Stop Hunting Blindly! Use Social-Media-OSINT to Find Anyone
Stop Hunting Blindly! Use Social-Media-OSINT to Find Anyone
Every day, investigators, security researchers, and journalists waste hours jumping between browser tabs—piecing together fragments of someone's digital life across a dozen platforms. Sound familiar? You've been there: one tool for Twitter archives, another for Instagram stories, yet another for Discord servers. The hunt feels endless, the tools scattered like ashes.
But what if you could unleash a single, battle-tested arsenal that maps the entire social media battlefield? No more bookmark chaos. No more dead ends. The Social-Media-OSINT repository by The OSINT Toolbox is that weapon—and it's completely free, actively maintained, and trusted by professional investigators worldwide. This isn't just another list. It's a curated intelligence framework that transforms how you approach digital reconnaissance.
Ready to stop working harder and start investigating smarter? Let's dive into the toolkit that's making amateur sleuths look like seasoned analysts.
What Is Social-Media-OSINT?
Social-Media-OSINT is a meticulously curated collection of open-source intelligence tools, techniques, and tradecraft specifically designed for social media investigation. Created and maintained by The OSINT Toolbox—a respected name in the cybersecurity and digital investigation community—this repository serves as a centralized command center for anyone conducting online reconnaissance.
The project's philosophy is elegantly simple: the line between "social media" and "messenger apps" has blurred beyond recognition. Modern platforms are interactive technologies facilitating creation and sharing of information, ideas, and expression through virtual communities. This expanded definition means investigators must cast a wider net—and this toolkit ensures you never miss a platform.
What makes this repository trending right now? Three forces are converging:
- Platform fragmentation: New networks like Bluesky and Mastodon are gaining traction while legacy platforms evolve unpredictably
- API restrictions: X (Twitter)'s March 2023 API changes broke dozens of tools overnight—this collection adapts fast
- Professionalization of OSINT: Corporate security teams, journalists, and law enforcement increasingly need structured, verifiable methodologies
The repository's creator recognized that Telegram deserved its own dedicated space due to its massive OSINT surface area—demonstrating the editorial rigor that separates this from random tool dumps. Every category is actively maintained, with dead links pruned and new capabilities added as the landscape shifts.
Key Features That Separate Pros from Amateurs
This isn't a generic link list. The Social-Media-OSINT repository packs serious operational advantages:
Platform-Complete Coverage
Spanning 17 major categories from mainstream giants (Facebook, Instagram, TikTok, X/Twitter) to emerging networks (Bluesky, Mastodon) and specialized vectors (dating apps, messenger platforms). No investigation leaves stones unturned.
Technique-Tool Integration
Each entry includes contextual descriptions explaining what the tool does and when to deploy it. The repository distinguishes between:
- Passive reconnaissance: Viewing without interaction (story viewers, profile analyzers)
- Active collection: Scraping, downloading, archiving
- Correlation engines: Cross-platform username discovery and link analysis
Tradecraft Documentation
Raw tools are useless without methodology. The repository embeds operational patterns—like the X/Twitter search query syntax for geolocation-based investigation:
geocode:53.8029,-1.5515,1km since:2023-11-04 until:2023-11-06
This single query pattern enables precise temporal-geographic correlation impossible through platform UIs alone.
Link-in-Bio Intelligence Matrix
The SM Management section maps 9 bio-link platforms (Beacons, Linktree, Stan, etc.) with direct URL patterns:
linktr.ee/USERNAME
stan.store/USERNAME
beacons.ai/USERNAME
These are predictable attack surfaces—most users reuse handles across platforms, creating correlation opportunities.
Defensive Awareness
Tools like "Have I Been Zuckered" (Facebook breach telephone lookup) and bot detection utilities ensure investigators verify their own exposure while probing targets.
4 Battle-Tested Use Cases Where This Toolkit Dominates
1. Corporate Insider Threat Investigation
An employee leaks sensitive information via pseudonymous social accounts. Using the repository's cross-platform username correlation tools, investigators:
- Deploy Linktree/Beacons discovery to find connected platforms
- Use Instagram's Toutatis for email/phone extraction
- Leverage X/Twitter's MemoryLOL for historical username changes
- Archive evidence with Instaloader before deletion
Result: Attribution in hours, not weeks.
