Masto OSINT Tool

🐘 About Masto

Masto provides information/intelligence on Mastodon.social users

🚀 Masto capabilities

Masto OSINT Tool helps to:

• Find user ID
• Find exact username match across instances (the tool currently pulls 3 accounts with the username OSINT from 3 instances, whereas the mastodon.social search bar browser search returns one result, and returns many accounts that only start with osint, such as osinttechnical, but no exact match is found through a search done via browser.
• Find all (possible) accounts belonging to a user without logging in to Mastodon (Mastodon requires users to log in and after the first 5 results you get: 401 Search queries pagination is not supported without authentication
• Find username correlation (can't be found by searching on the Mastodon.social website)
• Check if the user is a bot
• Check if the user has to approve followers manually
• Check if the account is a group
• Check if the account is locked
• Check if the user opted to be listed on the profile directory
• Get avatar link witn an additional choice of opening the avatar in your browser
• Get profile creation date
• Get number of followers & following
• Get number of posts
• Get user last message date
• Get user's bio
• Get user's hashtags
• Get header image link
• Get link to followers and following
• Get user public key (PEM -Privacy-enhanced Electronic Mail)

Additional instance (server) feature

This is a nice feature, if you type social.network.europa.eu on Mastodon.social , you won't get a result as the instance is set to not discoverable.

This function helps to:

• Get information on an instance
• Get instance Admin ID
• Get instance email
• Get a short description
• Get server thumbnail link
• Get instance creation date
• Get instance language used
• Get instance admin count of followers and following
• Get instance admin last status date
• Get header image link and avatar link
• Get instance display name
• Get admin url
• Get admin avatar
• Check if instance admin account is locked
• Check if registration is required and if the admin needs to approve the request
• Check if the admin is a bot

🛠️ Installation

git clone https://github.com/C3n7ral051nt4g3ncy/Masto

pip3 install -r requirements.txt

python3 masto.py

⭐ Tool (successful) use cases

Use case 1: Searching for a user and bypassing the profile directory option:

• Tried searching via browser both terms webbreacher and @Webbreacher: 1 result --> @Webbreacher@mastodon.social
• Searched Webbreacher on Masto: 2 results --> @Webbreacher@mastodon.social + @Webbreacher@counter.social
• On the counter.social profile, @Webbreacher's settings are --> user opted to be on the profile directory = False, this is why the browser search didn't find the counter.social profile!
• 🪄 Masto successful outcome: Masto found both accounts.

Use case 2: Searching without getting a 401 error:

• Many people don't want an account on Mastodon, if you don't have an account, you can search on Mastodon but you will only get 5 results. Clicking on load more will give you a 401 error and request the user to log in.
• 🪄 Masto successful outcome: You can use Masto without logging in to Mastodon, you won't get a 401 error.

Use case 3: Getting fully accurate username search results:

• Tried searching OSINT and @OSINT via browser, Mastodon returned quite erratic results, with many accounts that just begin with osint, such as the user @Osinttechnical
• 🪄 Masto successful outcome: Masto found 3 accurate @osint user accounts from 3 instances.

Use case 4: Getting information on locked instances:

• Tried searching for the instance 0sint.social, there isn't much information via a browser search.
• 🪄 Masto successful outcome: Masto found more information on the instance and on the admin, including email address.

❌ Tool (unsuccessful) use cases

Use case 1: Not finding an existing user:

• Tried searching user sector035 via browser, Mastodon returned no result. So far this is normal because @sector035 has settings to --> user opted to be on the profile directory = False
• Tried searching with Masto OSINT Tool, no result either. The Mastodon API isn't 100% reliable. See here for explanation
• ❌ Masto unsuccessful outcome: Masto found no user, even though the user exists.
• 🔩 Fix: Working on a fix and a solution suggested by @Webbreacher

🐘 Mastodon.social understanding

The same username can be found across different instances(servers):

• example: @osint@mastodon.social | @osint@mstdn.social | @osint@counter.social
• finding the same username on different instances does not prove it's the same person behind each account
• This may cause impersonation issues in the future, although each instance can only have one unique username in the server, and ALL users should verify their accounts with the <a rel="me" attribute which helps others identifying a scammer/impersonator.

👥 Testing on known users

• For the 1st function, try: Gargron, the founder of Mastodon.social, this pulls a wopping 11 accounts!!! (same username doesn't prove the 11 accounts belong to the Mastodon Developper).
• For the 2nd function, searching only on Mastodon.social, try: osint
• For the 3rd function, searching only on mstdn.social, try: stux
• For the 4th function, searching for instances, try: social.network.europa.eu

🗒️ Issues with not finding a user

• You may know of a valid user & have the link to the user's profile, you input the username on Masto but get no result.
• I asked the Mastodon Team about this api issue, they replied:

There is no global search, the server will reply with what it knows about. If it has not encountered the account, it will not return it in search results.

🙏 Thanks

Thanks to @Webbreacher for his input, help and ideas. I learn a great deal from him, a great instructor and inspiring person.

📝 License

MIT License
Tool made for the OSINT and Cyber community, feel free to contribute code.