themes to buttons.

does just as badly but at least keeps the themes to buttons. Bing also falls flat, we get random labels and buttons.

also falls flat, we get random labels and buttons. TinEye to the rescue! We get multiple results that point in the direction of the correct source.

Summary

As we've detailed in the helpful table above each search engine has strengths and weaknesses. Also remember that none of these search engines deeply indexes Instagram, Twitter, Facebook, and other social media, so you're not going to get OSINT super powers this way. It is important to use all of these search engines when performing an investigation, as you’re very likely to miss a correlation if you don’t. As an aside I used Hunchly to keep track of my reverse image searching while working on this blog post and highly recommend giving it a try if you're doing investigations that involve hopping all over the internet.

So let's hear some suggestions for the next round of blog posts! Leave a comment below or reach out to us on Twitter (@qrbounty and @dreadphones) with your ideas. Did I miss a great search engine? Let me know!

Rejected Titles For This Blog Post

"Four image search algorithms walk into a ['DOOR', 'BEER', 'STOOL']"

Literally Everyone Has Taken That Photo Already Put Your Cellphone Away and Enjoy The Trip

There and Back Again

Flip It and Reverse It

Stop Using The Same Avatar On All Your Hacking Forum Accounts

The Top 4 Image Reversing Sites You Need In Your Life RIGHT NOW

How To Delete All The Blog Posts on Your Company Blog

How To Restore All The Blog Posts on Your Company Blog

Why Did They Give Me Blog Access In The First Place

Images copyright of their respective owners. Milan Central Railway Station photo courtesy of one of our team members