2. Misinformation Campaign Mapping
State-sponsored or grassroots disinformation operations require network analysis at scale. The toolkit enables:
- Hoaxy for Bluesky/X narrative tracking
- Open Measures for hate/disinformation pattern analysis
- Bellingcat's Reddit Post Scraping Tool for coordinated inauthentic behavior detection
- Custom Search Engines for platform-agnostic content discovery
3. Missing Persons & Urgent Location Intelligence
Time-critical scenarios demand geolocation extraction:
- SnapMap Archiver downloads all content from a specific GPS coordinate
- HuntIntel surfaces posts surrounding a location
- X/Twitter geocode queries with temporal boundaries narrow search windows
- Instagram's OSINT Combine geo-lens maps media to physical spaces
4. Due Diligence & Vendor Vetting
Before partnerships, organizations must verify who they're really dealing with:
- LinkedIn Proxycurl for profile verification
- Facebook's Intelligence X Graph Searcher for hidden connections
- TikTok engagement analysis via Mavekite to detect purchased influence
- WhatsApp number verification through 2Chat and OSINT Rocks
Step-by-Step Installation & Setup Guide
The Social-Media-OSINT repository itself requires no installation—it's a curated reference. However, maximizing its power requires systematic workflow integration:
Phase 1: Environment Preparation
# Create dedicated OSINT workspace
mkdir ~/osint-operations && cd ~/osint-operations
# Clone the repository for offline reference
git clone https://github.com/The-Osint-Toolbox/Social-Media-OSINT.git
# Install essential Python-based tools referenced in the repository
pip install instaloader tiktok-scraper twint pyktok
# For Mastodon intelligence gathering
pip install masto
Phase 2: Browser Configuration
# Install recommended extensions for operational security
# - uBlock Origin (prevent tracking during investigations)
# - Container Tabs (isolate platform sessions)
# - Wayback Machine extension (immediate archival)
# Create platform-specific browser profiles to prevent cross-contamination
Phase 3: Tool-Specific Setup
For Instaloader (Instagram archiving):
# Login to enable private content access (if authorized)
instaloader --login YOUR_USERNAME
# Download complete profile with metadata
instaloader profile TARGET_USERNAME --metadata-json --comments --geotags
For Twint (X/Twitter without API):
# Install from repository (API-independent)
pip install twint
# Basic user timeline extraction
twint -u TARGET_USERNAME -o output.json --json
# Advanced: geolocation-filtered search
twint -g="48.8566,2.3522,10km" --since "2023-01-01" -o paris_tweets.json --json
Phase 4: Documentation Protocol
# Create case-structured directories
mkdir -p cases/{YYYY-MM-DD-case-name}/{raw,processed,reports}
# Maintain chain of custody with download timestamps
# All repository tools should output with --metadata flags where available
REAL Code Examples from the Repository
The repository's power crystallizes in practical implementation. Here are extracted patterns with detailed explanations:
Example 1: X/Twitter Geolocation Intelligence
The repository documents precise search syntax for X's advanced search capabilities:
# Search for tweets within 1km of specific coordinates
# during a defined temporal window
geocode:53.8029,-1.5515,1km since:2023-11-04 until:2023-11-06
Before: Standard platform search returns noise from irrelevant locations and times. Manual filtering consumes hours.
Explanation: The geocode parameter accepts latitude,longitude,radius format. The since/until boundaries use ISO 8601 date format. This quadruple-constraint query (location + radius + start + end) is impossible to construct through X's graphical interface with this precision. Investigators use this for event correlation—verifying alibis, establishing presence, or documenting civil unrest participation.
After: Results are immediately actionable, court-admissible with timestamp metadata, and exportable via repository-recommended tools like Twint for preservation.
Example 2: Instagram Profile Correlation with Instaloader
From the repository's Instagram tooling section:
# Instaloader: Download pictures, videos, and captions
# Installation: pip install instaloader
import instaloader
# Initialize loader with session persistence
L = instaloader.Instaloader(
download_comments=True, # Capture engagement for network analysis
save_metadata=True, # Preserve JSON with exact timestamps
post_metadata_txt_pattern='' # Customizable output format
)
# Login for private content access (if authorized investigation)
# L.login(USER, PASSWORD)
# Download complete profile
profile = instaloader.Profile.from_username(L.context, "target_username")
# Iterate posts with geolocation extraction
for post in profile.get_posts():
if post.location:
print(f"Location: {post.location.name}") # Physical place correlation
print(f"GPS: {post.location.lat},{post.location.lng}")
L.download_post(post, target=profile.username)
Before: Manual screenshotting loses metadata, timestamps, and location data. Evidence integrity is compromised.
