OSINTGRAM Hacking Tool Tutorial

4.0 rating

In this Osintgram hacking tool tutorial, you’ll see how powerful and fun it is to use.

Osintgram is a hacking tool that basically scrapes Instagram (public) accounts.

It runs off a self-hosted python3 script that you can install via Github.

I (personally) love these types of hacking tools because they fit my two passions:

  • Growth Hacking (& SEO), and
  • OSINT Information Gathering

Is Scraping Instagram Legal?

Will you be thrown into prison for a life without parole?

No.

Is it against their (Facebook’s) terms of service?

Yes.

Should you care?

That’s your decision.

Personally, I think our friend over at Facebook should focus on his own (major) issues before he lectures us – watch this documentary if you agree with what I just said…

Anyways – let’s not get all political – let’s dive into the awesome and magical world of Osintgram and its’ incredible ability to scrape all those lovely emails that we yearn for as growth hackers and marketers.

How To Install OSINTGRAM?

In any Linux Distro of your choice, POP_OS! or Kali Linux, simply follow the simple instructions in the video on this page.

It’s very simple to do.

Remember that there is an Osintgram Github page.

⚠️ Quick warning! Do NOT use your personal Instagram account; create a dummy one.

And, preferably, make sure you create the account on a mobile that is then PVA (Phone Verified Account) since that will give you more tolerance from Instagram’s POV.

What Is “OSINT”?

First off – let’s be clear about what we mean by “OSINT” of the portmanteau of OSINT & “GRAM”. Of course, the “GRAM” bit refers to Instagram.

Without reinventing the wheel, let’s just use Wikipedia to define what we mean by OSINT:

Open-source intelligence (OSINT) is a multi-factor (qualitative, quantitative) methodology for collecting, analyzing and making decisions about data accessible in publicly available sources to be used in an intelligence context.

Source: Wikipedia

The emphasis to understand about OSINT is that they involve gathering data from publicly available sources, and OSINT Tools are essentially just scraping data from social media accounts – as well as all other sources.

Osintgram offers an interactive shell to execute social engineering analysis on Instagram accounts from any user by their handle.

Does OSINTGRAM Work On All Instagram Accounts?

No.

If the account is public and real then Osintgram will happily scrape and extract all public information regarding the followers and the followed.

If the Instagram account is private then no dice: Osintgram will not work.

If you’re interested to see the breakdown of private and public Instagram accounts then go check out this piece.

Why I Use OSINTGRAM

Most likely, we all have different uses for Osintgram.

I would use a tool like this as a potential replacement for using Scrapebox or Phantombuster to scrape emails of people that follow certain Instagram profiles.

I’d use Osintgram to be able to find affiliates.

Here would be my process:

  1. Find popular Instagram KOLs in my niche
  2. Scrape at least 5,000 of their followers (using -followers command); and/or
  3. Scrape at least 5,000 of their followers email address (using -fwesemail command)
  4. Then reach out to your list of scraped emails to invite them to your affiliate offer!

It’s a simple approach, but it will work…

OSINTGRAM Commands

https://github.com/Datalux/Osintgram/Check out their Github account for more information.

Command (executed via Python3 in the terminal)Net Result
addrsGet all registered addressed by target photos
captionsGet user’s photos captions
commentsGet total comments of target’s posts
followersGet target followers
followingsGet users followed by target
fwersemailGet email of target followers
fwingsemailGet email of users followed by target
fwersnumberGet phone number of target followers
fwingsnumberGet phone number of users followed by target
hashtagsGet hashtags used by target
infoGet target info
likesGet total likes of target’s posts
mediatypeGet user’s posts type (photo or video)
photodesGet description of target’s photos
photosDownload user’s photos in output folder
propicDownload user’s profile picture
storiesDownload user’s stories
taggedGet list of users tagged by target
wcommentedGet a list of user who commented target’s photos
wtaggedGet a list of user who tagged target

Are there limitations Using OSINTGRAM?

Yes, there are; but only because it can’t do everything and please everyone.

One of the most common problems when using Osintgram is that you’ll get logged out.

Why?

Because Instagram (Facebook) is not exactly thrilled with these tools because they are, essentially, against their terms and conditions.

You might get an error like this:

ClientError Please wait a few minutes before you try again. (Code: 429, Response: {"message": "Please wait a few minutes before you try again.", "status": "fail"}

Or like this:

ClientError checkpoint_challenge_required (Code: 400, Response: {"message": "challenge_required", "challenge":

Both of these errors are basically a result of either throttling by Instagram servers, or – it’s a simple authentication request.

How I’d Love To See The Tool Develop

It would be good if we can manually select the total amount of emails we’d like to scrape.

The tool crashes after reaching a certain amount of scraped emails (for example) – not because the Python is badly written, but rather because Instagram has sussed out that we’re scraping it.

I raised this issue with the developer and it looks like he is going to implement it which is pretty damn awesome.

Top Tip On How To Use OSINTGRAM

If you create a dummy account to use for scraping Instagram (which you should be) then make sure you log in via your phone because that will send a positive signal to the Instagram servers that your IP and account are quasi-legit and you’ll likely get a bit more mileage out of using this hacking tool.

In Summary

Osintgram looks like it has a very bright future and is certainly one of the coolest and most well-thought-out OSINT Hacking tools out there that can be used both as a reconnaissance-level hacking tool as well as for outreach growth hacking marketing purposes.

Henry "HMFIC"

I'm Henry, the guy behind this site. I've been Growth Hacking since 2002, yep, that long...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent Content