Welcome back, aspiring cyberwarriors!
In the realm of open-source intelligence gathering, messaging platforms stand out as some of the richest sources of information. We previously explored how to gather data on Telegram users; now, let’s turn our attention to WhatsApp, one of the most widely used communication apps globally. According to Statista, approximately 3 billion users were actively using WhatsApp each month in 2025. This means that nearly everyone you may want to investigate is likely to have a presence on WhatsApp, making it a valuable source of information.
In this article, we’ll delve into the WhatsApp-OSINT utility. This Python-based tool uses the WhatsApp OSINT API from RapidAPI to extract intelligence on WhatsApp users by phone number. We’ll walk through installing the tool and examine the types of information we can retrieve. Let’s get rolling!
Step #1: Setting Up WhatsApp-OSINT in Kali Linux
To get started, we need to clone the WhatsApp-OSINT repository from GitHub to your preferred working directory.
kali > git clone https://github.com/kinghacker0/WhatsApp-OSINT
kali > cd WhatsApp-OSINT
Create a Python virtual environment to isolate the tool’s dependencies from your system Python installation.
kali > python3 -m venv myvenv
kali > source myvenv/bin/activate
Next, install the required Python packages from the requirements.txt file.
kali > pip3 install -r requirements.txt
Now you need to obtain a RapidAPI key for the WhatsApp OSINT API. Navigate to https://rapidapi.com/inutil-inutil-default/api/whatsapp-osint in your web browser. Create a RapidAPI account if you don’t already have one, then subscribe to the WhatsApp OSINT API.
RapidAPI offers several pricing tiers for this API. The Basic plan typically provides a limited number of free requests per month, which is sufficient for testing. After subscribing, RapidAPI displays your API key in the dashboard.
Back in your terminal in the WhatsApp-OSINT directory, copy the example environment file to create your actual configuration file.
kali > cp .env.example .env
Open the .env file in your preferred text editor and replace your_api_key_here with your actual RapidAPI key.
Step #2: Using WhatsApp OSINT for Intelligence Gathering
With the tool installed and properly set up, let’s dive into how to conduct WhatsApp OSINT investigations. Start by launching the tool from within your virtual environment:
kali> python3 whatsapp-osint.py
We’ll begin with option 1, where the tool prompts you to enter a phone number in international format, including the country code.
In this instance, we encounter an error indicating that images are only available for business accounts. So, let’s take a look at the user’s status.
The user has “No custom status,” which means they didn’t set any specific information; for instance, they might typically indicate “Available.” Next, let’s proceed to verify the business information.
This query returns the verified name, which is usually the company name, and it shows the tools in use. In this case, we see “smb,” indicating that the company utilizes the free app for Small and Medium-sized Businesses. For slightly larger or growing SMBs, there’s the WhatsApp Business Platform (API version). If they’re using this, it will let you know that they are operating via the API.
Now, let’s check the device information.
Here, you can see how many devices are connected to the account.
Moving on, the WhatsApp-OSINT provides full OSINT information, but during my testing, it returned only details about API maintenance.
Finally, let’s look at the Privacy settings.
This scan will reveal whether the account is public or private.
Summary
As messaging platforms increasingly dominate global communication, having WhatsApp-OSINT in your toolkit is essential for any security professional involved in OSINT. By utilizing this script, you gain automated access to publicly available metadata through six distinct API endpoints, providing valuable information for your investigations.
If you’re looking to enhance your OSINT skills beyond just using this tool, consider exploring OSINT training. If you need assistance in uncovering the truth, don’t hesitate to reach out to us at [email protected], and we’ll conduct a comprehensive OSINT investigation for you.
Source: HackersArise
Source Link: https://hackers-arise.com/open-source-intelligence-osint-gathering-information-on-a-whatsapp-account/