Tosint is an open-source Telegram OSINT tool that extracts useful information from Telegram bots and channels. It’s suited for security researchers, investigators, and others who want to gather insights from Telegram sources.
Several law enforcement agencies utilize Tosint to gather intelligence and monitor cybercriminal activities.
“I created Tosint to analyze and track cybercriminals, particularly those involved in phishing attacks. As head of threat intelligence at D3Lab, I counter phishing for various Italian and international banks daily. Tosint allows me to extract critical information from Telegram channels or groups that criminals use to exchange stolen credentials, malware logs, and more,” Andrea Draghetti, the creator of Tosint, told Help Net Security.
Tosint features
Tosint allows you to extract the following information:
- Bot information: First Name, Username, User ID, Status, and whether the bot can read group messages.
- Chat information: Chat Title, Type (group or channel), ID, Username, Invite Link.
- Additional information: Number of users in the chat, details of chat administrators, including their roles.
“I can identify the channel’s name, the invite link (if public), and the usernames or names of the current administrators. By tracking these details, we can observe how criminals change their operations, switching from phishing attacks to malware and vice versa or even changing their targets. For instance, they might focus on a specific country or language for a period and then switch to another, or they may target a particular bank and later completely shift focus to phishing against social networks,” Draghetti explained.
Future plans and download
“Tosint relies on Telegram’s official APIs, and I will continue to update the project. If Telegram introduces new APIs relevant to the project, I’ll promptly integrate them. The project has been active and regularly updated for two years now,” Draghetti concluded.
Tosint is available for free on GitHub.
Must read: