╔══════════════════════════════════════════════════════════════════╗ ║ IRAN & HEZBOLLAH — ORGANIZED OSINT DIRECTORY ║ ║ 331 files across 8 categories ║ ║ Sessions: January 2026 + February 25, 2026 ║ ╚══════════════════════════════════════════════════════════════════╝ START HERE: 01_REPORTS/IRAN-COMPLETE-REPORT.txt ← Full master report (all findings) ════════════════════════════════════════════════════════════════════ DIRECTORY STRUCTURE ════════════════════════════════════════════════════════════════════ 01_REPORTS/ (5 files) │ Master summary documents — start here │ ├── IRAN-COMPLETE-REPORT.txt ★ MASTER REPORT — all 28 findings, │ infrastructure maps, tracking IDs, │ statistics, recommendations ├── IRAN-FINDINGS.txt February 2026 session findings ├── CRITICAL_FINDINGS.txt January 2026 deep-dive analysis ├── KEY_FINDINGS.txt Top 10 actionable intelligence items └── HASH_DATABASE.txt All collected hashes/tokens 02_FINDINGS/ (24 files) │ Individual finding write-ups — one file per finding │ ├── INDEX.txt Finding index/table of contents ├── 01_PRIVATE_IP_LEAK.txt IRNA internal IP exposed ├── 02_VPN_ENDPOINT.txt MFA VPN hostname leaked ├── 03_ADMIN_PORTAL.txt Khamenei admin in CT logs ├── 04_HIDDEN_API.txt khamenei.link API domain ├── 05_HASHES_TOKENS.txt Session hashes collected ├── 06_HEZBOLLAH_HOSTING.txt Russian/Czech hosting strategy ├── 07_GOVERNMENT_ASNS.txt 6 government ASNs identified ├── 08_PRESIDENT_IR.txt Presidential site analysis ├── 09_HEZBOLLAH_DNS.txt Hezbollah DNS infrastructure ├── 10_HOSTING_ASNS.txt Hosting provider analysis ├── 11_TRACKING_IDS.txt 16 tracking IDs (GA, GTM, Clarity) ├── 12_ARVANCLOUD_CDN.txt ArvanCloud WAF analysis ├── 13_ACTIONABLE_INTEL.txt Actionable intelligence summary ├── 14_FARSNEWS_DEVTOOLS.txt IRGC news API + DevOps tools ├── 15_MFA_EMBASSY_MAP.txt 182 embassy subdomains ├── 16_IRNA_INTERNAL.txt IRNA internal network map ├── 17_EXIF_METADATA.txt Hezbollah graphics attribution ├── 18_KHAMENEI_STREAMING.txt Live streaming infrastructure ├── 19_SEIZED_DOMAINS.txt US DOJ seizure analysis ├── 20_CURRENT_EVENTS.txt Jan 2026 geopolitical context ├── 21_OSINT_FOR_ACTIVISTS.txt Activist-relevant intelligence ├── 22_ACTIONABLE_OSINT_TASKS.txt Follow-up task list └── 23_NEW_HASHES_EXPOSED.txt Additional hash discoveries 03_INTEL/ (15 files) │ Deep intelligence reports — detailed analysis │ ├── NOTABLE_FINDINGS_EXPANDED.txt 471 lines — expanded analysis ├── SUBDOMAIN_INTEL.txt 500+ subdomains documented ├── INFRASTRUCTURE_OSINT_DUMP.txt IP/DNS/ASN mapping ├── SITE_FINGERPRINT_INTEL.txt Tech stacks & tracking IDs ├── TECH_STRUCTURE.txt Hezbollah server infrastructure ├── IRAN_MASTER_INTEL.txt Nuclear timeline & events ├── Iranian_Leadership_OSINT.txt Khamenei profile & connections ├── HEZBOLLAH_FINANCIAL_INTEL.txt $1B+ revenue & laundering ├── HEZBOLLAH_DATA_DUMP.txt Hezbollah content catalog ├── DOMAIN_SEIZURE_ANALYSIS.txt Jurisdictional analysis ├── HASH_COLLECTION.txt IP geolocation data ├── NOTABLE_FINDINGS.txt Core findings ├── OSINT_RECON_TOOLKIT.txt Tool documentation ├── SOURCES.txt 100+ sources referenced └── KHAMENEI_IR_OSINT_REPORT.txt Full khamenei.ir OSINT report 04_DATA/ (265 files) │ Raw data — dumped files, HTML, media, API responses │ ├── khamenei/ Khamenei site data │ ├── *.html 20+ HTML pages archived │ ├── *.js 3 JavaScript files (93KB) │ └── glossary.html, timeline.html, index.html │ ├── hezbollah/ │ ├── html/ 100 HTML files from Hezbollah sites │ └── media/ 131 images (EXIF preserved) │ ├── almanar/ │ └── debug.log 100KB WordPress debug log (LIVE) │ ├── farsnews/ │ └── (APK download failed — needs Tor) │ └── api-dumps/ ├── khamenei-farsi-json-topticker.json API data (1.6KB) └── huntr-scan.jsonl Scanner output 05_TARGETS/ (3 files) │ Target domain lists │ ├── iranian-websites.txt 653 Iranian domains ├── hezbollah-proxy-network-websites.txt 61 Hezbollah domains └── IRAN_TARGETS.md Target documentation 06_TOOLS/ (10 files) │ Scripts and databases │ ├── scripts/ │ ├── subdomain_hunter.py Subdomain enumeration │ ├── ip_intel.py IP intelligence lookup │ ├── hash_hunter.py Hash collection │ ├── username_hunter.py Username enumeration │ ├── db_manager.py Database management │ ├── create_instagram_posts.py Social media post generator │ └── make_posts.py Post automation │ └── databases/ ├── iran_osint.db 5 persons, 5 orgs, 6 social accounts ├── hash_database.db 21 hash records └── huntr.db 670 domain scan results 07_LOGS/ (4 files) │ Session logs │ ├── osint_log.txt General OSINT log └── 2026022*_session.txt Session transcripts (3 files) 08_SCREENSHOTS/ (5 files) │ Screenshots, images, social media │ ├── 001.PNG Screenshot ├── test.png Test image ├── kaed0259.jpg OSINT image ├── iran_osint_posts.html Generated social media posts └── iran_osint_ig_caption.txt Instagram caption ════════════════════════════════════════════════════════════════════ QUICK REFERENCE ════════════════════════════════════════════════════════════════════ 28 Total Findings (9 Critical, 8 High, 5 Medium, 6 Low) 500+ Subdomains discovered 75+ Unique IPs mapped 6 Government ASNs identified 16 Tracking IDs collected 182 Embassy subdomains (mfa.gov.ir) 670 Domains scanned $1B+ Hezbollah annual revenue documented 13 US DOJ seized domains analyzed NOTE: The parent directory (C:\Users\Squir\Desktop\IRAN\) still contains the Huntr scanner source code (main.go, go.mod, Windows/, Linux/, internal/) which should NOT be moved as the tool depends on its current path structure. ════════════════════════════════════════════════════════════════════