OSINT: Twitter and Facebook

This is the quick-hit version of the Open Source Intelligence (OSINT) training I gave on using data from Twitter and Facebook to profile an individual or organization.  As with all of the formal training, you can use the below for a quick reference, or view the full presentation here.

Twitter

  • Find a user’s profile page:
    https://twitter.com/{HANDLE}
  • Find a user by ”real” name:
    https://twitter.com/search?f=users&q={NAME}
  • Find tweets from a particular user:
    https://twitter.com/search?q=from%3A{HANDLE}
  • Find tweets to a particular user:
    https://twitter.com/search?q=to%3A{HANDLE}
  • Find tweets within a particular time range from a user:
    https://twitter.com/search?q=from%3A{HANDLE}%20SINCE%3A{YYYY-MM-DD}%20UNTIL%3A{YYYY-MM-DD}
  • Search for a tweet that contains all listed words:
    https://twitter.com/search?f=tweets&q={TERM1}%20{TERM2}%20{TERM_ETC}
  • Search for a single, exact term/phrase:
    https://twitter.com/search?f=tweets&q=“{TERM/PHRASE}”
  • Search for one of (however many) terms:
    https://twitter.com/search?f=tweets&q={TERM1}%20OR%20{TERM2}
  • Search for one term without another term:
    https://twitter.com/search?f=tweets&q={KEEP-TERM}%20-{EXCLUDE-TERM}
  • Search for media from a particular user:
    https://twitter.com/{HANDLE}/media
  • Search for favorites from a particular user:
    https://twitter.com/{HANDLE}/favorites
  • Search for the first tweet from an account:
    https://discover.twitter.com/first-tweet#{HANDLE}
  • Search for all followers of an account:
    https://twitter.com/{HANDLE}/followers
  • Search for tweets a user ”liked” from other accounts:
    https://twitter.com/{HANDLE}/likes

Geolocation Search

  • Use Google Maps to find your location, right-click, and choose “What is here” to see the decimal notation lat/long:
    https://www.google.com/maps/place/Topeka,+KS/@39.0293081,-95.9063093,14z/data=!4m5!{etc}
  • Search:
    https://twitter.com/search?f=tweets&q=geocode%3A{LAT}%2C{LONG}%2C{RADIUS}{“mi” or “km”}
  • Example:
    https://twitter.com/search?f=tweets&q=geocode%3A39.0293081%2C-95.9063093%2C8mi

Third Party Tools

  • Perform social analysis of tweets by user:
    https://socialbearing.com/search/user/{HANDLE}
  • Perform statistical anaysis of tweets by user:
    https://foller.me/{HANDLE}
  • See history of archived tweets (find deleted tweets, both sent and mentioned):
    https://backtweets.com/search/q={HANDLE}

Facebook

  • Find people by email:
    https://www.facebook.com/search/people/?q={EMAIL}
  • Find people by cell phone:
    https://www.facebook.com/search/people/?q=%2B{COUNTRY CODE}{PHONE NUMBER}
  • Find people by name:
    https://www.facebook.com/search/str/{NAME}%20{NAME}/users-named
  • Find people by company:
    https://www.facebook.com/search/str/{COMPANY}/pages-named/employees/present/intersect
    https://www.facebook.com/search/str/{COMPANY}/pages-named/employees/past/intersect
  • Find people by city they live(d) in:
    https://www.facebook.com/search/str/{CITY}/pages-named/residents/present/intersect
    https://www.facebook.com/search/str/{CITY}/pages-named/residents/past/intersect
  • Find people by the school they attended:
    https://www.facebook.com/search/str/{SCHOOL}/pages-named/students/intersect
  • Find people who visited a location:
    https://www.facebook.com/search/str/{LOCATION}/pages-named/visitors/intersect
  • Find people by year born (and optionally add gender):
    https://www.facebook.com/search/str/{YEAR}/date/users-born
    https://www.facebook.com/search/str/{YEAR}/date/users-born/males/intersect https://www.facebook.com/search/str/{YEAR}/date/users-born/females/intersect
  • Find people by age range:
    https://www.facebook.com/search/str/{MIN-AGE}/{MAX-AGE}/users-age-2
  • Find postings matching a keyword:
    https://www.facebook.com/search/str/{KEYWORD}/stories-keyword
    https://www.facebook.com/search/str/{KEYWORD}/keywords_posts
  • Find photos matching a keyword:
    https://www.facebook.com/search/str/{KEYWORD}/photos-keyword
  • Find videos matching a keyword (Facebook or External Share):
    https://www.facebook.com/search/str/{KEYWORD}/videos-keyword
    https://www.facebook.com/search/str/{KEYWORD}/videos-web
  • Find events matching a keyword:
    https://www.facebook.com/search/events/?q={KEYWORD}

Facebook Intersections
NOTE: Don’t forget the trailing “intersect” or it won’t work!

