Telegram is undoubtedly a popular instant messaging application which offers enhanced privacy and Voice Over IP (VOIP) capabilities for users. In a survey we conducted across several businesses engaged in an ongoing rail infrastructure project in the UK, several businesses indicated that they used Telegram to communicate with staff members spread across multiple construction sites in London, Buckinghamshire, Birmingham and Staffordshire. When asked as to why Telegram is the preferred instant messaging application for their business, the majority pointed out Telegram’s focus on ensuring effective privacy in addition to the lack of privacy offered by other applications such as WhatsApp.

Whilst Telegram is considered to be the most popular instant messaging application for many businesses and individuals, the platforms continues to attract nefarious activity in the form of groups used to offer counterfeit official documents (driving licenses and passports) in addition to child sexual abuse (CSA) content.  That aside, it should be pointed out that these groups are normally disabled and deleted by Telegram within less of a day after they are reported – indicating a very responsive and effective capability within Telegram to remove illegal content and combat CSA material.

Telegram offers users with easy access to its API, this enables us as Digital Investigators and OSINT Analysts to explore and deploy several tools that we can use to investigate Telegram users and groups. In this OSINT Tool Review, we will look closely at Telescan, a lightweight Python-based script, that allows us to search for users within specific groups and to also discover what groups a user is a member of. However, these features require several conditions, the first is that the target username or phone number must be within your contact list. Additionally, to search through the groups, you will be required to be a member of that group too. The only prerequisite required to use this tool is the Telegram API which can be accessed from your individual Telegram account.

Deploying installing and deploying Telescan is very straightforward through the Command Line Interface. When the tool is executed, it provides three basic options: chat lookup, user lookup and search user in groups. The outputs from each of the three options is effective provides results in relation to each search through the Command Line Interface. Admittedly, the tool could benefit from outputting its results externally, either in a JSON or CSV format. Also, the tool could also benefit from the capability to search across visible Telegram groups without the need for the Digital Investigator to become a member of that group. That aside, for what the tool is and what it provides, it is quite effective and does exactly what it is intended to do.

In one of our previous articles, we discussed one Python-based tool that can be used to investigate Telegram users and search through group members. In this OSINT Tool Review article, we will go further and present Genisys – a very effective Python-based tool that comes with wide-ranging capabilities for OSINT activity and Digital Investigations on Telegram. According to the Genisys Github repository, the tool has several functionalities – some of use to us as Digital Investigators, others not so much. The functionalities which are of most use to us include:

• It can scrape public group members
• It can scrape from private groups provided that the Investigator has the group invite link
• It can identify and scrape active users (those who have seen the group recently)
• Output public group lists to a CSV file
• Provide essential information from public group lists including user ID, usernames and group IDs
• Enable the use of multiple accounts for scraping purposes, thus reducing the risk of an account ban

Unlike previous tools reviewed by us at OS2INT, Genisys does not require access to the Telegram API. It is an incredibly easy to install and easy to use tool that provides at least most of the functionalities required for OSINT investigations on Telegram. The tool’s output – group lists in CSV format – is very useful and can certainly make way for the Digital Investigator or OSINT Analyst to visually process that data in Gephi (for example).

For the most part, Genisys’ capability to auto add members to groups etc is not altogether very useful for Digital Investigators. That said, it’s capability to auto-add accounts to groups is very useful, especially when there is a requirement to maintain an active presence on nefarious groups as soon as they are created.

All-in-all, Genisys is quite a worthwhile OSINT tool to consider based on it’s functionality and its capability to output data that can be used for intelligence and / or investigatory purposes.

At OS2INT, we only focus on providing insight on the most effective tools that can be used for Digital Investigations, YouTube Metadata certainly exceeds our expectations and is most certainly in a league of its own. The developer behind YouTube Metadata is the same person who provided us with YouTube Comment Suite; however, YouTube Metadata is a very neat and user friendly Ruby-based user interface. For OSINT’ers or Digital Investigators who haven’t entered the world of Ruby, now is your chance to do so!

YouTube Metadata does exactly what name suggests, it provides Digital Investigators with a wealth of information regarding YouTube videos, playlists and channels. Citing the tool’s GitHub repository, the developer of YouTube Metadata explains that the tool can be used to:

1. Extract front-end facing information concerning a video, playlist or channel such as,
   • How long has the channel or playlist been around?
   • What’s the like/dislike ratio?
   • What can YouTube tell you?
2. Provide an array OSINT-rich functionalities including,
   • Tells you what it found and what it didn’t find.
   • Exact date and times for video publish and playlist/channel creation
   • Auto-translations for BCP-47 country and language codes
   • Livestream date and times; actual runtime and how late/early it started
   • Geolocation with direct link to Google Maps
   • Time difference between actual publish date and video recording date
   • Reverse image search for a video’s default 4 thumbnails
   • Whether the video is aimed at children or not
   • Channel long uploads status
   • Tags present on a video
3. Helpful suggestions as to why video links do not work
   • Google search for the id
   • Archive.org for the link
   • YouTubeRecover.com for the video id
   • SocialBlade.com for the channel username
4. Extract video metadata in bulk from a list of videos, playlists, or channels
   • Viewable in a searchable sortable table
   • Export table and raw data in a zip
   • Import a previous export to view in the app again

As I have already pointed out, this is a Ruby-based tool. Which requires some basic knowledge of installing Ruby and its associated developer tools on your local machine. From here, you can run Ruby through Command Prompt, navigate to the repository folder on your local machine and use bundle install to install the user interface, then run it and view it via http://localhost:4000. As the image above shows, the user interface is very well constructed and provides us with the information concerning our target in a very clean format. It should be added that users should apply for a YouTube develop account in order to obtain an API. Whilst the tool comes pre-compiled with the developer’s own API key, it is highly recommended that users should apply for their own API before using it beyond local development purposes.

All-in-all, YouTube Metadata is a highly effective tool that comes highly recommended. It’s flawless design and it’s output capabilities make it a highly effective tool for Digital Investigators and OSINT’ers – a must-have for any OSINT toolbox!