टेलीग्राम पर OSINT

Telegram . : tdlib/td, rubenlagus/TelegramApi, vysheng/tg, LonamiWebs/Telethon . , (https://core.telegram.org/api), , API – - . , , “ “ , - “ Telegram“? — , - API.

Telegram API-, . , — , Telegram . OSINT, OSINT-, Telegram, .

OSINT Telegram, — telegram-osint-lib.

?

. — Nuga — - .

“” , “” ( Telegram), , Telegram API.

(~ 2018 ) - Telegram, , , ( ), .

, . , API Layer 105 ( 23) - , . , , .

, API-. , API Telegram — Telegram , API-. API- .

telegram-osint-lib – “ ”, API-, (output) (input). (, ). (, ). API Telegram . , .

, , , , — Scenario-based modeling and its applications — . “scenario-based“ , , .

telegram-osint-lib (). :

• fail fast: ( - )

• conformity: ,

• testability: , : ,

, ( ):

1. Telegram API (TL nodes);

2. , API

3. ,

4. (, )

, , callback. ( Telegram) .

, Telegram TL. , , JSON ( ). : constructors methods. , Telegram , — : .

, ( TL-Schema 108, 109), , , json /, , . API 1100 (/). json .

, , : . ( , ). (layer) , -, , , , .

OSINT

, , .

. telegram-osint-lib Docker:

docker build -t telegram-osint-lib . 
docker run -d -t --name tg-osint-lib telegram-osint-lib

: -

Docker- , “” Telegram. ( ), .

, auth.sendCode → auth.signIn → auth.signUp:

docker exec -i tg-osint-lib php examples/registration.php
Number: 790612***31
SMS code: 123123

, OpenSource Intelligence:

AuthKey: 790612***31:aabbccdd...

(AuthKey) :

docker exec --env BOT=... -i tg-osint-lib php ...

, , : --env BOT=...

— Telegram . , “ “.

, , . Telegram :

1. ( )

4. /

5. “ ”

6. Telegram

. telegram-osint-lib, , Telegram. , . , , .

:

docker exec --env BOT=... -i tg-osint-lib php examples/parseNumbers.php 7985****294,7985****977,7986****777,7986****252,7988****417,7999****169,7999****869,7999****053,7999****364,7999****916,7999****475,7999****959,7985****025,7985****343,7989****207,7916****668,7926****802 > numbersInfo.txt

InfoClient::getInfoByPhone(), API import_contacts->get_user_full->delete_contacts->get_user_full. , . , , Photo .

, , Telegram. , .

, .

:

docker exec --env BOT=... -i tg-osint-lib php examples/monitorNumbers.php 97155******9,...,798*****777 presence_map.txt

ASCII- ( “+“ — online ) . , 2,4,5,9 , :

HackerNews ?

Telegram — , . , ?

HackerNews. , .

: InfoClient::getChannelLinks() InfoClient::getChannelMessages(). , , , .

:

docker exec --env BOT=... -i tg-osint-lib php examples/parseChannelLinks.php https://t.me/HNews "2019-12-01 00:00:00"

:

, :

1. habr.com (45%)

2. xakep.ru (44%)

3. threatpost.com (11%)

4. (<1%)

, HackerNews, Xakep.ru Habrahabr , - ?

, . , 20% 80% . , .

(, 1000 ). API messages.getHistory, ( ), . - :

docker exec --env BOT=... -i tg-osint-lib php parseGroupMessages.php https://t.me/vityapelevin -- 1570207168 1580207168 --info \
  head -n 2000 | \
  ggrep -oP 'from [a-zA-Z0-9_]+ at' | \
  sort | uniq -c | sort -r -n -k1 | awk '{print $1 " " $3 }' | \
  head -n10

:

355 289336351
237 710806664
226 Yuliya04
216 735896305
187 Retrovertigodor
187 971662085
175 Mahmud_Abas
141 VwVwVoid
94 nikol_pelevina
85 kotenok_gaff

, , ? Telegram . ( ) .