  • Example of people living in LOCATION who work for COMPANY:
    https://www.facebook.com/search/str/{LOCATION}/pages-named/residents/present/intersect/str/{COMPANY}/pages-named/employees/present/intersect
  • Example of people working for Walmart between 25 and 30 years old who attended San Jacinto school:
    https://www.facebook.com/search/str/25/30/users-age-2/intersect/str/Walmart/pages-named/employees/present/intersect/str/Jacinto/pages-named/students/intersect

Facebook Entity IDs
Getting Entity IDs

  • Go to the URL for the target, e.g.
    https://www.facebook.com/fake.user.demo
  • View source.
  • Look for “entity_id” and the value of that entry is the number.

Using Entity IDs

  • View where they’ve been:
    https://www.facebook.com/search/{ENTNUM}/places-visited/
    https://www.facebook.com/search/{ENTNUM}/recent-places-visited/
    https://www.facebook.com/search/{ENTNUM}/places-checked-in/
  • View their events and if they attended:
    https://www.facebook.com/search/str/{ENTNUM}/events-invited/{YEAR}/date/events/intersect/
    https://www.facebook.com/search/str/{ENTNUM}/events-joined/{YEAR}/date/events/intersect/
    https://www.facebook.com/search/{ENTNUM}/events
  • What they like:
    https://www.facebook.com/search/{ENTNUM}/places-liked/
    https://www.facebook.com/search/{ENTNUM}/pages-liked/
    https://www.facebook.com/search/{ENTNUM}/photos-liked/
    https://www.facebook.com/search/{ENTNUM}/videos-liked/
    https://www.facebook.com/search/{ENTNUM}/stories-liked/
  • Same as above but for their friends
    https://www.facebook.com/search/{ENTNUM}/friends/places-liked/
    {ETC}
  • Photos (yes, you can do the “friends” thing here too):
    https://www.facebook.com/search/{ENTNUM}/photos/
    https://www.facebook.com/search/{ENTNUM}/photos-of/
    https://www.facebook.com/search/{ENTNUM}/photos-by/
    https://www.facebook.com/search/{ENTNUM}/photos-commented/
  • Videos (yes, you can do the “friends” thing here too):
    https://www.facebook.com/search/{ENTNUM}/videos/
    https://www.facebook.com/search/{ENTNUM}/videos-of/
    https://www.facebook.com/search/{ENTNUM}/videos-by/
    https://www.facebook.com/search/{ENTNUM}/videos-commented/
  • What apps they use (yes, you can do the “friends” thing here too):
    https://www.facebook.com/search/{ENTNUM}/apps-used/
  • What they said (yes, you can do the “friends” thing here too):
    https://www.facebook.com/search/{ENTNUM}/stories-by/
    https://www.facebook.com/search/{ENTNUM}/stories-tagged/
  • Enumerate the personal and professional networks:
    https://www.facebook.com/search/{ENTNUM}/employers/
    https://www.facebook.com/search/{ENTNUM}/groups/
    https://www.facebook.com/search/{ENTNUM}/employees/   #Co-workers
    https://www.facebook.com/search/{ENTNUM}/friends/
    https://www.facebook.com/search/{ENTNUM}/followers/
    https://www.facebook.com/search/{ENTNUM}/relatives/
    https://www.facebook.com/search/{ENTNUM}/relatives/
  • Common profile details between two Entity IDs
    https://www.facebook.com/friendship/{ENTNUM1}/{ENTNUM2}/
  • Common Interests and Activities between two Entity IDs
    https://www.facebook.com/search/{ENTNUM1}/places-visited/{ENTNUM2}/places-visited/intersect/
    https://www.facebook.com/search/{ENTNUM1}/places-checked-in/{ENTNUM2}/places-checked-in/intersect/
    https://www.facebook.com/search/{ENTNUM1}/places-liked/{ENTNUM2}/places-liked/intersect/
    https://www.facebook.com/search/{ENTNUM1}/pages-liked/{ENTNUM2}/pages-liked/intersect/
    {ETC}
  • Mix and match also works, e.g. places one visited and the other liked
    https://www.facebook.com/search/{ENTNUM1}/places-visited/{ENTNUM2}/places-liked/intersect/