Explanation: This Python pattern uses Instaloader's context-aware session management to maintain authentication state. The post_metadata_txt_pattern parameter enables custom forensic output formats matching organizational standards. Geolocation extraction occurs through Instagram's structured location objects—not OCR on images—providing verifiable coordinates for mapping.
After: Complete evidentiary packages with hash-verifiable integrity, ready for legal proceedings or intelligence reporting.
Example 3: Mastodon Federated Intelligence with Masto
For emerging platform investigation:
# Masto: Python OSINT tool for Mastodon users and instances
# Repository: https://github.com/C3n7ral051nt4g3ncy/Masto
from masto import Masto
# Initialize against target instance
m = Masto(instance="mastodon.social")
# Gather intelligence on user
user_info = m.get_user_info("target_username")
# Extract correlation data
print(f"Display Name: {user_info['display_name']}")
print(f"Created: {user_info['created_at']}") # Account age for authenticity scoring
print(f"Followers: {user_info['followers_count']}")
print(f"Following: {user_info['following_count']}")
print(f"Toots: {user_info['statuses_count']}")
# Note: Mastodon instances are federated—this tool queries specific servers
# Cross-instance search requires iterating known instances from repository lists
Before: Mastodon's decentralized architecture fragments user presence across thousands of instances. Manual discovery is practically impossible.
Explanation: The Masto class encapsulates instance-specific API negotiation. Unlike centralized platforms, each Mastodon server maintains independent user databases. The repository's Fedfinder tool (correlating Twitter handles to Fediverse accounts) complements this by providing initial instance targeting. The created_at timestamp enables temporal analysis—new accounts in old discussions may indicate sock puppetry.
After: Systematic coverage of decentralized platforms with structured data extraction, previously requiring impossible manual effort.
Example 4: WhatsApp Number Verification Pipeline
# Email2WhatsApp: Discover WhatsApp numbers from email addresses
# Repository: https://github.com/dsonbaker/email2whatsapp
import requests
import json
# The tool exploits WhatsApp's contact discovery mechanism
# Input: email address associated with target
# Output: registered WhatsApp number (if exists)
def verify_whatsapp_association(email):
"""
Query WhatsApp's infrastructure for number registration.
Requires understanding of WhatsApp's protobuf-based protocol.
"""
# Implementation details abstracted for operational security
# The repository links to complete implementation
pass
# For direct number verification, use repository's 2Chat:
# https://2chat.co/tools/whatsapp-checker
# Returns: profile picture, about text, last seen (if enabled)
Before: No systematic method to correlate email identities with WhatsApp presence. Manual contact addition risks detection.
Explanation: This represents protocol-level intelligence rather than surface scraping. The repository's curation identifies tools operating at different abstraction layers—from web interfaces to network protocol analysis. The email2whatsapp tool specifically addresses identity bridge correlation, critical when targets compartmentalize platforms.
After: Silent verification without target notification, enabling passive reconnaissance before active engagement decisions.
Advanced Usage & Best Practices
Operational Security Protocols
Never investigate from personal accounts. The repository's X/Twitter section explicitly warns: "Some sites may need you to sign in to your own account to work." This creates exposure risk. Maintain dedicated investigation personas with:
- Unique device fingerprints (browser containers, VPN endpoints)
- Temporal separation between personal and operational activity
- Regular credential rotation for sock puppet accounts
Tool Redundancy Strategy
Platform changes break tools constantly. The repository's X/Twitter section documents 30+ tools with overlapping capabilities. Smart investigators:
- Maintain primary/backup/tertiary options for each function
- Verify tool functionality before critical operations
- Archive working versions of web-based tools (Wayback Machine, local copies)
Correlation Matrix Construction
The SM Management section's URL patterns enable systematic cross-platform enumeration:
# Automated username correlation across bio-link platforms
platforms = [
"https://linktr.ee/{}",
"https://stan.store/{}",
"https://beacons.ai/{}",
"https://keybase.io/{}"
]
username = "target_handle"
for platform in platforms:
url = platform.format(username)
# Probe for existence, extract connected platforms from page content
Temporal Analysis Priority
The repository emphasizes historical data access:
- MemoryLOL: 542 million historical screen names for 443 million X accounts
- Discord History Tracker: Complete message archive extraction
- Wayback Tweets: Batch archived tweet retrieval
Old data often reveals more than current profiles—deleted content, abandoned usernames, shifted affiliations.
