5 OSINT Utilities: Building Your Online Investigator Toolkit
OSINT, or Open Source Intelligence, can be extremely useful, especially when investigating incidents. While most people know the theory—what and where to search—in practice, the sheer volume of data can be overwhelming, making manual review impossible and stalling investigations. In this article, I’ll introduce several powerful tools that will make your work easier and help you avoid getting lost in a sea of information.
Here, I’ll cover five tools for analyzing open data in social networks and Telegram.
1. YaSeeker
YaSeeker allows you to obtain information about any Yandex account. Just enter the user’s nickname, and the script does the rest. It’s a great tool for finding someone by their nickname if you know they have a Yandex account.
I’ll be installing all the utilities in this review on Kali Linux, but installation on other Debian or Ubuntu-based distributions should be similar.
Download YaSeeker from GitHub and install the dependencies:
git clone https://github.com/HowToFind-bot/YaSeeker.git cd YaSeeker pip install -r requirements.txt
Since Yandex doesn’t like sharing data with just anyone (at least officially), you’ll need to provide the tool with cookies files so it can pretend to be a real user. You can register any disposable Yandex account and install a browser extension to export cookies in Netscape format.
The cookies.txt extension is available for Chrome and Firefox. You don’t have to use this exact extension—just search for “get cookies txt” in your browser’s extension store.
With the extension enabled, go to Yandex and save cookies.txt (if prompted, select “Current Site”). It’s best to save the file directly in the YaSeeker directory and name it cookies.txt, as you can’t configure the path to the cookies file.
Now that you have the cookies, you can run the script. Just launch it with python3 and pass the username you want to investigate as an argument.
The tool will display information about the Yandex services used by the account owner. For investigations in the Russian-speaking segment of the internet, YaSeeker can be very useful and is worth adding to your toolkit—especially if you automate its launch along with similar tools in a single script.
2. Enola Holmes
Enola is an alternative to the much more widely known tool Sherlock. The authors named it after Sherlock’s sister, Enola Holmes. This version is written in Go and works a bit faster.
Enola can search for users by nickname on just under 400 services and has a much more user-friendly interface than Sherlock.
There are two installation options: a simple one and one for Go enthusiasts. I’ll use the latter:
git clone https://github.com/TheYahya/enola.git
Then, go to the enola/cmd/enola directory and build the binary with go build. You’ll get an executable file enola, which you can run with ./enola.
Alternatively, if you have Go (version 1.19 or higher), you can install it with a single command:
go install github.com/theyahya/enola/cmd/enola@latest
Now you can launch Enola and see how it handles searching for a random nickname from a chat. The tool is easy to use, with hotkey hints available at the bottom panel. Other advantages include a simple launch, very fast operation, and instant results.
3. Telegram-bot-dumper
This tool is especially useful if you have a Telegram bot token—for example, if you’re investigating malware that was controlled via a Telegram bot. The script will extract all user conversations with the bot, including not just text messages but all media files. So, Telegram-bot-dumper is not only an OSINT tool but also a handy utility in general.
To use it, you’ll need to obtain an API_ID and API_HASH for a Telegram app, so it’s best to create a throwaway account—better safe than sorry. You wouldn’t want your personal account banned if something goes wrong.
Download and install the tool like any Python application: clone the repository, go to its directory, and install the dependencies.
git clone https://github.com/soxoj/telegram-bot-dumper cd telegram-bot-dumper pip install -r requirements.txt
Before launching, open dumper.py in any editor and replace the API_ID and API_HASH variables with your own.
Run the script:
python3 dumper.py --token <token>
The script will download the entire history it can access and will continue listening for new messages. To stop it, just press Ctrl-C.
Note: The tool can’t detect when a user has deleted some messages and may not dump the entire history. To address this, use the --lookahead N parameter, where N is the number of batches of 200 messages (default) the tool will try to dump additionally. Deleted messages still can’t be recovered, but you might get earlier ones.
This script is useful at least for assessing the scale of a breach (the amount of data stolen during an attack), and in cases of attacks managed via Telegram bots, it can help reconstruct the timeline.
4. Socid-extractor
Socid-extractor allows you to extract profile information from many services supported by Enola, but with the level of detail found in YaSeeker. It displays many details, not just the fact that a user is registered on a service.
Important: The tool usually doesn’t use the services’ APIs, so the amount of information is less than it could be, but the script works very quickly and doesn’t require tedious setup with API keys for hundreds of services.
It makes sense to use Socid-extractor in combination with other similar tools, like YaSeeker.
Install Socid-extractor as follows:
git clone https://github.com/soxoj/socid-extractor cd socid-extractor pip install -r requirements.txt
Now you can view information about the person you’re interested in. For example, with VKontakte, the tool will display the last name, first name, registration and last update dates, whether the account is active, and whether it’s private. This is enough for an initial data collection.
5. TelAnalysis
Finally, here’s an interesting tool for analyzing Telegram chats. TelAnalysis analyzes a chat history file and performs all actions without using the Telegram API or app, unlike most scripts that work with Telegram data.
TelAnalysis mainly performs static chat analysis: it creates a list and graph of the most active participants, displays the top most frequent words in the chat, and generates a tag cloud (a picture where words are sized according to their popularity). It can also show general information about each user. Additionally, you can generate a top words list for each user to see their interests.
The interface is a bit different from the previous tools: only the server runs in the console, while user interaction is handled through a browser.
Install TelAnalysis in the usual way and run main.py:
git clone https://github.com/krakodjaba/TelAnalysis.git cd TelAnalysis pip install -r requirements.txt python3 main.py
The console will only display a link to the control panel. Open it in your browser to access a minimalist interface. Just upload the JSON dump of the chat you want to analyze.
To create a JSON dump, open the official Telegram client, find the chat you’re interested in, click the three dots in the top right corner, and select “Export chat history.” In the export settings, choose the JSON format and a save path. You don’t need to export files, images, or voice messages—TelAnalysis only accepts text, so exporting anything else is a waste of time.
Save the exported file in a convenient location and upload it to the panel. The user list shows who wrote how many messages in the group and includes IDs so you can track messages from the same person even if they change their nickname. The graph isn’t perfect, but you can see the connections between users. You can also generate a tag cloud, though it may include service words that can be easily removed. If you improve it, don’t forget to send the author a pull request!
The last feature is displaying messages by user ID. Personally, I haven’t found much use for this, since Telegram has a more convenient search by sender.
Conclusion
The tools covered today are certainly not the only ones of their kind, and you may know of even better and more useful utilities. If so, don’t hesitate to send us a link by email (contacts below) or leave a comment. Any feedback is valuable, and who knows, maybe we’ll gather enough for another roundup like this one.