In this Osintgram hacking tool tutorial, you’ll see how powerful and fun it is to use.
Osintgram is a hacking tool that basically scrapes Instagram (public) accounts.
It runs off a self-hosted python3 script that you can install via Github.
I (personally) love these types of hacking tools because they fit my two passions:
- Growth Hacking (& SEO), and
- OSINT Information Gathering
Is Scraping Instagram Legal?
Will you be thrown into prison for a life without parole?
No.
Is it against their (Facebook’s) terms of service?
Yes.
Should you care?
That’s your decision.
Personally, I think our friend over at Facebook should focus on his own (major) issues before he lectures us – watch this documentary if you agree with what I just said…
Anyways – let’s not get all political – let’s dive into the awesome and magical world of Osintgram and its’ incredible ability to scrape all those lovely emails that we yearn for as growth hackers and marketers.
How To Install OSINTGRAM?
In any Linux Distro of your choice, POP_OS! or Kali Linux, simply follow the simple instructions in the video on this page.
It’s very simple to do.
Remember that there is an Osintgram Github page.
⚠️ Quick warning! Do NOT use your personal Instagram account; create a dummy one.
And, preferably, make sure you create the account on a mobile that is then PVA (Phone Verified Account) since that will give you more tolerance from Instagram’s POV.
What Is “OSINT”?
First off – let’s be clear about what we mean by “OSINT” of the portmanteau of OSINT & “GRAM”. Of course, the “GRAM” bit refers to Instagram.
Without reinventing the wheel, let’s just use Wikipedia to define what we mean by OSINT:
Open-source intelligence (OSINT) is a multi-factor (qualitative, quantitative) methodology for collecting, analyzing and making decisions about data accessible in publicly available sources to be used in an intelligence context.
Source: Wikipedia
The emphasis to understand about OSINT is that they involve gathering data from publicly available sources, and OSINT Tools are essentially just scraping data from social media accounts – as well as all other sources.
Osintgram offers an interactive shell to execute social engineering analysis on Instagram accounts from any user by their handle.
Does OSINTGRAM Work On All Instagram Accounts?
No.
If the account is public and real then Osintgram will happily scrape and extract all public information regarding the followers and the followed.
If the Instagram account is private then no dice: Osintgram will not work.
If you’re interested to see the breakdown of private and public Instagram accounts then go check out this piece.
Why I Use OSINTGRAM
Most likely, we all have different uses for Osintgram.
I would use a tool like this as a potential replacement for using Scrapebox or Phantombuster to scrape emails of people that follow certain Instagram profiles.
I’d use Osintgram to be able to find affiliates.
Here would be my process:
- Find popular Instagram KOLs in my niche
- Scrape at least 5,000 of their followers (using -followers command); and/or
- Scrape at least 5,000 of their followers email address (using -fwesemail command)
- Then reach out to your list of scraped emails to invite them to your affiliate offer!
It’s a simple approach, but it will work…
OSINTGRAM Commands
https://github.com/Datalux/Osintgram/Check out their Github account for more information.
| Command (executed via Python3 in the terminal) | Net Result |
|---|---|
| addrs | Get all registered addressed by target photos |
| captions | Get user’s photos captions |
| comments | Get total comments of target’s posts |
| followers | Get target followers |
| followings | Get users followed by target |
| fwersemail | Get email of target followers |
| fwingsemail | Get email of users followed by target |
| fwersnumber | Get phone number of target followers |
| fwingsnumber | Get phone number of users followed by target |
| hashtags | Get hashtags used by target |
| info | Get target info |
| likes | Get total likes of target’s posts |
| mediatype | Get user’s posts type (photo or video) |
| photodes | Get description of target’s photos |
| photos | Download user’s photos in output folder |
| propic | Download user’s profile picture |
| stories | Download user’s stories |
| tagged | Get list of users tagged by target |
| wcommented | Get a list of user who commented target’s photos |
| wtagged | Get a list of user who tagged target |
Are there limitations Using OSINTGRAM?
Yes, there are; but only because it can’t do everything and please everyone.
One of the most common problems when using Osintgram is that you’ll get logged out.
Why?
Because Instagram (Facebook) is not exactly thrilled with these tools because they are, essentially, against their terms and conditions.
You might get an error like this:
ClientError Please wait a few minutes before you try again. (Code: 429, Response: {"message": "Please wait a few minutes before you try again.", "status": "fail"}Or like this:
ClientError checkpoint_challenge_required (Code: 400, Response: {"message": "challenge_required", "challenge":Both of these errors are basically a result of either throttling by Instagram servers, or – it’s a simple authentication request.
How I’d Love To See The Tool Develop
It would be good if we can manually select the total amount of emails we’d like to scrape.
The tool crashes after reaching a certain amount of scraped emails (for example) – not because the Python is badly written, but rather because Instagram has sussed out that we’re scraping it.
I raised this issue with the developer and it looks like he is going to implement it which is pretty damn awesome.
Top Tip On How To Use OSINTGRAM
If you create a dummy account to use for scraping Instagram (which you should be) then make sure you log in via your phone because that will send a positive signal to the Instagram servers that your IP and account are quasi-legit and you’ll likely get a bit more mileage out of using this hacking tool.
In Summary
Osintgram looks like it has a very bright future and is certainly one of the coolest and most well-thought-out OSINT Hacking tools out there that can be used both as a reconnaissance-level hacking tool as well as for outreach growth hacking marketing purposes.
6 thoughts on “OSINTGRAM Hacking Tool Tutorial”
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Recent Content
We review a bunch of hacking tools and hacker software - in fact - we've interviewed a bunch of Kali Linux Hacker Developers. In this post, we're delighted to review the amazing BruteShark networking...
This is a neat and concise video by HackerSploit who makes a bunch of great videos. If you watch this video you'll understand the basics of using Nmap and its' a superb video for beginners to check...
Hi Henry, do know any tool that can get profile information from a private instagram account?
If the Instagram account is set to “private” then you are out of gas: OSINTGRAM will not work.
Hello, how can I solve this problem?
ClientError checkpoint_challenge_required (Code: 400, Response: {“message”: “challenge_required”, “challenge”:
I believe that this error is all to do with the cookie validation – basically, the Instagram detection system has worked…
Login to IG account in the same window. The moment this error pop up – just go to the IG page & you’ll see a pop-up asking to verify that it’s you. Complete the verification & you’ll be good to go.
Thanks, Raptor – appreciate the reply!