OSINT: Twitter and Facebook

This is the quick-hit version of the Open Source Intelligence (OSINT) training I gave on using data from Twitter and Facebook to profile an individual or organization.  As with all of the formal training, you can use the below for a quick reference, or view the full presentation here: OSINT – Social Media (Facebook and Twitter) (basic_0x07)

Twitter

  • Find a user’s profile page: 
    https://twitter.com/{HANDLE}
  • Find a user by ”real” name: 
    https://twitter.com/search?f=users&q={NAME}
  • Find tweets from a particular user: 
    https://twitter.com/search?q=from%3A{HANDLE}
  • Find tweets to a particular user: 
    https://twitter.com/search?q=to%3A{HANDLE}
  • Find tweets within a particular time range from a user: 
    https://twitter.com/search?q=from%3A{HANDLE}%20SINCE%3A{YYYY-MM-DD}%20UNTIL%3A{YYYY-MM-DD}
  • Search for a tweet that contains all listed words: 
    https://twitter.com/search?f=tweets&q={TERM1}%20{TERM2}%20{TERM_ETC}
  • Search for a single, exact term/phrase: 
    https://twitter.com/search?f=tweets&q=“{TERM/PHRASE}”
  • Search for one of (however many) terms: 
    https://twitter.com/search?f=tweets&q={TERM1}%20OR%20{TERM2}
  • Search for one term without another term: 
    https://twitter.com/search?f=tweets&q={KEEP-TERM}%20-{EXCLUDE-TERM}
  • Search for media from a particular user: 
    https://twitter.com/{HANDLE}/media
  • Search for favorites from a particular user: 
    https://twitter.com/{HANDLE}/favorites
  • Search for the first tweet from an account: 
    https://discover.twitter.com/first-tweet#{HANDLE}
  • Search for all followers of an account: 
    https://twitter.com/{HANDLE}/followers
  • Search for tweets a user ”liked” from other accounts: 
    https://twitter.com/{HANDLE}/likes

Geolocation Search

  • Use Google Maps to find your location, right-click, and choose “What is here” to see the decimal notation lat/long: 
    https://www.google.com/maps/place/Topeka,+KS/@39.0293081,-95.9063093,14z/data=!4m5!{etc}
  • Search: 
    https://twitter.com/search?f=tweets&q=geocode%3A{LAT}%2C{LONG}%2C{RADIUS}{“mi” or “km”}
  • Example: 
    https://twitter.com/search?f=tweets&q=geocode%3A39.0293081%2C-95.9063093%2C8mi

Third Party Tools

  • Perform social analysis of tweets by user: 
    https://socialbearing.com/search/user/{HANDLE}
  • Perform statistical anaysis of tweets by user: 
    https://foller.me/{HANDLE}
  • See history of archived tweets (find deleted tweets, both sent and mentioned): 
    https://backtweets.com/search/q={HANDLE}

Facebook

  • Find people by email: 
    https://www.facebook.com/search/people/?q={EMAIL}
  • Find people by cell phone: 
    https://www.facebook.com/search/people/?q=%2B{COUNTRY CODE}{PHONE NUMBER}
  • Find people by name: 
    https://www.facebook.com/search/str/{NAME}%20{NAME}/users-named
  • Find people by company: 
    https://www.facebook.com/search/str/{COMPANY}/pages-named/employees/present/intersect
https://www.facebook.com/search/str/{COMPANY}/pages-named/employees/past/intersect
  • Find people by city they live(d) in: 
    https://www.facebook.com/search/str/{CITY}/pages-named/residents/present/intersect
https://www.facebook.com/search/str/{CITY}/pages-named/residents/past/intersect
  • Find people by the school they attended: 
    https://www.facebook.com/search/str/{SCHOOL}/pages-named/students/intersect
  • Find people who visited a location: 
    https://www.facebook.com/search/str/{LOCATION}/pages-named/visitors/intersect
  • Find people by year born (and optionally add gender): 
    https://www.facebook.com/search/str/{YEAR}/date/users-born
https://www.facebook.com/search/str/{YEAR}/date/users-born/males/intersect https://www.facebook.com/search/str/{YEAR}/date/users-born/females/intersect
  • Find people by age range: 
    https://www.facebook.com/search/str/{MIN-AGE}/{MAX-AGE}/users-age-2
  • Find postings matching a keyword: 
    https://www.facebook.com/search/str/{KEYWORD}/stories-keyword
https://www.facebook.com/search/str/{KEYWORD}/keywords_posts
  • Find photos matching a keyword: 
    https://www.facebook.com/search/str/{KEYWORD}/photos-keyword
  • Find videos matching a keyword (Facebook or External Share): 
    https://www.facebook.com/search/str/{KEYWORD}/videos-keyword
https://www.facebook.com/search/str/{KEYWORD}/videos-web
  • Find events matching a keyword: 
    https://www.facebook.com/search/events/?q={KEYWORD}

Facebook Intersections
NOTE: Don’t forget the trailing “intersect” or it won’t work!

