Twofi
Overview
Twofi is an OSINT (Open Source Intelligence) tool that harvests information from Twitter to generate custom wordlists for password cracking and social engineering attacks. It collects tweets, hashtags, user bios, and other metadata from target Twitter accounts and analyzes them to create relevant wordlists tailored to specific individuals or organizations. Twofi is particularly valuable for targeted penetration testing and social engineering assessments.
Twofi helps security professionals understand password patterns and preferences of targets by analyzing their publicly available social media information.
Installation
From Kali Linux Repository
sudo apt-get update
sudo apt-get install twofiFrom Source
git clone https://github.com/pielco11/twofi.git
cd twofi
pip3 install -r requirements.txtDocker Installation
docker run -it kalilinux/kali-rolling twofi -hManual Setup
# Clone repository
git clone https://github.com/pielco11/twofi.git
cd twofi
# Install dependencies
pip3 install tweepy requests
pip3 install beautifulsoup4
# Make executable
chmod +x twofi.pyBasic Usage
| Command | Purpose |
|---|---|
twofi -u USERNAME -o OUTPUT.txt | Harvest tweets from user |
twofi -s SEARCH_TERM -o OUTPUT.txt | Search tweets by keyword |
twofi -u USER1 -u USER2 -o OUTPUT.txt | Multiple users |
twofi --help | Show all options |
Twitter API Setup
Authentication Configuration
# Create Twitter API keys
# Visit: https://developer.twitter.com/
# Create file: ~/.twofi/config.py
mkdir -p ~/.twofi
cat > ~/.twofi/config.py << EOF
CONSUMER_KEY = "your_consumer_key"
CONSUMER_SECRET = "your_consumer_secret"
ACCESS_TOKEN = "your_access_token"
ACCESS_TOKEN_SECRET = "your_access_token_secret"
EOF
# Set permissions
chmod 600 ~/.twofi/config.pyAPI Rate Limiting
# Twitter API allows limited requests
# Twofi handles rate limiting automatically
# Check rate limit status
twofi --check-limits
# Use with delays
twofi -u target_user -o output.txt --delay 2Single User Harvesting
Basic User Tweet Collection
# Harvest all tweets from user
twofi -u "elon_musk" -o elon_wordlist.txt
# Tweets collected and processed:
# [+] Tweets collected: 450
# [+] Unique words: 2,341
# [+] Wordlist generated: elon_wordlist.txtUser Bio and Metadata
# Extract user bio information
twofi -u "target_user" --include-bio -o output.txt
# Includes:
# - Bio description words
# - User location references
# - URL mentions
# - Follower/following namesTweet Analysis Depth
# Collect only recent tweets (last 7 days)
twofi -u "target_user" --recent -o output.txt
# Collect extensive history
twofi -u "target_user" --max-tweets 3200 -o output.txt
# Specific date range
twofi -u "target_user" --since 2023-01-01 --until 2023-12-31 -o output.txtMultiple User Harvesting
Batch User Analysis
# Create user list file
cat > targets.txt << EOF
user1
user2
user3
user4
user5
EOF
# Harvest from multiple users
twofi -u targets.txt -o combined_wordlist.txt
# Merge wordlists
twofi -u user1 -o user1.txt &
twofi -u user2 -o user2.txt &
twofi -u user3 -o user3.txt &
wait
cat user1.txt user2.txt user3.txt | sort -u > merged.txtOrganization Analysis
# Analyze team members
employees="ceo cto cfo vp_sales engineering_lead"
for emp in $employees; do
twofi -u "@company_$emp" -o "emp_$emp.txt"
done
# Merge all employee data
cat emp_*.txt | sort -u > company_wordlist.txtKeyword and Hashtag Searching
Hashtag Analysis
# Search by hashtag
twofi -s "#CompanyName" -o hashtag_wordlist.txt
# Multiple hashtags
twofi -s "#CompanyName OR #OfficialHandle OR #ProductName" -o hashtags.txt
# Trending topic harvesting
twofi -s "python programming security" -o trending.txtDomain-Specific Searches
# Industry/vertical specific
twofi -s "fintech startup cybersecurity" -o fintech.txt