, “ ” , API- get_common_chats, , .
:

2. , join_channel

3. , get_common_chats

, , , :

docker exec --env BOT=... -i tg-osint-lib php examples/commonChats.php 7926****802

, :

public function getCommonChats(?callable $callback = null)
{
    $client = new UserContactsScenario([$this->phone], function (UserInfoModel $user) use ($callback) {
        $this->infoClient->getCommonChats($user->id, $user->accessHash, 100, 0, function (AnonymousMessage $message) use ($callback) {
            if (!Chats::isIt($message)) return;
            $updates = new Chats($message);

            foreach ($updates->getChats() as $chat) {
                $this->commonChats[] = strtolower($chat->username);
            }
            ...
        });
    });
    $client->startActions(false);
}

“” , , , , , , :

Telegram. :

1. →

2. →

, API . :

   3.   →

. API- messages.getHistory. , a_averyanova_m:

docker exec --env BOT=... -i tg-osint-lib php parseGroupMessages.php https://t.me/phuketrusa a_averyanova_m --info | head -n10 
30.01.2020 13:26:17 | parseGroupMessages.php: starting group resolver for username: phuketrusa
30.01.2020 13:26:18 | TelegramOSINT\Scenario\GroupMessagesScenario: resolved user a_averyanova_m to 272425703
30.01.2020 13:26:19 | TelegramOSINT\Scenario\GroupMessagesScenario: got message '   ?))))  \\   ,   )' from a_averyanova_m at 2020-01-30 12:25:48
30.01.2020 13:26:19 | TelegramOSINT\Scenario\GroupMessagesScenario: loading more messages, starting with 26451
30.01.2020 13:26:20 | TelegramOSINT\Scenario\GroupMessagesScenario: loading more messages, starting with 26332
30.01.2020 13:26:21 | TelegramOSINT\Scenario\GroupMessagesScenario: loading more messages, starting with 26219
30.01.2020 13:26:22 | TelegramOSINT\Scenario\GroupMessagesScenario: got message '   ,    ,      (   .  )    (  )+  500-1000,       ,      ( )     ,    )    ,     ' from a_averyanova_m at 2020-01-29 14:38:40
30.01.2020 13:26:22 | TelegramOSINT\Scenario\GroupMessagesScenario: loading more messages, starting with 26099
30.01.2020 13:26:22 | TelegramOSINT\Scenario\GroupMessagesScenario: got message '' from a_averyanova_m at 2020-01-29 10:55:06
30.01.2020 13:26:22 | TelegramOSINT\Scenario\GroupMessagesScenario: got message '  ,   2   ,     ,   ,        . \\   , ,     (   )   ,   ,     1000     ' from a_averyanova_m at 2020-01-29 10:09:10

-, . (~ 04.10.2019 27.01.2020):

docker exec --env BOT=... -i tg-osint-lib php parseGroupMessages.php https://t.me/vityapelevin -- 1570207168 1580207168 --info | grep 

28.01.2020 10:45:22 | TelegramOSINT\Scenario\GroupMessagesScenario: got message ',    ,    ' from 735896305 at 2020-01-27 21:02:01

:

1. “ “ a_averyanova_m , 7926****802

2. “ “ ()

3. , ,

.

-

- , - OSINT, . Telegram , -. API-: geochats.getLocated contacts.getLocated, — , ?

, , “ ” -. API- contacts.getLocated, - , ( ~1 ) -. Updates, .

:

docker exec --env BOT=... -i tg-osint-lib php geoSearch.php 55.753930,37.615714,55.756390,37.661931 b00k1ng 30 --info
...
29.01.2020 16:00:06 | TelegramOSINT\Scenario\GeoSearchScenario: found group ' ' near (55.753930, 37.615714)
29.01.2020 16:00:06 | TelegramOSINT\Scenario\GroupMembersScenario: searching chat 1404414249 participants for b00k1ng
29.01.2020 16:00:06 | TelegramOSINT\Scenario\GeoSearchScenario: found group '' near (55.753930, 37.615714)
29.01.2020 16:00:06 | TelegramOSINT\Scenario\GroupMembersScenario: searching chat 1404180655 participants for b00k1ng
29.01.2020 16:00:06 | TelegramOSINT\Scenario\GroupMembersScenario: chat 1211826903 contains user 883904218 with username b00k1ng

, , .

, , , : GeoSearchScenario, , , GroupMembersScenario:

$groupHandler = function (GeoChannelModel $model) use (&$generator, &$finders, $username) {
    $membersFinder = new GroupMembersScenario(
        $model->getGroupId(),
        null,
        $generator,
        100,
        $username
    );

    $membersFinder->startActions(false);
    $finders[] = $membersFinder;
};

$search = new GeoSearchScenario($points, $groupHandler, $generator, $limit);
$search->startActions();

telegram-osint-lib OSINT- Telegram. , ““ OSINT - , . , , — - , : , .

, . , , . , .

, , - “” (State), ( ), OSINT. 2018 ““, , , OSINT- : - , (State) “->“, .

, Telegram API , API Layer OSINT-, , API- Telegram.