Masto OSINT Tool Python package for Mastodon social OSINT investigations.
Project description
Masto OSINT Tool
🐘 About Masto
Masto provides information/intelligence on Mastodon.social users and fediverse instances (servers).
🚀 Masto capabilities
Masto OSINT Tool helps to:
- Find user ID
- Find exact username match across instances (the tool currently pulls many accounts with the username
OSINT
, whereas the mastodon.social (browser search bar) returns one result, as well as returning unreliable results, such as accounts that only start withosint
- Find all accounts belonging to a user without logging in to Mastodon (Mastodon requires users to log in and after 5 results you get:
401 Search queries pagination is not supported without authentication
- Find username correlation (can't be found by browser)
- Check if the user is a bot
- Check if the account is a group
- Check if the account is locked
- Check if the user opted to be listed on the profile directory
- Get avatar link with an additional choice of opening the avatar within your browser
- Get profile creation date
- Get number of followers & following
- Get number of posts
- Get user last status date
- Get user's bio
Additional instance (server) feature
This is a nice feature, if you type social.network.europa.eu
on Mastodon.social , you won't get a result as the instance is set to not discoverable
.
This function helps to:
- Get information on an instance
- Get instance Admin ID
- Get instance email
- Get a short description
- Get server thumbnail link
- Get instance creation date
- Get instance language used
- Get instance admin count of followers and following
- Get instance admin last status date
- Get header image link and avatar link
- Get instance display name
- Get admin url
- Get admin avatar
- Check if instance admin account is locked
- Check if registration is required and if the admin needs to approve the request
- Check if the admin is a bot
Masto Workflow
🛠️ Installation
pip install masto
👨💻 Usage
-
Help:
masto -h
-
Search for user
masto -user {username}
-
Search for instance
masto -instance {instance_name}
⭐ Tool use cases
Use case 1 | Searching for a user and bypassing the profile directory opt-out |
---|
- Tried searching via browser both terms
Webbreacher
and@Webbreacher
1 result -->@Webbreacher@mastodon.social
- Searched
Webbreacher
on Masto: 3 results --> ✅ 3 accounts found - On the
counter.social
profile,@Webbreacher's
settings are --> user opted to be on the profile directory =False
, this is why the browser search didn't find the counter.social profile!
🪄 Masto successful outcome: Masto found all 3 accounts.
Use case 2 | Searching without getting a 401 error |
---|
- Many people don't want an account on Mastodon, and if you don't have an account, you can search on Mastodon, but you will only get 5 results.
- Clicking on
load more
will give you a 401 error and request for the user to log in.
🪄 Masto successful outcome: You can use Masto without logging in to Mastodon, you won't get a 401 error.
Use case 3 | Getting information on locked instances: |
---|
- Tried searching for the instance 0sint.social, there isn't much information via a browser search because it's locked.
🪄 Masto successful outcome: Masto found more information on the instance and on the admin, including email address.
Use case 4 | Conducted a username search for Defcon: |
---|
- Conducted a search with Masto for the username
defcon
, the Mastodon API returned 2 user accounts.
🪄 Masto successful outcome: Masto OSINT Tool picked up after the initial API search by doing a full scan and found 4 accounts.
Community mentions about Masto
-
Featured on the UK OSINT website. UK OSINT is headed by Neil Smith, a true OSINT legend who has been using the internet as an investigative tool for well over 20 years.
-
Featured in Week in OSINT
#2022-45
by @Sector035 -
Featured in the OSINT Stuff Tool Collection by @cipher387
-
Mentionned by @DailyOsint
-
Mentionned by @Treadstone71
-
Mentionned in this Secjuice investigation
-
Mentionned in MAG'OSINT March 2023 Issue
📝 License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.