Open Source Intelligence(OSINT): Scraping Cryptocurrency Wallet Addresses and Balances

Uncategorized

Welcome back, my aspiring OSINT investigators! With the growth of the cryptocurrency market in recent years, has come the growth of cryptocurrency scams and thefts. As a result, there is tremendous demand for investigators conversant in crypto investigations. This is the first of many posts on how to investigate cryptocurrencies from an OSINT perspective.

 

In an earlier tutorial, I introduced you to the comprehensive OSINT tool, Spiderfoot. In this tutorial, we will use Spiderfoot again to scrape Bitcoin addresses from websites and check their balances. This tool will enable you, as an investigator, to find and extract any Bitcoin addresses on a website and check the balances of those wallets. Spiderfoot has special modules for doing just that.

Step #1: Download and install Spiderfoot

First, we need to download and install Spiderfoot, if you have not done so already. 

kali > git clone https://github.com/smicallef/spiderfoot

Next, navigate to the new Spiderfoot directory;

kali > cd spiderfoot

Now, use pip3 to install the Spiderfoot requirements;

kali > sudo pip3 install -r requirements.txt

Now you are ready to use Spiderfoot in your crypto investigations! 

Step #2: Spiderfoot CLI for Scraping Bitcoin Addresses 

Rather than use the browser-based GUI as we did in the initial Spiderfoot tutorial, here we will be using the command-line Spiderfoot. Spiderfoot has specialized modules for doing a variety of OSINT tasks. In this case, we will need a module for; 

1. Scraping websites, 

2. Extracting Bitcoin addresses from those scrapes, and 

3. Check the blockchain for their balances.

We can extract these addresses and balances with Spiderfoot using the following command; 

kali > sudo ./sf.py -m sfp_spider, sfp_bitcoin, sfp_blockchain -s 99bitcoins.com -F BITCOIN_ADDRESS, BITCOIN_BALANCE -q

Where:

sudo gives us root privileges in Kali

./sf.py startes the Spiderfoot python script

-m tells spiderfoot to use the following modules (sfp_spider, et al)

-s precedes the target website

-F format the output into BITCOIN_ADDRESS and BITCOIN_BALANCE

-q tells spiderfoot to be quiet and limit its output

When we run Spiderfoot against the well-known bitcoin information website, 99bitcoins.com, we can see above that Spiderfoot extracts the bitcoin addresses and the balance for each address. 

Summary 

Cryptocurrencies, such as Bitcoin, are becoming an increasingly important part of our economic ecosystem. In addition, they have become the center of scams and illegal activity due to their anonymous nature. To effectively investigate such illegal activity, the OSINT investigator must become conversant in techniques for uncovering key information on these currencies. Spiderfoot can be a useful tool to extract wallet addresses and balances from websites.  

For more information on OSINT investigation techniques, click here.

If you have been a victim of hacking or scams and need the help of an experienced and skilled investigator, click here.