[ad_1]
Open Source Intelligence (OSINT) for social media involves collecting and analyzing public data from platforms like Facebook, Twitter, and Instagram.
It’s valuable in cybercrime investigation, market research, brand management, personal safety, online reputation, journalism, disaster management, and security and defense.
1- SpyScrap
SpyScrap is an OSINT tool designed to gather information from various sources such as Google, Tinder, and Twitter. It uses facial recognition and natural language processing to filter results and identify key entities.
The tool calculates a score indicating a user’s public exposure on the internet. It has two independent modules, CLI and Web Interface, both built using Docker and easy to deploy.
Supported Web Scrapping Modules
- Tinder
- Yandex
- BOE
2- Sherlock
Sherlock is an open-source free tool that hunts down social media accounts by username across social networks.
3- Seekr
Seekr is a multi-purpose OSINT-data toolkit that integrates various tools into a single interface. It uses a Go and BadgerDB backend for data collection, organization, and analysis, making it ideal for researchers and investigators. It simplifies data management and streamlines OSINT workflows.
Seekr is an application that combines note-taking and Open Source Intelligence (OSINT), designed for real-world use cases and can be used alongside existing tools.
💡
Warning Seekr is a beta software and still in an early stage of development
Key Features
- NO api keys required for all features.
- Desktop interface.
- Database for OSINT targets.
- Integration / adaptation of many popular OSINT-tools (e.g. phoneinfoga)
- GitHub to email
- Guide (Enter information you have and get web-tools recommended to help you)
- Account cards for each person in the database
- Account discovery integrating with the account cards
- Pre defined commonly used fields in the database
- Themes & Plugins
4- Holehe OSINT
Holehe is a tool that checks if an email is attached to accounts on various sites, including Twitter, Instagram, and Imgur, among 120 others. It retrieves information using the forgotten password function without alerting the target email and runs on Python 3.
5- DaProfiler
DaProfiler is an OSINT tool that helps you gather personal information that may be available online, such as addresses, social media accounts, email addresses, phone numbers, and job details. This information can be used to make GDPR requests to remove your digital footprint.
6- OWASP Maryam
OWASP Maryam is an open-source, modular framework designed for OSINT and data gathering. It facilitates rapid and comprehensive data harvesting from open sources and search engines. The framework supports Linux, FreeBSD, Darwin, and OSX operating systems.
7- Maigret
Maigret is a powerful tool that collects comprehensive information on a person using only a username. It checks accounts across thousands of sites without requiring API keys.
It supports searching on over 3000 sites, including Tor and I2P sites, and domains via DNS resolving. Features include profile pages parsing, recursive search by new usernames, search by tags, and censorship and captcha detection.
8- Toutatis
Toutatis is a free, open-source OSINT Python script that enables the extraction of information from Instagram accounts, including emails, phone numbers, and more.
9- Mr.Holmes
Mr.Holmes is an OSINT tool designed to extract valuable details about domains, usernames, and phone numbers from public sources on the internet. It uses Google dorks attack for specific research needs and ensures anonymity by using proxies for all requests. It also integrates a WhoIS API for a richer dataset about a domain.
10- Alfred
Alfred is a user-friendly tool designed to discover usernames across various websites, similar to Sherlock.
It is successful about 80% of the time and is intended to help new programmers or pentesters enter the world of OSINT. Alfred is built using Python 3.12.
11- Zehef
Zehef is an OSINT tool for studying emails without alerting the target. It allows users to check if their personal or corporate emails have been leaked and on which popular sites the email is registered. It supports dozens of OSINT modules that allows you to search many services and databases.
Features
Zehef’s Feature list includes: asynchronous scraping, a command-line interface menu, and modules for website scraping, breach checking, API scraping for target email information, possible account checking on Snapchat & TikTok, and checking all Pastebin links related to the email.
12- YesItsMe
Yesitsme is a Python script that leverages dumpor.com‘s indexing to find Instagram accounts associated with a specific name, email, and phone number. It compares the retrieved Toutatis obfuscated email/phone with the input, aiding in online investigations.
13- Eyes
“Eyes” is an OSINT tool that identifies existing accounts linked to an email address. It can detect accounts on various sites, even if the profile doesn’t directly relate to the email, without alerting the target. The tool features asynchronous scraping and a command-line interface.
QueryTool is an OSINT framework integrated within Google Sheets, designed to simplify the process of generating queries for various search engines. It aids in conducting sophisticated searches for terms, usernames, email addresses, files, and more, supporting the cyber investigation process.
The tool is categorized into sections, including Recon & SOCMINT, which features search engines for general research and social media search tools.
15- SocialOSINT
SocialOSINT is a powerful open-source Python OSINT tool. It’s designed for extracting emails from targets published on social networks such as Instagram, Linkedin, and Twitter. Moreover, it’s an effective means for identifying potential credential leaks in PwnDB.
16- Twint
Twint is a Python-based Twitter scraping tool that bypasses Twitter’s API, allowing for the extraction of Tweets from specific users, topics, hashtags, and trends.
It can also scrape sensitive information from Tweets and special queries such as a user’s followers, liked Tweets, and who they follow. Benefits include fetching almost all Tweets, fast setup, anonymous use, no sign-up requirement, and no rate limitations.
17- Ghunt
GHunt (v2) is an offensive Google framework designed for efficient evolution, primarily focused on OSINT. It features CLI usage and modules, Python library usage, full asynchrony, JSON export, and a browser extension to facilitate login.
SpiderFoot is an open source intelligence automation tool that integrates with numerous data sources and uses various methods for data analysis.
It includes an embedded web-server for a user-friendly web interface, but can also be operated entirely via the command-line. The tool is written in Python 3 and is MIT-licensed.
- Web based UI or CLI
- Over 200 modules (see below)
- Python 3.7+
- YAML-configurable correlation engine with 37 pre-defined rules
- CSV/JSON/GEXF export
- API key export/import
- SQLite back-end for custom querying
- Highly configurable
- Fully documented
- Visualisations
- TOR integration for dark web searching
- Dockerfile for Docker-based deployments
- Can call other tools like DNSTwist, Whatweb, Nmap and CMSeeK
- Actively developed since 2012!
19- Social Analyzer
Social Analyzer is an application that can analyze and locate a person’s profile across over 1000 social media platforms and websites. It uses various detection techniques to rate the likelihood of a match, aiming to reduce false positives.
The tool can assist in investigating profiles linked to suspicious or harmful activities like cyberbullying, cyber grooming, cyberstalking, and misinformation dissemination.
Features
- String & name analysis (Permutations and Combinations)
- Find a profile using multiple techniques (HTTPS library & Webdriver)
- Multi profile search (Used for correlation – any combination separated with “,” )
- Multilayers detections (OCR, normal, advanced & special)
- Visualized profile information using Ixora (Metadata & Patterns)
- Metadata & Patterns extraction (Added from Qeeqbox OSINT project)
- Force-directed Graph for Metadata (Needs ExtractPatterns)
- Search by top ranking or by country (Alexa Ranking)
- Search by type (adult, music, etc.. – automated websites stats)
- Profiles stats and static info (Category country)
- Cross Metadata stats (Added from Qeeqbox OSINT project)
- Auto-flirtation to unnecessary output (Enable javascript etc..)
- Search engine lookup (Google API – optional)
- Custom search queries (Google API & DuckDuckGo API – optional)
- Profile screenshot, title, info, and website description
- Find name origins, name similarity & common words by language
- Find possible profile\person age (Limited analysis)
- Custom user-agent, proxy, timeout & implicit wait
- Python CLI & NodeJS CLI (limited to FindUserProfilesFast option)
- Screenshots of detected profile (The latest version of Chrome must be installed)
- Grid option for faster checking (limited to docker-compose)
- Dump logs to folder or terminal (prettified)
- Adjust finding\getting profile workers (default 15)
- Re-checking option for failed profiles
- Filter profiles by good, maybe, and bad
- Save the analysis as a JSON file
- Simplified web interface and CLI
- And, more!!
20- OWASP Amass
The OWASP Amass Project is an open-source tool that excels at network mapping and external asset discovery.
What does it collect?
It uses a variety of information gathering and active reconnaissance techniques, which include:
- APIs: Utilizes numerous data sources such as 360PassiveDNS, Ahrefs, AnubisDB, and more.
- Certificates: Actively pulls information, with optional sources including Censys, CertCentral, CertSpotter, and others.
- DNS: Employs techniques like brute forcing, reverse DNS sweeping, NSEC zone walking, and zone transfers.
- Routing: Uses data from ASNLookup, BGPTools, BGPView, BigDataCloud, and other sources.
- Scraping: Leverages sources such as AbuseIPDB, Ask, Baidu, Bing, and more.
- Web Archives: Extracts data from Arquivo, CommonCrawl, HAW, PublicWWW, UKWebArchive, and Wayback.
- WHOIS: Uses data from AlienVault, AskDNS, DNSlytics, ONYPHE, SecurityTrails, and others.
21- SPY
SPY is a simple OSINT tool designed to scan social media accounts across various networks using a username.
[ad_2]
Source link