Instagram OSINT | What A Nice Picture!

  • Wojciech
    Wojciech
Wojciech 3 min read
Instagram OSINT | What A Nice Picture!

I have made scripts and tools related to OSINT, OPSEC and bug bounting for myself and thought it is not worth sharing, until I read article by @chandrapalhttps://medium.com/@chandrapal/ab-using-facebook-accessibility-for-open-source-intelligence-4e5ad4ad95f5 (which presents great approach and I very liked it). I’m OSINT and CLI fan as well.
Thanks to that, I decide to publish couple of my stories and tools for various usage.

INSTAGRAM

I bet you have wondered how many private data is related to your social media accounts. Probably you read a lot of articles that claimed, there are no space for privacy in i.e. Instagram, but did you ever see it with your own eyes? For this reason (but not only) I wrote script which retrieves exact location based on longitude and latitude from InstagramAPI.

Photo was taken in New York

To be completely honest, I don’t know where it comes from because I’ve never used it. I guess, you can add your location during taking a photo.
It shows where this photo was done, but doesn’t reveal exact location.

This scripts gets co-ordinates from picture (with this feature on) and passes it to GeoPY, which finally shows location in clear format, including post code, street name, city and country.

Extra, I add hashtag counter, with this you can check what kind of interests user has (Or you can add this to your dictionary, just sayin’)

EXAMPLE

I pick 100% totally random guy, which hasn’t existed for me until today.
Script gives us results as below: (for proof of concept I will focus on first photo)

Let’s see where it is by using google maps:

Nice area. I guess there is some kind of park, so good place to relax.
This photo was taken 14th of June 2015, so I can quickly find it in user’s feed.

I don’t know this neighborhood but it’s quite likely that this location is correct, it’s probably near this beautiful pond. I strongly encourage you to try it by yourself.
This image does not even has information about location but script could retrieve longitude and latitude. I do not know why this happen, maybe someone smarter than me know the answer?

Ethics And Summary

This is daily practice that social media gets as many private info as they can. You can “minimize damages” by turning off all of this features. Regarding ethics of this solution, from one side you can boast where you are or sorting pictures according to location. Sometimes users forgot to turn off localization and next share photos that shouldn’t be shared, which contain drugs, violence or other abusing. In this case any of you can find out where that is and react in some way.
From other side, everyone can know where are you while taking a photo or where you took your nice profile’s picture.

You can find a script on my github page:

woj-ciech/OSINT
Contribute to woj-ciech/OSINT development by creating an account on GitHub.
GitHubwoj-ciech

Originally published on 24th May, 2017.

https://medium.com/secjuice/what-a-nice-picture-instagram-osint-8f4c7edfbcc6

Tags: Social Media, Recon

Wojciech

How to find internal subdomains? YQL, Yahoo! and bug bounty.