OSINT using Twitter & PythonPresentation Transcript
OSINT FootprintingUsing Twitter and Python
Who am I? Raymond Lilly @37point2 Analyst at a Social Media/Customer Relations Management company Senior, Eastern Michigan University Information Assurance/Network Security
What are we talking about? OSINT gathering methods Research with implications in Intelligence Social Engineering Marketing
Intelligence What are people talking about? Intel vs Counter Intel Targeting concerns Individuals/Groups Geographic regions Time Topics
Social EngineeringLeaking information What do your co-workers/employees talk about during/after work? IT talking about new tech deployments? Any employees venting about internal issues? C levels discussing personal hobbies/travel plans?
Marketing Can you identify your customers? What are they talking about?/What other interests do they have? Can you profile them and use that to reach new potential customers? Find new markets? Reduce your customer assistance cost or increase customer satisfaction?
Fun Stuff New Job info What’s the corporate culture like? Does the company embrace new tech/ideas or shun them? Amplify the reach of your messages Find organizations/groups that are interested in the same things you are
Key Twitter Concepts Tweets – 140 characters Following Friends Followers Did you pick the user?
Followers A -> B
Friends B -> C
A -> B -> C
Twitter’s API https://dev.twitter.com/docs/api Authenticated vs. Unauthenticated How hard is it to get OAuth Tokens? REST Streaming
Tweepy! Python module for Twitter’s API https://github.com/tweepy/tweepy/ Joshthecoder
GET status/user_timeline Takes a user_id or screen_name since_id count exclude_replies include_rts Tweepy.api.get_status(‘37point2’)
GET users/show user_id/screen_name include_entities ^-- Awesome! Tweepy.api.get_user(‘37point2’)