Everyday, Unlimited amount of personal and potentially sensitive data is shared and stored in social media, websites and applications. This much information can move towards becoming an evidence for governments, citizens, employment and Law Enforcement helping them to solve crime related matters.
Social networking sites like Facebook, Twitter, Snapchat hold a lot of customer’s private data, which puts a big question on User’s privacy. Some social media sites were also involved in selling User’s data to third parties without letting the User know. These above facts make Social media a primary source of data & information gathering about a target. Governments and some other organizations use social media as a primary source of information to search a person’s background. By querying different parameters or using some Social Media tool, we can get the information that we need.
Also, a lot of social media sites allow users to geo-locate themselves, which allows others to trace back to their precise location. Here we’ll look at a couple of websites including Facebook, Twitter, LinkedIn and some methods to explore and analyze data in them.
Facebook is the most famous Social Media Site, which now a days, is almost used by every person around us. To explore a Facebook profile, there is a powerful stalking website tool http://stalkscan.com which is even able to bring posts that were commented or liked by a User. It uses queries to perform advance search that Facebook doesn’t allow us to see using traditional search optional.
We’ll stalk the profile of Mark Zuckerberg as an example using this website. Go to Facebook and copy his profile link, then paste that link in the search bar of Stalk Scan and click search.
There are a lot of options to look for but we’ll try some as example
Not only that, you can see posts that were commented by the user a long time ago, his coworkers, relationships and interests. This much info can be helpful in investigation or Red Teaming purposes.
Some other useful sites
There are some other amazing tools and website that you can use to do research and graph analysis of Facebook users and pages.
Twitter is another famous news and social networking site which produces around 350,000 tweets every minute. We can do a graph analysis of hashtags & users or find trends in a geographical location using hashtags.
Using the website https://burrrd.com we can do a detailed graph analysis of a twitter profile.
Twitter hashtag analysis is done to see things trending worldwide. It is also helpful in doing business OSINT. We can use website https://socialbearing.com to analyze hashtags.
This tool also enables you to use location and a lot of other filters to perform a detailed OSINT analysis.
Another website http://followcheck.com/ can be used for business OSINT analytics of multiple user profiles.
Some other useful sites
There are some other amazing tools and website that you can use to do research and graph analysis of Twitter profiles and trends.
LinkedIn is a business oriented social networking site which is mainly used for professional connections & hiring purposes. It was initially found in 2002 and Microsoft acquired it in 2016. Usually HR & managers use it for searching market talent and hiring new employees. Companies have their lot of details and their employees data on LinkedIn, so for Red Teaming purposes LinkedIn OSINT might be really helpful. To gather information from LinkedIn, we’ll use a web application hunter.io to look for emails of a company’s current employees.
There is a command line tool called InSpy which uses the API keys of hunter.io to scrape data from targeted company. To install InSpy you are going to need Kali’s repositories, just type
$ sudo apt-key adv --keyserver pgp.mit.edu --recv-keys ED444FF07D8D0BF6 $ sudo echo '# Kali linux repositories \ndeb http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list $ sudo apt-get update $ sudo apt-get install inspy -y #-----Performing A general search----# $ inspy --empspy /usr/share/inspy/wordlists/title-list-large.txt google
Some other examples
inspy --titles [wordlist location] --domain [domain] [COMPANY NAME] inspy --titles [wordlist location] --email first.last [COMPANY NAME]
Gathering a large numbers of emails is called Email Harvesting. Mostly spammers do this to gather a huge amount for spamming purposes. They use email harvesters to collect emails in large amount and then they use spam bots and other similar softwares to deploy phishing and scams. Some email harvester use dictionary brute force attacks to verify emails from mail servers and then store existing emails in their databases. Mail servers use VRFY and EXPN commands syntax which allows harvesters to verify a large amounts of emails. We’ll use a tool in Kali, called TheHarvester which uses the power of search engine to harvester to gather emails from a company, which we can later verify. If you’re not on Kali, you will be needing Kali’s repositories, write
$ sudo apt-key adv --keyserver pgp.mit.edu --recv-keys ED444FF07D8D0BF6 $ sudo echo '# Kali linux repositories \ndeb http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list $ sudo apt-get update $ sudo apt-get show theharvester $ sudo apt-get install theharvester -y $ theharvester -d ebryx.com -b google
And then we can verify these emails using https://hunter.io/verify