This is the quick-hit version of the Open Source Intelligence (OSINT) training I gave on using data from Twitter and Facebook to profile an individual or organization. As with all of the formal training, you can use the below for a quick reference, or view the full presentation here: OSINT – Social Media (Facebook and Twitter) (basic_0x07)
- Find a user’s profile page:
https://twitter.com/{HANDLE} - Find a user by ”real” name:
https://twitter.com/search?f=users&q={NAME} - Find tweets from a particular user:
https://twitter.com/search?q=from%3A{HANDLE} - Find tweets to a particular user:
https://twitter.com/search?q=to%3A{HANDLE} - Find tweets within a particular time range from a user:
https://twitter.com/search?q=from%3A{HANDLE}%20SINCE%3A{YYYY-MM-DD}%20UNTIL%3A{YYYY-MM-DD} - Search for a tweet that contains all listed words:
https://twitter.com/search?f=tweets&q={TERM1}%20{TERM2}%20{TERM_ETC} - Search for a single, exact term/phrase:
https://twitter.com/search?f=tweets&q=“{TERM/PHRASE}” - Search for one of (however many) terms:
https://twitter.com/search?f=tweets&q={TERM1}%20OR%20{TERM2} - Search for one term without another term:
https://twitter.com/search?f=tweets&q={KEEP-TERM}%20-{EXCLUDE-TERM} - Search for media from a particular user:
https://twitter.com/{HANDLE}/media - Search for favorites from a particular user:
https://twitter.com/{HANDLE}/favorites - Search for the first tweet from an account:
https://discover.twitter.com/first-tweet#{HANDLE} - Search for all followers of an account:
https://twitter.com/{HANDLE}/followers - Search for tweets a user ”liked” from other accounts:
https://twitter.com/{HANDLE}/likes
Geolocation Search
- Use Google Maps to find your location, right-click, and choose “What is here” to see the decimal notation lat/long:
https://www.google.com/maps/place/Topeka,+KS/@39.0293081,-95.9063093,14z/data=!4m5!{etc} - Search:
https://twitter.com/search?f=tweets&q=geocode%3A{LAT}%2C{LONG}%2C{RADIUS}{“mi” or “km”} - Example:
https://twitter.com/search?f=tweets&q=geocode%3A39.0293081%2C-95.9063093%2C8mi
Third Party Tools
- Perform social analysis of tweets by user:
https://socialbearing.com/search/user/{HANDLE} - Perform statistical anaysis of tweets by user:
https://foller.me/{HANDLE} - See history of archived tweets (find deleted tweets, both sent and mentioned):
https://backtweets.com/search/q={HANDLE}
- Find people by email:
https://www.facebook.com/search/people/?q={EMAIL} - Find people by cell phone:
https://www.facebook.com/search/people/?q=%2B{COUNTRY CODE}{PHONE NUMBER} - Find people by name:
https://www.facebook.com/search/str/{NAME}%20{NAME}/users-named - Find people by company:
https://www.facebook.com/search/str/{COMPANY}/pages-named/employees/present/intersect https://www.facebook.com/search/str/{COMPANY}/pages-named/employees/past/intersect - Find people by city they live(d) in:
https://www.facebook.com/search/str/{CITY}/pages-named/residents/present/intersect https://www.facebook.com/search/str/{CITY}/pages-named/residents/past/intersect - Find people by the school they attended:
https://www.facebook.com/search/str/{SCHOOL}/pages-named/students/intersect - Find people who visited a location:
https://www.facebook.com/search/str/{LOCATION}/pages-named/visitors/intersect - Find people by year born (and optionally add gender):
https://www.facebook.com/search/str/{YEAR}/date/users-born https://www.facebook.com/search/str/{YEAR}/date/users-born/males/intersect https://www.facebook.com/search/str/{YEAR}/date/users-born/females/intersect - Find people by age range:
https://www.facebook.com/search/str/{MIN-AGE}/{MAX-AGE}/users-age-2 - Find postings matching a keyword:
https://www.facebook.com/search/str/{KEYWORD}/stories-keyword https://www.facebook.com/search/str/{KEYWORD}/keywords_posts - Find photos matching a keyword:
https://www.facebook.com/search/str/{KEYWORD}/photos-keyword - Find videos matching a keyword (Facebook or External Share):
https://www.facebook.com/search/str/{KEYWORD}/videos-keyword https://www.facebook.com/search/str/{KEYWORD}/videos-web - Find events matching a keyword:
https://www.facebook.com/search/events/?q={KEYWORD}
Facebook Intersections
NOTE: Don’t forget the trailing “intersect” or it won’t work!
