TuesdayTool 22: TOSINT, Your Telegram Investigation Buddy
Telegram as a social media application promises a lot of anonymity and privacy features which has attracted millions of users across the globe especially privacy enthusiasts and investigative journalists. However, threat actor/cybercriminal groups have established a solid foothold on Telegram as it allows higher number of participants in a group compared to its competitors. This has enabled the sharing information between cybercriminals with little or no web development knowledge or expertise. We have seen cybercriminal groups that use Telegram groups for shops, marketplace, and communities where criminal transactions occur. Telegram groups that allow the upload, download, and sale of illegal applications used for cyber crimes are seen to flourish on blue applications. This has projected Telegram as a treasury chest for threat intelligence analysts and investigative journalists. Even though Telegram can be used to collect intelligence artifacts, it is manually stressful as an analyst needs to know the group’s name and manually search for a match which most times, there will be different names, logos, and other information that may be confusing. I have come bearing a piece of good news 😊😊😊. Today I have come to introduce you to a tool that can reduce the stress of collecting intelligence artifacts from the blue application, Telegram. Welcome TOSINT (Telegram open source intelligence tool) your Telegram investigation buddy.
About TOSINT
TOSINT is an open-source tool developed by Andrea Draghetti. It is a tool designed for extracting valuable information from Telegram bots and channels, primarily aimed at security researchers, investigators, and OSINT (Open Source Intelligence) analysts. TOSINT is particularly useful for monitoring cybercriminal activities, especially those related to phishing scams that increasingly utilize Telegram for communication and data exchange.
Features of Tosint
TOSINT offers a range of features that allow users to gather detailed insights from Telegram entities. Key functionalities include:
- Bot Information: Extracts details such as First Name, Username, User ID, and Status.
- Chat Information: Provides data on Chat Title, Type (group or channel), ID, Username, and Invite Link.
- User Metrics: Displays the number of users in a chat and information about chat administrators.
- Updates: Retrieves the latest messages sent in the chat.
These features enable analysts to understand the structure and activity of Telegram channels used by criminals, thereby aiding in threat detection and response efforts.
Installation Process
To get started with TOSINT follow the steps below:
- Open the terminal on Linux or command prompt on Windows
- Clone the Repository by typing the commands below:
bashgit clone <https://github.com/drego85/tosint.git>
3. Install Dependencies: navigate to the cloned directory and run the command below:
bashpip install -r requirements.txt
4. Run the Tool: execute the script using Python 3:
bashpython3 tosint.py
Usage
Tosint can be used in two primary modes: interactive and command-line.
Interactive Mode
When running TOSINT interactively, you will be prompted to enter your Telegram Token and Chat ID:
bash$ python3 tosint.py Telegram Token (bot1xxx): <Your_Token> Telegram Chat ID (-100xxx): <Your_Chat_ID>
See the steps on how to get a Telegram token and chat ID here
Command-Line Arguments
Alternatively, you can pass the necessary parameters directly as command-line arguments:
bash$ python3 tosint.py -t <Your_Token> -c <Your_Chat_ID>
Both methods will yield detailed information about the specified bot and chat
Use Cases
TOSINT is particularly beneficial for various professionals especially:
- Security Researchers: To analyze malware or phishing campaigns by gathering intelligence from Telegram channels.
- Investigators: To track criminal activities by identifying the infrastructure used by attackers.
- Law Enforcement Agencies: For gathering intelligence related to cybercrime investigations
Conclusion
TOSINT serves as a powerful resource for anyone involved in OSINT activities on Telegram. By leveraging its capabilities, users can effectively monitor and analyze criminal operations that utilize this messaging platform. The open-source nature of TOSINT ensures that it remains accessible for continuous improvement and adaptation to emerging threats in the digital landscape.
Till I come your way again next 2 weeks Tuesday, #BeCyberSmart
Cyberliza writes TuesdayTool