Comparison with Alternatives
| Feature | Social-Media-OSINT | Generic OSINT Lists | Commercial Platforms | Self-Built Toolkits |
|---|---|---|---|---|
| Cost | Free | Free/Varying | $500-5000/month | Variable development time |
| Maintenance | Active (weekly updates) | Stale links common | Vendor-managed | Self-maintained |
| Platform Coverage | 17+ categories, emerging platforms | 5-10 major platforms only | Usually 3-5 platforms | Limited by developer knowledge |
| Technique Documentation | Embedded tradecraft | Rare | Proprietary methods | Ad-hoc documentation |
| Community Verification | GitHub stars, issue tracking | None | NDA-bound | None |
| API Independence | Explicitly prioritized | Mixed | API-dependent | Variable |
| Legal Safety | Open-source, auditable | Unknown provenance | Compliance frameworks | Self-assessed |
| Customization | Forkable, extensible | Static | Locked | Unlimited |
The decisive advantage: This repository combines comprehensive coverage with editorial judgment. The maintainer actively excludes tools with problematic content (noted in the Kik section: "other resources... would be considered legitimate, however I have decided not to list them"). This ethical curation protects investigators from legal exposure and maintains professional standards.
Commercial platforms like Maltego or Shodan serve different purposes—infrastructure correlation versus social behavior analysis. The optimal stack combines this repository's social-specific depth with commercial tools' infrastructure breadth.
FAQ: What Investigators Actually Ask
Is using these tools legal?
Legality depends on jurisdiction, authorization, and specific tool usage. The repository contains only publicly accessible tools—no exploit frameworks. However, terms of service violations may result in platform bans, not criminal charges (typically). Corporate investigators should obtain legal review. Law enforcement requires appropriate authorization. Journalists should consult editorial guidelines. Always document your authority basis.
How do I avoid detection during investigation?
The repository's tools vary in detectability. Passive viewers (Dumpoir, Picnob for Instagram) leave no trace. Scraping tools (Twint, Instaloader) may trigger rate limits. Best practice: Use residential proxies, rotate user agents, implement request throttling, and never authenticate from operational accounts unless necessary.
What when X/Twitter tools break after API changes?
The March 2023 API deprecation did break numerous tools. The repository addresses this explicitly, noting: "changes to X, especially involving their API... may have an adverse affect on some resources until the owners have had chance to adapt." The maintainer rapidly updates—check commit history. Meanwhile, prioritize API-independent tools like Twint and Nitter instances (Twiiit, XCancel).
Can I contribute tools I've discovered?
The GitHub repository accepts issues and pull requests. Quality contributions require: verifiable functionality, clear description, ethical assessment, and platform categorization. The maintainer's editorial standards are high—expect scrutiny.
How does this compare to Telegram-specific resources?
The repository intentionally excludes Telegram due to its massive scope. The linked Telegram-OSINT repository provides equivalent depth for that platform. This separation enables focused maintenance rather than overwhelming scope creep.
Are dating app tools ethically problematic?
The single dating app entry (SearchPOF for Plenty of Fish) demonstrates minimal, justified inclusion. The repository avoids tools enabling harassment or stalking. Professional investigators use these capabilities for: missing persons cases, fraud investigation, background verification—always with appropriate authorization.
How current is the tool verification?
The repository shows active maintenance through 2024, with Bluesky—a platform launched late 2023—already comprehensively covered. However, web tools evolve rapidly. Always verify functionality before critical operations. The GitHub issue tracker surfaces broken links quickly.
Conclusion: Your Investigation Transformation Starts Now
The Social-Media-OSINT repository isn't merely convenient—it's operationally transformative. By consolidating 200+ verified tools across 17 platform categories with embedded tradecraft, it eliminates the friction that degrades investigation quality and creates the systematic coverage that produces breakthrough insights.
I've watched investigators spend days on what this toolkit accomplishes in hours. The difference isn't intelligence or effort—it's structured access to the right capabilities at the right time. Whether you're a journalist verifying sources, a security professional assessing threats, or a researcher mapping information ecosystems, this repository elevates your work from fragmented to formidable.
The digital investigation landscape shifts daily. Platforms rise, APIs change, tools break. Maintaining currency alone consumes unsustainable effort. Delegate that curation to specialists who live this space, then focus your energy on analysis and action.
Your next move is simple: Star the repository, fork it for customization, and integrate it into your standard operating procedures. The investigators already using it aren't talking about it—they're too busy finding what others miss.
What will you uncover first?
Tags
Comments (0)
No comments yet. Be the first to share your thoughts!
