tosint: Telegram OSINT Tools

Tosint (Telegram OSINT) is a tools to extract information from telegram bots and related associated channels.

I thought of developing this tool to improve the analysis of phishing kits. Yes, more and more phishers are using Telegram to receive information about victims. It is the habit of criminals to manage and then receive the stolen credentials by several methods; saving them to a text file, using a database, sending them via e-mail or sending them via Instant Message. In the past they were sent via IRC, XMPP or Jabber; but in the last period now Telegram has replaced all other messaging services.

For those who, like me, analyze and counter phishing every day, it is very convenient to have details about the telegram channels and groups used by criminals. It is possible to know the usernames of administrators and thus link them to previously analyzed phishing campaigns, to understand a criminal team which countries and entities it usually targets, and to have an estimate of the number of victims based on the messages in the chats, etc etc.

So I thought of creating tosint, in small script in python that can provide the following information:

• Bot information (First Name, Username, User ID, Status);
• Chat information (Title, Type, ID, Username, Invite Link);
• Create Invite Link;
• Updates (last messages sent in the chat);
• Number of users in the chat;
• Information about chat administrators.

The project is obviously OpenSource and is available on GitHub.