Instagram OSINT with python tools

Information gathering is crucial to the hacking process. Due to the passion of open source hackers, there are many information gathering tools, easy to setup and use. Progressing in my journey as a beginner hacker, I decided to share some useful tools in Instagram OSINT.

Osintgram

An interactive tool which offers information gathering on data such as the addresses registered by target photos, followers, followings and others like the ones listed below.
  • hashtags
  • captions
  • mediatype
  • likes
  • comments
  • verified
  • business or not
The tool also offers data downloading such as the profile picture and the entire photos published by the user.

Setup the tool

As for the configuration of the tool, Python 3.6 or later is required. Before creating the virtual environment and configuring the packages required by the project, we need to download or clone the repository from Github.
Open a fresh command prompt or terminal console and run the following command.
git clone https://github.com/Datalux/Osintgram.git
Then create a fresh virtual environment inside the project's root directory with the help of the following command.
virtualenv -p /usr/local/bin/python3.7 env # make sure to include your absolute path
Install the required packages.
pip install -r requirements.txt
Once you have managed to install the required packages, you need to configure the tool so it can authenticate to your existing Instagram account. Create a subdirectory called config, and two fresh files inside it like shown below.
Osintgram
    config
        username.conf
        pw.conf
Put the username inside the username.conf file and the password inside the pw.conf.

How to gather information from Instagram with Osintgram

Once you have managed to properly setup the tool, information gathering is extremely easy due to the interactive shell being offered. Run the following command to start open source intelligence gathering on your target of choice.
python main.py oltjano13 # make sure to put the username of your target
As soon as the authentication is finished, the tool will prompt a command line from which you can run different commands. The screenshot shared below perfectly illustrates the written words.
The first command which I like to run is the one that gives me information on the geotags shared by the user. Such data is useful, especially if you are interested in the location the user is based.
addrs
If the above command executes successfully, you will be able to get detailed information on the addresses of the photos being shared by them.

The result of the above command is shown below.

To get the hashtags used by the target, run the following command inside the interactive shell offered by the tool.
hashtags
If no hashtags available, nothing will show up on the console. As for the captions, the following command can be used.
captions

Getting the full list of the target's followers is as easy as typing the following command.
followers
As for the Instagram users followed by the target, the following command should be used.
followings
Information on the likes received on the target's photos can be gathered through the help of the command shown below.
likes

Another command which I find very useful in open source intelligence gathering with the help of Osintgram, is the one which finds description of the user's photos.
photodes
The tool is able to read the text each photo contains.
Due to the rich features offered by Osintgram, it's also possible to download the entire photos shared by the target, their profile picture, and the stories.
The following command can be used to fully download the photos shared by the target.
photos
As for the target's stories, use the command shared below.
stories
The downloaded data is going to be saved under the directory output which the tool automatically creates for the data storage.

Although not the best tool available for performing OSINT on Instagram, Osintgram is worthy being on your toolset as a beginner hacker.

OSI.IG

Not as rich in features as Osintgram, OSI.IG is way easier to setup as it does not require an Instagram account for authentication. With the help of such tool, a hacker is able to get the following information from a target account.

  • username
  • profile name
  • url
  • followers
  • following
  • number of posts
  • bio
  • profile picture url
  • is business account
  • is connected to facebook
  • external url
  • is private
  • is verified
  • tags
  • post location
  • post timestamp
  • post caption
  • number of comments in a post
  • post picture url
  • likes in post

Setup the tool

Launch a fresh console and clone the official repository on your directory of choice with the help of the command shown below.
git clone https://github.com/th3unkn0n/osi.ig.git
Then navigate to the project's root with the help of the command shown below.
cd osi.ig
Create a fresh virtual environment by making usage of python 3.6 or a later version.
virtualenv -p /usr/local/bin/python3.7 env
Activate the virtual environment and install the required packages for the project to properly function.
source env/bin/activate
pip install -r modules

How to gather information from Instagram with OSI.IG

Once you have managed to correctly setup the tool, gathering basic information on the target is as easy as typing the command shown below.
python main.py -u oltjano13 # make sure to put your target's username in here
The execution of the above command produced the result shown below.

It's also possible to get detailed information on each post published by the target. To perform such task, the option -p is required.
python main.py -u oltjano13 -p
For each post published by the target the tool will display information in the format shown below.
picture : http://tinyurl.com/yxphr4y6
comments              : 2
comments disabled     : False
timestamp             : 1573809564
likes                 : 4
location              : None
accessability caption : Photo by oltjano on November 15, 2019.
In order to save the data to a local file make sure to include the option -s in your command; exactly as shown in the following command.
python main.py -u oltjano13 -p -s

Toutatis

Way simpler than the tools shared above, Toutatis helps to find out information from the target such as e-mails, phone numbers, biography, user id and a few others.

