Do you think you can stay anonymous on the Internet? Really? Let me share with you a simple script called Tinfoleak, and you can check for yourself if you are really anonymous and have taken extra security precautions on the Web.
Tinfoleak is a Python script which lets you gather a heck of a lot of data on any Twitter account. Using the gathered data, you can have a fairly good understanding about the person behind that specific Twitter account.
Note: This guide is done on a Windows machine, and it is not intended for beginners. The commands will also vary for other operating systems.
Before going any further, make sure that you have Python 2.X (2.6 or 2.7) installed. If you don’t have one installed, you can download it from the official Python website.
You also need Twitter Dev OAuth credentials. To get them, create a new app on the Twitter Application Management page. Once you are done creating, copy “Consumer Key, Consumer Secret, Access Token and Access Token Secret” and place them somewhere safe as we are going to need them later.
Note: Even if you have Python 3.X installed in your PC, you need to have Python 2.X to start working with the scripts below.
Download and Install Tweepy
To start using Tinfoleak, you need to download and install Tweepy first. Tweepy is yet another script written in Python to provide easy access to the Twitter’s API. After downloading, extract it to someplace on your PC.
Now open the command prompt and navigate the extracted “Tweepy” folder. Once you are in, execute the below command to install Tweepy.
python setup.py install
Once the installation is completed, you will see a screen something like the one below.
In case you receive any error regarding the “setuptools,” download it from here and use the command below to install it.
python ez_setup.py install
Using Tinfoleak to Gather Data
First, download Tinfoleak and extract it to your desktop. Now open the “tinfoleak.py” file with your favorite text editor and paste the Twitter OAuth keys into the appropriate locations (on lines 17, 18, 19 and 20). Once you are done, save the file and close it.
Now open the command prompt and navigate to the Tinfoleak location. Once you are there, execute the below command to run the script. As soon as you have done that, Tinfoleak will show you all the options that are available for you to use.
If you want to know all the basic details of a Twitter account, use the below command while replacing the “username” with the actual username. As soon as you execute the command, Tinfoleak will show you all the basic details like name, location, followers count, unique Twitter ID, number of tweets, etc.
python tinfoleak.py -n username -b
Using Tinfoleak, you can even download the photos shared by a user in their Twitter account. Just execute the below command and Tinfoleaks will analyse the first hundred tweets and download all the images attached to those tweets.
python tinfoleak.py -n username -p 1
Once downloaded, open the Tinfoleak folder and you will find a folder with the downloaded images in it.
If the targeted Twitter account has geo-location enabled, you can use the below command to get a list of all the geo-location data based on the tweets.
python tinfoleak.py -n username -g
You can even save all the geo-location data into a KML file using the command below. This is particularly useful when you want to import and use the data in Google Earth.
tinfoleak.py -n username -g location.kml -p 1
Tinfoleak is a simple yet powerful script. If you know how to interpret the commands, you can do a lot more like tracking all the hashtags used, all the mentions, Twitter applications used by the target account, etc.
The way Tinfoleak works is fairly simple. All it does is retrieve the data that is shared publicly. And as you can see, just that amount of publicly available data is sufficient to recreate a good amount of a personal profile. Always follow the security measures like disabling geo-location, not sharing personal pics, etc., to avoid these kinds of awkward situations.
Let us know what you think of Tinfoleak.