masto 2.0.5

Masto OSINT Tool Python package for Mastodon social OSINT investigations.

Masto OSINT Tool

🐘 About Masto

Masto provides information/intelligence on Mastodon.social users and fediverse instances (servers).

🚀 Masto capabilities

Masto OSINT Tool helps to:

• Find user ID
• Find exact username match across instances (the tool currently pulls many accounts with the username OSINT, whereas the mastodon.social (browser search bar) returns one result, as well as returning unreliable results, such as accounts that only start with osint
• Find all accounts belonging to a user without logging in to Mastodon (Mastodon requires users to log in and after 5 results you get: 401 Search queries pagination is not supported without authentication
• Find username correlation (can't be found by browser)
• Check if the user is a bot
• Check if the account is a group
• Check if the account is locked
• Check if the user opted to be listed on the profile directory
• Get avatar link with an additional choice of opening the avatar within your browser
• Get profile creation date
• Get number of followers & following
• Get number of posts
• Get user last status date
• Get user's bio

Additional instance (server) feature

This is a nice feature, if you type social.network.europa.eu on Mastodon.social , you won't get a result as the instance is set to not discoverable.

This function helps to:

• Get information on an instance
• Get instance Admin ID
• Get instance email
• Get a short description
• Get server thumbnail link
• Get instance creation date
• Get instance language used
• Get instance admin count of followers and following
• Get instance admin last status date
• Get header image link and avatar link
• Get instance display name
• Get admin url
• Get admin avatar
• Check if instance admin account is locked
• Check if registration is required and if the admin needs to approve the request
• Check if the admin is a bot

Masto Workflow

🛠️ Installation

pip install masto

👨‍💻 Usage

• Help: masto -h

• Search for user masto -user {username}

• Search for instance masto -instance {instance_name}

⭐ Tool use cases

Use case 1	Searching for a user and bypassing the profile directory opt-out

• Tried searching via browser both terms Webbreacher and @Webbreacher 1 result --> @Webbreacher@mastodon.social
• Searched Webbreacher on Masto: 3 results --> ✅ 3 accounts found
• On the counter.social profile, @Webbreacher's settings are --> user opted to be on the profile directory = False, this is why the browser search didn't find the counter.social profile!

🪄 Masto successful outcome: Masto found all 3 accounts.

Use case 2	Searching without getting a 401 error

• Many people don't want an account on Mastodon, and if you don't have an account, you can search on Mastodon, but you will only get 5 results.
• Clicking on load more will give you a 401 error and request for the user to log in.

🪄 Masto successful outcome: You can use Masto without logging in to Mastodon, you won't get a 401 error.

Use case 3	Getting information on locked instances:

• Tried searching for the instance 0sint.social, there isn't much information via a browser search because it's locked.

🪄 Masto successful outcome: Masto found more information on the instance and on the admin, including email address.

Use case 4	Conducted a username search for Defcon:

• Conducted a search with Masto for the username defcon, the Mastodon API returned 2 user accounts.

🪄 Masto successful outcome: Masto OSINT Tool picked up after the initial API search by doing a full scan and found 4 accounts.

Community mentions about Masto

• Featured on the UK OSINT website. UK OSINT is headed by Neil Smith, a true OSINT legend who has been using the internet as an investigative tool for well over 20 years.

• Featured in Week in OSINT #2022-45 by @Sector035

• Featured in the OSINT Stuff Tool Collection by @cipher387

• Mentionned by @DailyOsint

• Mentionned by @Treadstone71

• Mentionned in this Secjuice investigation

• Mentionned in MAG'OSINT March 2023 Issue

📝 License

MIT License