  • Example of people living in LOCATION who work for COMPANY: 
    https://www.facebook.com/search/str/{LOCATION}/pages-named/residents/present/intersect/str/{COMPANY}/pages-named/employees/present/intersect
  • Example of people working for Walmart between 25 and 30 years old who attended San Jacinto school: 
    https://www.facebook.com/search/str/25/30/users-age-2/intersect/str/Walmart/pages-named/employees/present/intersect/str/Jacinto/pages-named/students/intersect

Facebook Entity IDs
Getting Entity IDs

  • Go to the URL for the target, e.g. 
    https://www.facebook.com/fake.user.demo
  • View source.
  • Look for “entity_id” and the value of that entry is the number.

Using Entity IDs

  • View where they’ve been: 
    https://www.facebook.com/search/{ENTNUM}/places-visited/
https://www.facebook.com/search/ENTNUM/recent-places-visited/
https://www.facebook.com/search/{ENTNUM}/places-checked-in/
  • View their events and if they attended: 
    https://www.facebook.com/search/str/{ENTNUM}/events-invited/{YEAR}/date/events/intersect/
https://www.facebook.com/search/str/ENTNUM/events-joined/YEAR/date/events/intersect/
https://www.facebook.com/search/{ENTNUM}/events
  • What they like: 
    https://www.facebook.com/search/{ENTNUM}/places-liked/
https://www.facebook.com/search/ENTNUM/pages-liked/
https://www.facebook.com/search/ENTNUM/photos-liked/
https://www.facebook.com/search/ENTNUM/videos-liked/
https://www.facebook.com/search/{ENTNUM}/stories-liked/
  • Same as above but for their friends 
    https://www.facebook.com/search/{ENTNUM}/friends/places-liked/
{ETC}
  • Photos (yes, you can do the “friends” thing here too): 
    https://www.facebook.com/search/{ENTNUM}/photos/
https://www.facebook.com/search/ENTNUM/photos-of/
https://www.facebook.com/search/ENTNUM/photos-by/
https://www.facebook.com/search/{ENTNUM}/photos-commented/
  • Videos (yes, you can do the “friends” thing here too): 
    https://www.facebook.com/search/{ENTNUM}/videos/
https://www.facebook.com/search/ENTNUM/videos-of/
https://www.facebook.com/search/ENTNUM/videos-by/
https://www.facebook.com/search/{ENTNUM}/videos-commented/
  • What apps they use (yes, you can do the “friends” thing here too): 
    https://www.facebook.com/search/{ENTNUM}/apps-used/
  • What they said (yes, you can do the “friends” thing here too): 
    https://www.facebook.com/search/{ENTNUM}/stories-by/
https://www.facebook.com/search/{ENTNUM}/stories-tagged/
  • Enumerate the personal and professional networks: 
    https://www.facebook.com/search/{ENTNUM}/employers/
https://www.facebook.com/search/ENTNUM/groups/
https://www.facebook.com/search/{ENTNUM}/employees/   #Co-workers
https://www.facebook.com/search/ENTNUM/friends/
https://www.facebook.com/search/ENTNUM/followers/
https://www.facebook.com/search/ENTNUM/relatives/
https://www.facebook.com/search/{ENTNUM}/relatives/
  • Common profile details between two Entity IDs 
    https://www.facebook.com/friendship/{ENTNUM1}/{ENTNUM2}/
  • Common Interests and Activities between two Entity IDs 
    https://www.facebook.com/search/{ENTNUM1}/places-visited/{ENTNUM2}/places-visited/intersect/
https://www.facebook.com/search/ENTNUM1/places-checked-in/ENTNUM2/places-checked-in/intersect/
https://www.facebook.com/search/ENTNUM1/places-liked/ENTNUM2/places-liked/intersect/
https://www.facebook.com/search/ENTNUM1/pages-liked/ENTNUM2/pages-liked/intersect/
{ETC}
  • Mix and match also works, e.g. places one visited and the other liked 
    https://www.facebook.com/search/{ENTNUM1}/places-visited/{ENTNUM2}/places-liked/intersect/

Comments are closed.

Website Powered by WordPress.com.

Up ↑