- Example of people living in LOCATION who work for COMPANY:
https://www.facebook.com/search/str/{LOCATION}/pages-named/residents/present/intersect/str/{COMPANY}/pages-named/employees/present/intersect - Example of people working for Walmart between 25 and 30 years old who attended San Jacinto school:
https://www.facebook.com/search/str/25/30/users-age-2/intersect/str/Walmart/pages-named/employees/present/intersect/str/Jacinto/pages-named/students/intersect
Facebook Entity IDs
Getting Entity IDs
- Go to the URL for the target, e.g.
https://www.facebook.com/fake.user.demo - View source.
- Look for “entity_id” and the value of that entry is the number.
Using Entity IDs
- View where they’ve been:
https://www.facebook.com/search/{ENTNUM}/places-visited/ https://www.facebook.com/search/ENTNUM/recent-places-visited/ https://www.facebook.com/search/{ENTNUM}/places-checked-in/ - View their events and if they attended:
https://www.facebook.com/search/str/{ENTNUM}/events-invited/{YEAR}/date/events/intersect/ https://www.facebook.com/search/str/ENTNUM/events-joined/YEAR/date/events/intersect/ https://www.facebook.com/search/{ENTNUM}/events - What they like:
https://www.facebook.com/search/{ENTNUM}/places-liked/ https://www.facebook.com/search/ENTNUM/pages-liked/ https://www.facebook.com/search/ENTNUM/photos-liked/ https://www.facebook.com/search/ENTNUM/videos-liked/ https://www.facebook.com/search/{ENTNUM}/stories-liked/ - Same as above but for their friends
https://www.facebook.com/search/{ENTNUM}/friends/places-liked/ {ETC} - Photos (yes, you can do the “friends” thing here too):
https://www.facebook.com/search/{ENTNUM}/photos/ https://www.facebook.com/search/ENTNUM/photos-of/ https://www.facebook.com/search/ENTNUM/photos-by/ https://www.facebook.com/search/{ENTNUM}/photos-commented/ - Videos (yes, you can do the “friends” thing here too):
https://www.facebook.com/search/{ENTNUM}/videos/ https://www.facebook.com/search/ENTNUM/videos-of/ https://www.facebook.com/search/ENTNUM/videos-by/ https://www.facebook.com/search/{ENTNUM}/videos-commented/ - What apps they use (yes, you can do the “friends” thing here too):
https://www.facebook.com/search/{ENTNUM}/apps-used/ - What they said (yes, you can do the “friends” thing here too):
https://www.facebook.com/search/{ENTNUM}/stories-by/ https://www.facebook.com/search/{ENTNUM}/stories-tagged/ - Enumerate the personal and professional networks:
https://www.facebook.com/search/{ENTNUM}/employers/ https://www.facebook.com/search/ENTNUM/groups/ https://www.facebook.com/search/{ENTNUM}/employees/ #Co-workers https://www.facebook.com/search/ENTNUM/friends/ https://www.facebook.com/search/ENTNUM/followers/ https://www.facebook.com/search/ENTNUM/relatives/ https://www.facebook.com/search/{ENTNUM}/relatives/ - Common profile details between two Entity IDs
https://www.facebook.com/friendship/{ENTNUM1}/{ENTNUM2}/ - Common Interests and Activities between two Entity IDs
https://www.facebook.com/search/{ENTNUM1}/places-visited/{ENTNUM2}/places-visited/intersect/ https://www.facebook.com/search/ENTNUM1/places-checked-in/ENTNUM2/places-checked-in/intersect/ https://www.facebook.com/search/ENTNUM1/places-liked/ENTNUM2/places-liked/intersect/ https://www.facebook.com/search/ENTNUM1/pages-liked/ENTNUM2/pages-liked/intersect/ {ETC} - Mix and match also works, e.g. places one visited and the other liked
https://www.facebook.com/search/{ENTNUM1}/places-visited/{ENTNUM2}/places-liked/intersect/
Hermit's Cave 