Updated: Dec 28, 2022
Welcome back, my aspiring OSINT investigators!
With the growth of the cryptocurrency market in recent years, has come the growth of cryptocurrency scams and thefts. As a result, there is tremendous demand for investigators conversant in crypto investigations. This is the first of many posts on how to investigate cryptocurrencies from an OSINT perspective.
In an earlier tutorial, I introduced you to the comprehensive OSINT tool, Spiderfoot. In this tutorial we will use Spiderfoot again to scrape Bitcoin addresses from websites and check their balances. This tool will enable you, as an investigator, to find and extract any bitcoin addresses on a website and check the balances of those wallets. Spiderfoot has special modules for doing just that.
Step #1: Download and install Spiderfoot
First, we need to download and install Spiderfoot, if you have not done so already.
kali > git clone https://github.com/smicallef/spiderfoot
Next, navigate to the new Spiderfoot directory;
kali > cd spiderfoot
Now, use pip3 to install the Spiderfoot requirements;
kali > sudo pip3 install -r requirements.txt
Now you are ready to use Spiderfoot in your crypto investigations!
Step #2: Spiderfoot CLI for Scraping Bitcoin Addresses
Rather than use the browser-based GUI as we did in the initial Spiderfoot tutorial, here we will be using the command-line Spiderfoot. Spiderfoot has specialized modules for doing a variety of OSINT tasks. In this case, we will need a module for;
1. scraping websites,
2. extracting bitcoin addresses from those scrapes, and
3. checking the blockchain for their balances.
We can extract these addresses and balances with Spiderfoot using following command;
kali > sudo ./sf.py -m sfp_spider, sfp_bitcoin, sfp_blockchain -s 99bitcoins.com -F BITCOIN_ADDRESS, BITCOIN_BALANCE -q
sudo gives us root privileges in Kali
./sf.py startes the Spiderfoot python script
-m tells spiderfoot to use the following modules (sfp_spider, et al)
-s precedes the target website
-F format the output into BITCOIN_ADDRESS and BITCOIN_BALANCE
-q tells spiderfoot to be quiet and limit its output
When we run Spiderfoot against the well-known bitcoin information website, 99bitcoins.com, we can see above that Spiderfoot extracts the bitcoin addresses and the balance for each address.
Cryptocurrencies, such as bitcoin, are becoming an increasingly important part of our economic ecosystem. In addition, they have become the center of scams and illegal activity due to the anonymous nature. To effectively investigate such illegal activity, the OSINT investigator must become conversant in techniques of uncovering key information on these currencies. Spiderfoot can be a useful tool to extract wallet addresses and balances from web sites.
For more information on OSINT investigation techniques, click here.
If you have been a victim of hacking or scams and need the help of an experienced and skilled investigator, click here.