GEOINT: Using Overpass Turbo for OSINT

7 min readApr 16, 2024

Overpass Turbo (OPT) allows you to search for mapped information in the Open Street Map database using command-line queries, making it an unrivalled geolocation tool. For example, you can find a list of all the address number 42 of a city, the pharmacies near a tramway line or all the roads with a 30km/h speed limit in a region. But mastering the commands can be tricky, hence this article will show you how to build simple queries to make OPT accessible to everyone.

Before presenting Overpass Turbo, let’s talk a little about Open Street Map (OSM). OSM is a collaborative mapping project that has been around for some twenty years, providing and maintaining thousands of data points on roads, buildings and all kinds of infrastructure around the world. Overpass Turbo is a tool that lets you send queries to the Over Pass Turbo API and visualize the results on an interactive map.

I/ First Overpass Turbo query
II/ Building compound searches
III/ Using Overpass Turbo for GEOINT

I/ First Overpass Turbo query

Let’s start by searching for Paris museums using the OVP assistant. Once on the wizard, we simply copy one of the proposed models.

An Overpass Qwery Language statement appears on the left-hand side of the window. Let’s take a closer look at its various elements:

The Search Area is the geographical area in which the query will be sent. By default, it is defined by ({{bbox}}), which designates the map area visible on the right-hand side of the window, but it can be modified at will.

To talk about types in OPT is to look at the way in which OSM data is designated:

The fundamental building block of OSM is the node, which is a defined point placed by the combination of latitude and longitude.
A way is the interconnection of two or more nodes, and can therefore take the form of an open path, a closed path or a surface.
A relation (rel) is the grouping of several nodes, paths or relations to form a coherent whole.

To take a simple example: a speed bump is a point, a road is a path and a city is a relation. In our query, the default type was set to nwr for node/way/relation, which means that all results for all three types would be searched.

Each type is associated with one or more tags. These take the form [“key”=”value”]. The catalog of different tags used by OSM can be consulted on TagInf or on the OSM wiki, getting familiar with them will help you refine your queries. In our example, the tag associates the key tourism with the value museum.

These three elements form a data collection instruction, which ends with a semicolon. The output, which displays the results, also ends with a semicolon.

Now that we’ve clarified these few points, let’s see how we can put them to practical use.

II/ Building compound searches

Tag association:

Combining several tags allows you to refine your query results. For example, let’s search for museums with wheelchair access. All we need to do is add the tag [“wheelchair”=”yes”] to our initial query.

Using geocodes:

As we saw above, a search will be performed by default in the visible area of OPT’s interactive map (({{bbox}})), but it is possible to search directly in the area of interest by writing our query. This function is particularly useful for queries that are both more precise and more flexible. Let’s look for museums in Paris with wheelchair access. To do this, we will call searchArea corresponding to the city of Paris and replace our search area with the expression(area.searchArea).

If we were to do the same search for the city of London in the future, we would only have to modify one term.

The Around function :

The Around function allows you to search within a given geographical radius. To continue with our illustrative example, let’s now search for a parking lot near our wheelchair-accessible museums. First, we create a new set named musees (OPT doesn’t accept accents), which will retain the data from the museums query, and add a second query for parking lots within a 50-meter radius of the museums. We can then easily modulate the search radius or search for other locations close to the museums.

Adding conditions :

It is possible to add a variety of conditions to our queries, such as the length of a road, the height of a building, or whether the key matches a tag value. For instance, let’s search for underground parking lots only. To do this, we’ll check that the parking key matches the underground value.

Combining these different functions produces increasingly detailed results.

Once your results are in, Overpass Turbo offers the option of exporting them, along with the query or map, in a variety of formats. This feature is particularly useful for integrating with external mapping services (e.g. Google Earth).

III/ Using Overpass Turbo for GEOINT

In what remains of this article, we will have a look at how Overpass Turbo can be used for GEOINT, based on a challenge posted by Sophia Santos/@Gralhix. Her challenge is in two parts, and we’ll focus here on the second question:

The challenge is accompanied by a YouTube video of a city being hit by an earthquake. Let’s find out where the video was taken.

GeoSpy allows us to estimate the location of a place from a simple image, it is not always correct but it can set us on the right track. From analysing a frame of the video, GeoSpy suggests Chișinău, Moldova at coordinates 47.02525433026067, 28.84282880435812. Unfortunately, these coordinates don’t match the camera’s view so we go back to the elements at hand.

A Google search for earthquakes that occurred on September 24, 2016 (the date indicated by the camera) confirms that the estimate provided by GeoSpy is consistent, as an earthquake hit Romania and Moldova on that date. We can therefore focus our research on Chișinău.

Let’s now take a moment to note the remarkable elements visible in the image. In the background we see a large white building that appears to be 12 storeys high (orange arrow). Close by we can see a parking area for cars (blue arrow) and a 6-lane road (red arrow).

Let’s now try to build an OPT query that would satisfy all these elements. The following query searches for all 12-storey buildings in Chișinău within 30 metres of parking lots that are within 50 metres of 6-lane roads:

Our query returns two results close to each other at coordinates 47.0153294 / 28.8551636 and 47.0152839 / 28.8545461.

We can now try to confirm on Google Earth whether these coordinates correspond to the view from the challenge video by looking for the elements noted earlier:

All that remains is to determine the precise point from which the video was filmed. A quick look at the surrounding buildings shows that only the upper floors or the roof of the eastern corner of the V-Continental Business Center offer a vantage point similar to the one in the video.

The video was therefore taken at coordinates 47°01'03.0 “N 28°51'10.1 “E.

As we’ve seen throughout this article, OPT is a formidable tool for searching and exploring map data worldwide, but its accessibility remains limited by the difficulty of formulating its queries and the knowledge required to use it. This article aims to alleviate this problem by providing a simple yet comprehensive and actionable tutorial.

If you’ve made it this far you’re no doubt an OSINT enthusiasts and Predicta Lab’s mission is to make your life easier by developing automated search tools. As such, we’re curious about your use of Overpass Turbo: is it a tool you already use? If so, how often and for what purpose? And what do you think of existing OverPass Turbo query creation tools (Bellingcat’ s or ChatGPT, for example)? We look forward to hearing from you on Medium, Twitter and LinkedIn!