OSINT Toolbox Talk: Extracting online media and investigating ProtonMail and Twitter

OSINT Tool Review

Identifying and extracting social media user links with Marple

Identifying and extracting social media user links with Marple Identifying and extracting social media user links with Marple https://github.com/soxoj/marple

Undoubtedly, there is a large volume of username-based OSINT utilities; each of these tools has its own unique advantages and disadvantages. The majority of such tools will query websites and social media applications themselves, returning any relevant results – or at the very least, a probability of a positive match. However, there is an overall lack in the number of OSINT tools that will conduct username queries across multiple search engines simultaneously and provide Digital Investigators with results. Here, we will now introduce ‘Marple’, another lightweight Python utility developed by the very talented Github contributor ‘soxoj‘.

So, what is Marple and what does it do? In short, Marple will run several search instances for a username via a range of search engines and present results either within the command-line interface or through its own comma-separated value (CSV) output. The search engines that Marple will query include:

  • Google
  • DuckDuckGo
  • Yandex
  • AOL
  • Ask
  • Bing
  • Startpage
  • Yahoo
  • Mojeek
  • Dogpile
  • Torch
  • Qwant

With the exception of Yandex (which requires an API in order to conduct searches), the search engines will conduct their searches via a scraping method. What this means is that Marple will run searches on-behalf of the user in the background without the need for an API for each search engine. However, Yandex’s own configurations restrict automated searches, meaning that users will need to obtain a Yandex API before Marple can run search instances.

In terms of the overall functionality of Marple, it is very easy to install and deploy – its lightweight configuration makes it quite user-friendly. Also, the utility itself comes with a range of options that can be useful for Digital Investigators. For example, it has the capability for any searches to be passed through a proxy – providing Digital Investigators with the capability to conduct regional-based searches whilst also providing greater anonymity. The tool’s output can either be displayed within the command line interface or saved to a CSV file, the latter of which is really useful if Digital Investigators intend to analyse collected data through an analytics platform such as Paliscope YOSE. However, what impresses us the most is Marple’s capability to identify PDF documents associated with target usernames.

Overall, we ran several tests of Marple against several target usernames – the results of which were very accurate. In some instances, we were also able to identify PDF documents associated with the target usernames. So, our readers may ask why we would use Marple in our Digital Investigations; the answer to this question is that it will save time by conducting multiple searches simultaneously and present us with extracted information concerning usernames and associated documents. If we had to conduct this method of searching manually, we would estimate that it would take us within the region of one hour – with Marple, it takes several seconds!

All-in-all, needless to say, we love this tool – it is lightweight, easy to use, and delivers very effective results. In our view, Marple is another fine example of an effective OSINT tool developed by the very talented ‘soxoj‘, and we certainly look forward to testing out their other tools in the very near future!

Let's talk today Are you ready to begin discussing our range of training and capability development solutions?