Skip to main content

Tinfoleak - Twitter Open Source Intelligence Tool


tinfoleak is an open-source tool within the OSINT (Open Source Intelligence) that automates the extraction of information on Twitter and facilitates subsequent analysis for the generation of intelligence. Taking a user identifier, geographic coordinates or keywords, tinfoleak analyzes the Twitter timeline to extract great volumes of data and show useful and structured information to the intelligence analyst.

tinfoleak is included in several Linux Distros: Kali, CAINE, BlackArch and Buscador. It is currently the most comprehensive open-source tool for intelligence analysis on Twitter.


tinfoleak can extract the following information:
  1.     Account info / User Activity / Protected Accounts
  2.     Source Applications / User Devices / Use Frequency
  3.     Hashtags / Mentions / Likes
  4.     Text Analysis / Words Frequency / Media / Metadata
  5.     User Visited Places / User Routes / User Top Locations
  6.     Social Networks / Digital Identities
  7.     Geolocated Users / Tagged Users
  8.     Followers / Friends
  9.     Lists / Collections
  10.     Conversations
Installation
Install Python and dependencies:
sudo apt install python-pip python-dev build-essential python2.7-dev python-pyexiv2 python-openssl
sudo pip install --upgrade pip
sudo pip install --upgrade virtualenv
sudo pip install --upgrade tweepy
sudo pip install --upgrade pillow
sudo pip install --upgrade exifread
sudo pip install --upgrade jinja2
sudo pip install --upgrade oauth2
Download: https://github.com/vaguileradiaz/tinfoleak

Getting started

The first time you runs tinfoleak, you need to assign the OAuth settings.

    1. Edit “tinfoleak.conf”
        Use your favorite editor 😉
    2. Give value to these variables:
        CONSUMER_KEY
        CONSUMER_SECRET
        ACCESS_TOKEN
        ACCESS_TOKEN_SECRET
    3. How to obtain these values:
        https://developer.twitter.com/en/docs/basics/authentication/guides/access-tokens
    4. Save “tinfoleak.conf”
    5. Execute “tinfoleak.py”


Lets see video:




Comments

Popular posts from this blog

Fix HTTPS issue in browser - Burp Suite

If you get message "Software is Preventing Firefox From Safely Connecting to This Site. Most likely a safe site, but a secure connection could not be established. This issue is caused by The original certificate provided by the web server is untrusted., which is either software on your computer or your network." lets see the tutorial. 1. With Burp suite running, visit http://burp in your browser and click the "CA Certificate" link to download and save your Burp CA certificate. Remember where you save the Burp CA certificate.

Artillery - Binary Defense Project

Project Artillery is an open source project aimed at the detection of early warning indicators and attacks. The concept is that Artillery will spawn multiple ports on a system giving the attacker the idea that multiple ports are exposed. Additionally, Artillery actively monitors the filesystem for changes, brute force attacks, and other indicators of compromise. Artillery is a full suite for protection against attack on Linux and Windows based devices. It can be used as an early warning indicator of attackers on your network. Additionally, Artillery integrates into threat intelligence feeds which can notify when a previously seen attacker IP address has been identified. Artillery supports multiple configuration types, different versions of Linux, and can be deployed across multiple systems and events sent centrally. Artillery is a combination of a honeypot, monitoring tool, and alerting system. Eventually this will evolve into a hardening monitoring platform as well to detect ins...

How To Enable DNS over HTTPS

  DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver. An alternative to DoH is the DNS over TLS (DoT) protocol, a similar standard for encrypting DNS queries, differing only in the methods used for encryption and delivery. On the basis of privacy and security, whether or not a superior protocol exists among the two is a matter of controversial debate, while others argue the merits of either depend on the specific use case. Benefits DoH improves privacy by hiding domain name lookups from someone lurking on public WiFi, your ISP, or anyone else on your local network. DoH, when enabled, ensures that your ISP cannot collect and sell personal information related to your br...