IntelOwl icon indicating copy to clipboard operation
IntelOwl copied to clipboard
verified publisher icon intelowlproject

[Analyzer] Twitter [paid API key required]

Open mlodic opened this issue 2 years ago • 14 comments

Name

Twitter

Link

https://developer.twitter.com/en/docs/twitter-api

Type of analyzer

the idea is to leverage Twitter API v2 to look for tweets that cite the observable/file researched.

Why should we use it

This is a good way to extract OSINT information about the threat

Possible implementation

Analyzer that supports every type of observable + another one for files only where it is possible to check not only the related hashes (md5,sha256) but the filename too, at least

mlodic avatar Oct 19 '23 16:10 mlodic

yo @mlodic is this more of scraping, creating our own database and querying it whenever the analyzer runs? also it looks like the free plan here limits our ability to do so: image maybe this is the ideal plan here: image Also, just one more question, how would this analyzer be any different from tweetfeed that we implemented a while ago?

g4ze avatar Aug 11 '24 05:08 g4ze

tweetfeed does not retrieve the data from twitter itself but from a separate service which does its own scraping.

The idea would be to do our own scraping on request.

About the plans, I understand that there are limitations and that's not ideal.

mlodic avatar Aug 12 '24 07:08 mlodic

for your project, an idea could be to swap this issue with this one: https://github.com/intelowlproject/IntelOwl/issues/2248. What do you think?

mlodic avatar Aug 12 '24 07:08 mlodic

Fine by me!

g4ze avatar Aug 12 '24 07:08 g4ze

Hi, Do you by any chance need help in this topic? :)

jankoksik avatar Sep 10 '24 13:09 jankoksik

Sure! We are an open source Community and we appreciate help from developers. Have you got some approach to handle this issue?

g4ze avatar Sep 10 '24 13:09 g4ze

Maybe some basic beautiful soup scraping from x site. I have to try a few approaches.

jankoksik avatar Sep 10 '24 14:09 jankoksik

Does this idea leverage the Twitter API as mentioned in the possible approach?

g4ze avatar Sep 10 '24 14:09 g4ze

Sure, I will do my best :😀

jankoksik avatar Sep 10 '24 14:09 jankoksik

So to make sure.... I need to search for filename and hashes of observable on the twitter ( now x ) . To do it I need to add script to observable_analyzers that will take API key in configuration and will implement abstract class of ObservableAnalyzer. I can use other scripts like shodan.py to help myself write this code.

If the API wont be enough i can create my own scraping bot that will try to find required information (e.g. using dorking or smth) on demand ?

jankoksik avatar Sep 10 '24 17:09 jankoksik

Yes! @mlodic anything to add/suggest?

g4ze avatar Sep 11 '24 05:09 g4ze

as @g4ze said, APIs should not allow that kind of interaction without a paid API key so the cost-less option would be to create our own scraping with could most probably conflict with X's ToS. I don't think it's a good idea to add such kind of option.

@jankoksik if you are willing to try playing with IntelOwl, there are a lot of other tasks too. you are welcome to the project :)

mlodic avatar Sep 13 '24 10:09 mlodic

Thanks so firstly I will search for some low hanging fruits than :)

jankoksik avatar Sep 13 '24 10:09 jankoksik

This issue has been marked as stale because it has had no activity for 10 days. If you are still working on this, please provide some updates.

github-actions[bot] avatar Mar 09 '25 09:03 github-actions[bot]