GitHub - qeeqbox/social-analyzer: API, CLI & Web App for analyzing & fin...
source link: https://github.com/qeeqbox/social-analyzer
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Social Analyzer - API, CLI & Web App for analyzing & finding a person's profile across +900 social media \ websites. It includes different string analysis and detection modules, you can choose which combination of modules to use during the investigation process.
The detection modules utilize a rating mechanism based on different detection techniques, which produces a rate value that starts from 0 to 100 (No-Maybe-Yes). This module intended to have less false positive, and it's documented in this Wiki link.
The analysis and public extracted information from this OSINT tool could help in investigating profiles related to suspicious or malicious activities such as cyberbullying, cybergrooming, cyberstalking, and spreading misinformation.
This project is "currently used by some law enforcement agencies in countries where resources are limited".
Social Analyzer is in a league of its own and is a very impressive tool that I thoroughly recommend for Digital Investigators and OSINT practitioners
- by Joseph Jones, Founder of Strategy Nord, Unita Insight and OS2INT
Updates
- Pending detections are queued for testing
- Multi-profile search stats logic is queued for testing
- Multi-profile search for CLI is queued for testing
- Multi-profile search is finally here (GUI version)! And, most of the public & private modules are compatible with this new search option - E.g. johndoe,janedoe <- any group of usernames separated by commas with no spaces
So·cial Me·di·a
Websites and applications that enable users to create and share content or to participate in social networking - Oxford Dictionary
Security Testing
------------------------------------- --------------------------------- | Security Testing | | Social-Analyzer | ------------------------------------- --------------------------------- | Passive Information Gathering | <--> | Find Social Media Profiles | | | | | | Active Information Gathering | <--> | Post Analysis Activities | ------------------------------------- ---------------------------------
Standard localhost WEB APP url: http://0.0.0.0:9005/app.html
Features
- String & name analysis (Permutations and Combinations)
- Find profile using multiple techniques (HTTPS library & Webdriver)
- Multi profile search (Used for correlation)
- Multi layers detections (OCR, normal, advanced & special)
- Visualized profile information using Ixora (Metadata & Patterns)
- Metadata & Patterns extraction (Added from Qeeqbox osint project)
- Force-directed Graph for Metadata (Needs ExtractPatterns)
- Search by top ranking, or by country (Alexa Ranking)
- Profiles stats and static info (Category country)
- Auto-flirtation to unnecessary output
- Search engine lookup (Google API - optional)
- Custom search queries (Google API & DuckDuckGo API - optional)
- Profile screenshot, title, info and website description
- Find name origins, name similarity & common words by language
- Custom user-agent, proxy, timeout & implicit wait
- Python CLI & NodeJS CLI (limited to FindUserProfilesFast option)
- Grid option for faster checking (limited to docker-compose)
- Dump logs to folder or terminal (prettified)
- Adjust finding\getting profile workers (default 15)
- Re-checking option for failed profiles
- Filter profiles by good, maybe, and bad
- Save the analysis as JSON file
- Simplified web interface and CLI
Special Detections
- Facebook (Phone number, name or profile name)
- Gmail ([email protected])
- Google ([email protected])
Install & Run
Linux (As Node WebApp)
sudo apt-get update #Depedning on your Linux distro, you may or may not need these 2 lines sudo DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common sudo add-apt-repository ppa:mozillateam/ppa -y sudo apt-get install -y firefox-esr tesseract-ocr git nodejs npm git clone https://github.com/qeeqbox/social-analyzer.git cd social-analyzer npm install npm start
Linux (As python package)
sudo apt-get update sudo apt-get install python3 python3-pip pip3 install social-analyzer social-analyzer --username "johndoe" --metadata --top 100 #or python3 -m social-analyzer --username "johndoe" --metadata --top 100
Linux (As python script)
sudo apt-get update sudo apt-get install git python3 python3-pip git clone https://github.com/qeeqbox/social-analyzer cd social-analyzer pip3 install –r requirements.txt python3 app.py social-analyzer --username "johndoe" --metadata --top 100
Importing as object (python)
from importlib import import_module SocialAnalyzer = import_module("social-analyzer").SocialAnalyzer(silent=True) results = SocialAnalyzer.run_as_object(username="johndoe",silent=True) print(results)
Linux, Windows, MacOS, Raspberry pi..
- check this wiki for all possible installation methods
- check this wiki for integrating social-analyzer with your OSINT tools, feeds, etc...
social-analyzer --h
Required Arguments:
--username E.g. johndoe, john_doe or johndoe9999
Optional Arguments:
--websites A website or websites separated by space E.g. youtube, tiktokor tumblr
--mode Analysis mode E.g.fast -> FindUserProfilesFast, slow -> FindUserProfilesSlow or special -> FindUserProfilesSpecial
--output Show the output in the following format: json -> json outputfor integration or pretty -> prettify the output
--options Show the following when a profile is found: link, rate, titleor text
--method find -> show detected profiles, get -> show all profiles regardless detected or not, all -> combine find & get
--filter Filter detected profiles by good, maybe or bad, you can do combine them with comma (good,bad) or use all
--profiles Filter profiles by detected, unknown or failed, you can do combine them with comma (detected,failed) or use all
--countries select websites by country or countries separated by space as: us br ru
--top select top websites as 10, 50 etc...[--websites is not needed]
--extract Extract profiles, urls & patterns if possible
--metadata Extract metadata if possible (pypi QeeqBox OSINT)
--trim Trim long strings
--gui Reserved for a gui (Not implemented)
--cli Reserved for a cli (Not needed)
Listing websites & detections:
--list List all available websites
Setting:
--headers Headers as dict
--logs_dir Change logs directory
--timeout Change timeout between each request
--silent Disable output to screen
Open Shell
Running Issues
- Remember that existing profiles show
status:good
orrate:%100
- Some websites return
blocked
orinvalid
<- this is the intended behavior - Use Proxy, VPN, TOR or anything similar for periodic suspicious-profiles checking
- Do not mix FindUserProfilesFast, with FindUserProfilesSlow and ShowUserProfilesSlow
- Change the user-agent to most updated one or increase the random time between requests
- Use the slow mode (Not available in the CLIs) to avoid running into blocking\results issue
Goals
- Adding the generic websites detections (These need some reviewing, but I will try to add them in 2021)
Resources
- DuckDuckGo API, Google API, NodeJS, bootstrap, selectize, jQuery, Wikipedia, font-awesome, selenium-webdriver & tesseract.js
- Let me know if I missed a reference or resource!
Interviews
Some News\Articles
Disclaimer\Notes
- Make sure to download this tool from GitHub
- This is a security project (Treat it as a security project)
- If you want your website to be excluded from this project list, please reach out to me
- This tool meant to be used locally not as a service (It does not have any type of Access Control)
- For issues related to modules that end with -private or under the private group , reach out directly to me (do not open an issue on GitHub)
Other Projects
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK