Osintgram: The Ethical Hacker’s Guide to Instagram Recon

Hey techies, welcome back to the blog! You might already know me from my previous dives into Wazuh and the world of security. Today, I’m taking a detour to explore another valuable tool: Osintgram.

INTRODUTION:

Osintgram is an OSINT tool on Instagram to collect, analyze, and run reconnaissance.

INSTALLATION:

Execute the following command in your Kali Linux terminal

“git clone https://github.com/Datalux/Osintgram.git”.

To verify if the Osintgram directory exists after cloning the tool from Git, use the following command “ls”. This command will list all files and directories in the current working directory.

Now use “cd” to change the directory to Osintgram.

Give the command “sudo apt install python3.11-venv” to install the virtual environment in Kali.

To create a virtual environment named venv in your current working directory, execute the following command “python3 -m venv venv”.

To enter into the virtual environment use “source venv/bin/activate”.

Here’s the command to install all the requirements for Osintgram within your activated virtual environment “pip install -r requirements.txt”.

The Osintgram tool was fully installed and ready to use.

USAGE:

The first thing we need is a dummy Instagram account.

Inside the Osintgram directory give the command “make setup”. It will ask us to give the credentials of the Instagram. Enter the username and password and click on enter.

To verify the contents of the settings.json file and ensure it contains the necessary opening and closing curly braces ({}), execute the following command “cat config/settings.json”.

Once you’ve configured Osintgram and established your target username, execute the following command in your terminal to initiate the information gathering process “python3 main.py <target username>”.

Upon successful execution of the command, Osintgram will likely establish an interactive shell environment.

Within this environment, you’ll be able to leverage Osintgram’s functionalities to explore and analyze publicly available information associated with the target Instagram account.

To explore the functionalities offered within the interactive shell, enter the following command “list”.

To investigate who follows the target Instagram account, utilize the “followers” command within the interactive shell.

To explore who the target Instagram account follows, enter the “followings” command within the interactive shell.

To download all publicly available photos uploaded by the target user, utilize the “photos” command within the interactive shell.

It will ask us to select how many photos we want. By default, it will download all the photos.

All the downloaded images will be saved in “output” directory.

Upon successful execution of the photos command, Osintgram will typically create a dedicated directory within a pre-defined location (often named "output"). This directory will be named after the target username.

In conclusion, Osintgram provides a valuable toolkit for ethically gathering publicly available information about Instagram accounts. By leveraging commands like “followers”, “followings”, and “photos” within the interactive shell, users can gain insights into the target account's network, uploaded content, and potentially associated data points.

TROUBLESHOOTING:

No tool is infallible. Inherent to any software is the potential for encountering errors. However, these errors serve a valuable purpose: they act as signposts, guiding us towards root causes and enabling efficient troubleshooting. By systematically analyzing error messages and understanding their context, we can refine and optimize the tool’s performance, ensuring it delivers the desired results.

TOUBLESHOOT: 1 While executing “python3 main.py <username>”, you might encounter an error message. This typically indicates an unexpected issue within the Osintgram.py file itself, rather than a problem with your specific command.

The Osintgram directory structure includes a “src” directory.

Within “src” directory, the “Osintgram.py” file likely resides. You can utilize a text editor like “nano” to examine its contents:

In Osintgram.py file, comment down the “self.following = self.check_following()” line.

TROUBLESHOOT: 2 If you encounter this type of error while executing the command “python3 main.py”.

Then the reason might be the “braces”. If the “settings.json” is like this, then the “python3 main.py” command will give you an error. So, clear everything except the braces.

The “braces” in the settings.json should be empty in any case.

TROUBLESHOOT: 3 Sometimes we might encounter this type of errors.

When attempting to use “python3 main.py <username>” on a private account, you might encounter errors due to the lack of accessible information.

To ensure optimal results and avoid limitations associated with private accounts, focus on gathering information from public Instagram profiles. public profiles will look like this.

By understanding tool functionalities, limitations, and the importance of targeting public profiles, you can leverage this tool effectively.

Respect user privacy

Adhere to legal guidelines

Use responsibly

Thank you for reading and following the guide this far. You can place your queries and concerns in the comment section below.

Enjoy Learning!