OSINT Toolbox Talk: Extracting TikTok user data, Instagram user information and Dark Web URLs

OSINT Tool Review

Identifying WhatsApp groups with WhatScraper

Identifying WhatsApp groups with WhatScraper Identifying WhatsApp groups with WhatScraper https://github.com/TheSpeedX/WhatScraper

OSINT tools that can be used to discover and investigate WhatsApp groups are few and far between. This is somewhat due to WhatsApp maintaining a high level of privacy controls for its users. This is most certainly a sticking point for our partners in EU Law Enforcement to conduct investigations on WhatsApp and Telegram. Whilst some services can effectively scrape data from public Telegram groups – WebIQ being one highly effective provider – there remain significant issues with regards to investigations against WhatsApp groups and private Telegram groups. The primary question our readers may ask is ‘why does this matter?’, a LinkedIn article by Carolina C, a Child Sexual Abuse Material (CSAM) Independent Researcher and CSAM Compliance expert rightly points out that the distribution of CSAM via instant messaging platforms such as WhatsApp and Telegram is on the increase. Explaining this increase is the general view by abusers and paedophiles that the Dark Web has become an unsafe space due to increased successes amongst several Law Enforcement authorities take-down platforms used in this regard.

Moving forward to the focus of this OSINT Tool Review, we introduce WhatScraper, a lightweight Python-based script that remains in development. As of now, it has the capability to scrape WhatsApp group links from Google search results and output those links into a file. To date, the tool can:

  1. Search and identify groups
  2. Scrape from links within Google searches
  3. Multithread search results

Some of our readers will by now be thinking that this tool does not provide any special capabilities. However, I would argue that it does enable the Digital Investigator to establish a starting point for any investigation into nefarious groups that exist on WhatsApp. Additionally, it should also be pointed out that the tool’s developer intends to add additional features to the tool in due course. These features will include:

  1. Enabling users to add proxies to the search
  2. Generalise searches based on keywords
  3. Add additional search engines – we most certainly recommend the developers to include DuckDuckGo and several regional search engines in this tool
  4. Improve the tool’s user-friendliness
  5. Develop a graphical user interface to the tool

So, it is clear that the developers are only just getting started with this tool and we certainly look forward to keeping a close eye on their progress! In terms of output, we were generally quite impressed with what the tool can achieve so far – by conducting several searches, we were able to identify several groups we suspected to be involved in the distribution of CSAM in addition to other potential nefarious groups. Most certainly, these group links can be used as a starting point for any Law Enforcement effort to investigate such groups. Overall, we recommend this tool based on its long-term potential and its capability to provide users with a comprehensive list of WhatsApp groups that can be subject to investigation.

Let's talk today Are you ready to begin discussing our range of training and capability development solutions?