# Company-related tweets
twofi -s "@CompanyHandle OR from:@CompanyHandle" -o company.txt
# Event-based
twofi -s "#DefCon2024 OR #BlackHat2024" -o conference.txtAdvanced Search Operators
# Tweets mentioning password/security
twofi -s "password OR authentication OR security" -o security.txt
# Recent tweets from influential accounts
twofi -s "cybersecurity min_faves:100" -o influential.txt
# Tweets in specific language
twofi -s "security lang:en" -o english.txt
# From verified accounts
twofi -s "security filter:verified" -o verified.txtWordlist Generation and Processing
Output Options
# Basic wordlist
twofi -u "target_user" -o wordlist.txt
# Include statistics
twofi -u "target_user" -o wordlist.txt --stats
# Frequency-sorted wordlist
twofi -u "target_user" -o wordlist.txt --frequency
# Unique words only
twofi -u "target_user" -o wordlist.txt --uniquePost-Processing Wordlists
# Remove duplicates
sort wordlist.txt | uniq > wordlist_clean.txt
# Sort by frequency
sort wordlist.txt | uniq -c | sort -rn > frequency.txt
# Extract only words of specific length
grep -E '^.{8,12}$' wordlist.txt > 8_12_char.txt
# Remove common words
grep -v -i -f common.txt wordlist.txt > filtered.txtAdvanced Analysis Techniques
Semantic Analysis
# Analyze tweet content themes
twofi -u "target_user" --analyze-sentiment -o sentiment.txt
# Extract named entities
twofi -u "target_user" --extract-entities -o entities.txt
# Topics mentioned
twofi -u "target_user" --topics -o topics.txtUser Network Analysis
# Collect mentions of other users
twofi -u "target_user" --include-mentions -o mentions.txt
# Analyze followers
twofi -u "target_user" --followers -o followers.txt
# Following list analysis
twofi -u "target_user" --following -o following.txtTemporal Analysis
# Tweets by time period
twofi -u "target_user" --timeline -o timeline.txt
# Peak activity times
twofi -u "target_user" --activity-hours -o activity.txt
# Seasonal patterns
twofi -u "target_user" --monthly -o monthly_breakdown.txtIntegration with Password Cracking
Wordlist for Hashcat
# Generate Twofi wordlist
twofi -u "target_user" -o twofi_wordlist.txt
# Use with hashcat
hashcat -m 1000 -a 0 hashes.txt twofi_wordlist.txt
# Apply rules to expand wordlist
hashcat -r rules/best64.rule twofi_wordlist.txt > expanded.txtWordlist for John the Ripper
# Generate wordlist
twofi -u "target_user" -o twofi_wordlist.txt
# Use with John
john --wordlist=twofi_wordlist.txt --rules=single hashes.txt
# Combine with other wordlists
cat twofi_wordlist.txt rockyou.txt | sort -u > combined.txt
john --wordlist=combined.txt hashes.txtWordlist for Hydra
# Generate wordlist
twofi -u "target_user" -o twofi_wordlist.txt
# SSH brute force with custom wordlist
hydra -l username -P twofi_wordlist.txt ssh://target.com
# Web form attack
hydra -l username -P twofi_wordlist.txt http-post-form \
"/login:user=^USER^&pass=^PASS^:F=Login failed"Intelligence Gathering
Personal Information Extraction
# Locations mentioned
grep -i "from\|live\|based" wordlist.txt
# Companies mentioned
grep -i "work\|company\|team" wordlist.txt
# Interests and hobbies
grep -i "love\|like\|enjoy\|hobby" wordlist.txt
# Family references
grep -i "son\|daughter\|wife\|family" wordlist.txtPattern Recognition
# Common password patterns
# - Child's name + birth year
# - Pet name + numbers
# - Company name + year
# - Sports teams
# - Movie/book references
# Extract numbers frequently used
grep -oE '[0-9]+' wordlist.txt | sort | uniq -c | sort -rn
# Common name combinations
grep -E '(john|mary|james|patricia)' wordlist.txt -iWordlist Mutation and Enhancement
Password Generation Rules
# Apply common mutations
sed 's/$/1/g' twofi_wordlist.txt > mutations.txt # Append 1
sed 's/$/!/g' twofi_wordlist.txt >> mutations.txt # Append !
