OSINT Tool: Blackbird

by | Aug 12, 2022 | Tools

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 3 Minutes

 

Blackbird

Blackbird by p1ngul1n0, is an OSINT (Open-source intelligence) tool to search fast for accounts by username across 153 sites. When performing Pentesting, and Social Engineering attacks, this recon step is very crucial when you want to conduct targeted attacks, and find active profiles on various social media sites, so you can tweak the approach and maximize the outcome of that attack. The name of the tool is based on the Lockheed SR-71 “Blackbird” a long range, high-altitude, Mach 3+ strategic reconnaissance aircraft developed and manufactured by the American aerospace company Lockheed Corporation.

blackbird_web

 

 

See Also: So you want to be a hacker?
Complete Offensive Security and Ethical Hacking Course

Setup

Clone the repository

 

git clone https://github.com/p1ngul1n0/blackbird

cd blackbird

 

Install requirements

 

pip install -r requirements.txt

 

 

Usage

 

Search by username

 

python blackbird.py -u username

 

Run WebServer

 

python blackbird.py --web

Access http://127.0.0.1:9797 on the browser

 

Read results file

 

python blackbird.py -f username.json

 

List supported sites

 

python blackbird.py --list-sites

 

Use proxy

 

python blackbird.py -u crash --proxy http://127.0.0.1:8080

 

Show all results

By default only found accounts will be shown, however you can use the argument below to see them.

python blackbird.py -u crash --show-all

 

 

Supported Social Networks

It is up to you for how you wish to use this toolkit. Each module can be ran independently, or you can install it as a package and use it in that way. Each module is exported to a script named the same as the module file. For example:

  1. Facebook
  2. YouTube
  3. Twitter
  4. Telegram
  5. TikTok
  6. Tinder
  7. Instagram
  8. Pinterest
  9. Snapchat
  10. Reddit
  11. Soundcloud
  12. Github
  13. Steam
  14. Linktree
  15. Xbox Gamertag
  16. Twitter Archived
  17. Xvideos
  18. PornHub
  19. Xhamster
  20. Periscope
  21. Ask FM
  22. Vimeo
  23. Twitch
  24. Pastebin
  25. WordPress Profile
  26. WordPress Site
  27. AllMyLinks
  28. Buzzfeed
  29. JsFiddle
  30. Sourceforge
  31. Kickstarter
  32. Smule
  33. Blogspot
  34. Tradingview
  35. Internet Archive
  36. Alura
  37. Behance
  38. MySpace
  39. Disqus
  40. Slideshare
  41. Rumble
  42. Ebay
  43. RedBubble
  44. Kik
  45. Roblox
  46. Armor Games
  47. Fortnite Tracker
  48. Duolingo
  49. Chess
  50. Shopify
  51. Untappd
  52. Last FM
  53. Cash APP
  54. Imgur
  55. Trello
  56. Minecraft
  57. Patreon
  58. DockerHub
  59. Kongregate
  60. Vine
  61. Gamespot
  62. Shutterstock
  63. Chaturbate
  64. ProtonMail
  65. TripAdvisor
  66. RapidAPI
  67. HackTheBox
  68. Wikipedia
  69. Buymeacoffe
  70. Arduino
  71. League of Legends Tracker
  72. Lego Ideas
  73. Fiverr
  74. Redtube
  75. Dribble
  76. Packet Storm Security
  77. Ello
  78. Medium
  79. Hackaday
  80. Keybase
  81. HackerOne
  82. BugCrowd
  83. OneCompiler
  84. TryHackMe
  85. Lyrics Training
  86. Expo
  87. RAWG
  88. Coroflot
  89. Cloudflare
  90. Wattpad
  91. Mixlr
  92. ImageShack
  93. Freelancer
  94. Dev To
  95. BitBucket
  96. Ko Fi
  97. Flickr
  98. HackerEarth
  99. Spotify
  100. Snapchat Stories
  101. Audio Jungle
  102. Avid Community
  103. Bandlab
  104. Carrd
  105. CastingCallClub
  106. Coderwall
  107. Codewars
  108. F3
  109. Gab
  110. Issuu
  111. Steemit
  112. Venmo
  113. MODDB
  114. COLOURlovers
  115. Scheme Color
  116. Roblox Trade
  117. Aetherhub
  118. BugBounty
  119. Huntr
  120. Universocraft
  121. Wireclub
  122. AminoApps
  123. Trakt
  124. Giphy
  125. Minecraft List
  126. SEOClerks
  127. Mix
  128. Codecademy
  129. Bandcamp
  130. Poshmark
  131. hackster
  132. BodyBuilding
  133. Mastodon
  134. IFTTT
  135. Anime Planet
  136. Destructoid
  137. Gitee
  138. Teknik
  139. BitChute
  140. The Tatto Forum
  141. NPM
  142. PyPI
  143. HackenProof
  144. VKontakte
  145. about me
  146. Dissenter
  147. Designspiration
  148. Fark
  149. mmorpg
  150. Pikabu
  151. Playstation Network
  152. Warrior Forum
  153. Pixilart

 

Export Report

The results can be exported as a PDF Report.

blackbird_report_pdf_coverblackbird_report_pdf_results

 

Export Report

When possible Blackbird will extract the user’s metadata, bringing data such as name, bio, location and profile picture.

blackbird_metadata

 

Random UserAgent

Blackbird uses a random UserAgent from a list of 1000 UserAgents in each request to prevent blocking.

 

Supersonic speed

Blackbird sends async HTTP requests, allowing a lot more speed when discovering user accounts.

 

JSON Template

Blackbird uses JSON as a template to store and read data.

The data.json file store all sites that blackbird verify.

Params

  • app – Site name
  • url
  • valid – Python expression that returns True when user exists
  • id – Unique numeric ID
  • method – HTTP method
  • json – JSON body POST (needs to be escaped, use this: https://codebeautify.org/json-escape-unescape)
  • {username} – Username place (URL or Body)
  • response.status – HTTP response status
  • responseContent – Raw response body
  • soup – Beautifulsoup parsed response body
  • jsonData – JSON response body
  • metadada – a list of objects to be scraped

 

Examples

 

GET

GET

POST JSON

POST JSON

GET with Metadata extraction

GET with Metadata extraction

 

Disclaimer

This or previous program is for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that the author is not liable for any damages caused by direct or indirect use of the information or functionality provided by these programs. The author or any Internet provider bears NO responsibility for content or misuse of these programs or any derivatives thereof. By using these programs you accept the fact that any damage (dataloss, system crash, system compromise, etc.) caused by the use of these programs its your responsibility.

 

Clone the repo from here: GitHub Link

 

Merch

Recent Tools

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This