Same as Osintgram, this Instagram OSINT tool requires that you are logged in to an account.

Setup the tool

First of all, clone the official repository with the command shown below.
git clone https://github.com/megadose/toutatis.git
Then navigate to the project's root with the help of the command shown below.
cd toutatis
Create a fresh virtual environment by making use of python 3.6 or a later version.
virtualenv -p /usr/local/bin/python3.7 env
Activate the virtual environment and install the required packages so the project can function properly.
pip install -r requirements.txt

How to gather information from Instagram with Toutatis

Once you have managed to setup the Toutatis OSINT tool, the following command should be used in order to start gathering information on a target.
python toutatis.py -u oltjano13 -s 1359267834%3B5yhoKLNFGiPGJ%3D6

Just make sure to replace the target's username and session id with your own.

A cool feature offered by Toutatis is the one which extracts the recovery email based on the target's username. Such utility can be accessed through the python's interactive shell like shown below.
from toutatis import *
recoverEmail("oltjano13") 
The result of the above command is shown below.
'j*******3@gmail.com'

instaloctrack

Unlike the tools being shared so far through this article, instaloctrack is specifically focused on collecting the entire photo locations of the target with the main purpose of placing them on a map.

Setup the tool

Make use of the command shown below to clone the official repository.
git clone https://github.com/bernsteining/instaloctrack.git
Navigate to the project's root.
cd instaloctrack
Create a fresh virtual environment and install the requirements.
virtualenv -p /usr/local/bin/python3.7 env
pip install -r requirements.txt
According to the tool's official documentation being published on Github, Selenium and Chromedriver is being used for scraping the data.
brew cask install chromedriver # os x users
sudo apt install chromedriver # debian based users

How to gather information from Instagram with instaloctrack

Once you have managed to properly setup the tool with the whole of its requirements, you can easily collect all the locations of a target by making use of the command shown below.
python instaloctrack/instaloctrack.py -l wisdomovermoney13 -p password -t fhollande
If the authentication is made successfully, the tool with automatically start scraping for locations with the main purpose of geocoding and placing them on a map.
Once the process of location gathering is finished, you can easily find the collected data on the subdirectory output.
open output/fhollande/fhollande_instaloctrack_map.html
And the results are being shown below.

pervertgram

Written in flask, pervertgram offers an easy to use web interface which can be operated even by those who are not familiar with the command line.

Setup the tool

First clone the official repo with the command shown below.
git clone https://github.com/CyberSaxosTiGER/pervertgram.git
Then navigate to the project's root.
cd pervertgram
The project runs on python 3.8 so make sure to include it while creating the virtual environment inside root directory.
virtualenv -p /usr/local/bin/python3.8 env
Activate the virtual environment, generate the requirements.txt and then install the packages.
source env/bin/activate
pip3 install pipenv
pipenv run pip freeze > requirements.txt
pip3 install -r requirements.txt
Then create a new file named config.json and make sure it follows the pattern shown below.
 {
   "username": "username",
   "password":  "password"
 }  

How to gather information from Instagram with pervertgram

Launch the flask application with the help of the command shown below.
python app.py
Then open a new tab in your browser and copy paste the following url to get the target's profile picture in high definition.
http://localhost:5002/dp/target_user_here/

As for the followers of the target, the url shown below will do the job.
http://localhost:5002/followers/target_user_here
In order to find out the users followed by the target, just replace followers with followings as shown in the section below.
http://localhost:5002/followings/target_user_here
The tool is going to display each user in a web format.

Final thoughts

OSINT is a must as your progress in your journey as a hacker. Thankful to the open source hackers worldwide, there are many open tools which can be utilized in the area of information gathering. 

Through this article I shared some of the most famous Instagram OSINT tools. Proven useful to me, I hope each one of them is worthy to be in your hacker's toolset. As for the errors you encounter while setting them up, or using them; feel free to comment and I will find time to reply as soon as possible.

Copyright hackermilk.info  

Post a Comment

2 Comments

  1. don't work in Debian 10, python 3.7

    ReplyDelete
  2. Post the specific errors for each tool so I can help you. Without the specific traceback I can't help as I can not imagine the possibility of errors that have been triggered on your system.

    ReplyDelete