sed 's/^/Mr /g' twofi_wordlist.txt >> mutations.txt # Prepend Mr
# Capitalize first letter
sed 's/\b\(.\)/\u\1/g' twofi_wordlist.txt > capitalized.txt
# Leet speak conversion
sed 's/a/@/g; s/e/3/g; s/i/1/g; s/o/0/g; s/t/7/g' twofi_wordlist.txt > leet.txtCustom Rule Files
# Create hashcat rule file
cat > twitter_rules.rule << EOF
$1
$!
c
$2
$3
$0
EOF
# Apply rules
hashcat --stdout -r twitter_rules.rule twofi_wordlist.txt > expanded.txtPrivacy and Ethical Considerations
Responsible Collection
# Public data only
# Twofi only collects publicly available tweets
# Respect rate limits
# Automatic rate limit handling
# Attribution
# Document data sources for reportsLegal Compliance
# Twitter Terms of Service
# - No commercial use without permission
# - No scraping private data
# - Credit original tweets if republished
# Data Protection
# - Store collected data securely
# - Limit access to authorized personnel
# - Delete data when assessment completesAdvanced Scenarios
Scenario 1: Employee Assessment
# Collect employee tweets
twofi -u "employee1" -u "employee2" -u "employee3" -o employee_wordlist.txt
# Add company name and variations
echo "CompanyName" >> employee_wordlist.txt
echo "company2024" >> employee_wordlist.txt
# Use for password cracking
hashcat -m 1000 -a 0 ntlm_hashes.txt employee_wordlist.txtScenario 2: Targeted Phishing Wordlist
# Collect CEO's tweets
twofi -u "ceo_account" --include-bio -o ceo_wordlist.txt
# Collect company tweets
twofi -s "@CompanyName" -o company_wordlist.txt
# Merge for phishing content
cat ceo_wordlist.txt company_wordlist.txt | sort -u > phishing_content.txtScenario 3: Competitive Analysis
# Collect competitor tweets
twofi -u competitor1 -u competitor2 -u competitor3 -o competitors.txt
# Industry hashtags
twofi -s "#industryname" -o industry.txt
# Combined analysis
cat competitors.txt industry.txt | sort | uniq -c | sort -rn > trends.txtTroubleshooting
Common Issues
| Issue | Solution |
|---|---|
| API authentication fails | Verify API keys in config, check Twitter developer account status |
| Rate limit exceeded | Wait for reset (15 minutes), use —delay option |
| No results returned | Check username spelling, account may be private/deleted |
| Empty wordlist | Increase max tweets, check search operators syntax |
| Slow processing | Normal for large accounts, be patient with rate limits |
Debug Mode
# Verbose output
twofi -u "target" -o output.txt -v
# Show all API calls
twofi -u "target" -o output.txt --debug
# Log to file
twofi -u "target" -o output.txt --log debug.logPerformance Optimization
Collection Strategies
# Parallel user collection
twofi -u user1 -o user1.txt &
twofi -u user2 -o user2.txt &
twofi -u user3 -o user3.txt &
wait
# Merge results
cat user*.txt | sort -u > merged.txtResources
- Twofi GitHub: https://github.com/pielco11/twofi
- Twitter API Docs: https://developer.twitter.com/
- OSINT Techniques: https://www.maltego.com/
- Wordlist Documentation: https://github.com/danielmiessler/SecLists
- Twitter Advanced Search: https://twitter.com/search-advanced
Twofi is a powerful OSINT tool for generating targeted wordlists from public Twitter data, making it invaluable for social engineering assessments, password cracking optimization, and comprehensive intelligence gathering during authorized security testing.