ShareTrace: The Ultimate OSINT Tool for Unmasking Digital Identities—Your Privacy at Risk? + Video

By /

Listen to this Post

Featured Image

Introduction:

In the ever-expanding digital ecosystem, shared links serve as gateways not only to content but also to a treasure trove of personal metadata. The emergence of OSINT tools like ShareTrace, which can harvest user identity information from platforms like TikTok, Instagram, and Discord, highlights a critical vulnerability in how social media platforms handle data sharing. While these tools empower cybersecurity professionals in threat intelligence and incident response, they also expose a terrifying reality for the average user: a single shared link can lead to the exposure of hidden profile details, phone numbers, and account metadata.

Learning Objectives:

  • Learn how to install and utilize ShareTrace for extracting metadata from popular social media share links.
  • Understand the technical workflow behind link parsing, API enumeration, and data scraping.
  • Explore defensive measures and privacy hardening techniques to mitigate OSINT collection against personal or corporate accounts.

You Should Know:

1. Weaponizing ShareTrace: Installation and Initial Reconnaissance

ShareTrace is a Python-based tool designed to scrape and parse shareable URLs from platforms including TikTok, Instagram, and Discord. It operates by leveraging the unique structure of share links to query unsecured or public API endpoints, returning JSON data containing usernames, display names, profile pictures, and often the platform-specific unique IDs (e.g., Discord Snowflakes). To begin using this tool, ensure you have Python 3.8+ and Git installed.

For Linux (Debian-based):

sudo apt update && sudo apt install python3-pip git -y
git clone https://github.com/username/ShareTrace.git  Note: Replace with actual repo if available, or use OSINTrack
cd ShareTrace
pip install -r requirements.txt

For Windows (PowerShell as Admin):

Set-ExecutionPolicy Bypass -Scope Process
python -m pip install --upgrade pip
git clone https://github.com/username/ShareTrace.git
cd ShareTrace
pip install -r requirements.txt

Step‑by‑step guide for execution:

  1. Copy a shareable link from your target platform (e.g., TikTok username, Discord invite, Instagram post).
  2. Run the tool using the syntax: `python sharetrace.py -u “https://www.instagram.com/p/CxAMPLE/”`
    3. The tool will output a JSON file containing the extracted metadata.

2. Uncovering Hidden Data from TikTok and Instagram

The real power of ShareTrace lies in its ability to retrieve data from links that often contain “lookalike” IDs. For instance, TikTok share links often include the author’s unique ID in the query string. The tool parses this and sends a GET request to the platform’s internal graph API. To get the best results, users often need to supply their own session cookies to bypass rate limiting.

Tutorial: Extracting TikTok User Info

  1. Retrieve a link: `https://www.tiktok.com/@username/video/123456789`.
    2. Use the command: `python sharetrace.py -t “tiktok” -u “https://www.tiktok.com/@username”`.
  2. The tool will scrape the public profile, returning the following:
    – `uniqueId` (username)
    – `nickname` (Display name)
    – `bioDescription`
    – `followerCount` / `followingCount`
    – `profilePicture` URL (High-res)

3. Discord and the Art of Snowflake Decoding

Discord share links (discord.gg/invitecodes) can be used by ShareTrace to retrieve server information and, depending on the server’s privacy settings, member profiles. The most fascinating aspect is the extraction of “Snowflake” IDs. These IDs are not random; they are a combination of a timestamp and a worker ID.

Decoding the Discord Snowflake:

The tool uses a Python script to convert the Discord Snowflake integer to a human-readable timestamp (Unix).

 Example Python code used inside ShareTrace:
def snowflake_to_time(snowflake):
DISCORD_EPOCH = 1420070400000
return (snowflake >> 22) + DISCORD_EPOCH

When ShareTrace extracts a user ID from a share link, it allows the investigator to see exactly when the Discord account was created, which is useful for fingerprinting and sock puppet detection.

4. The API Exploitation and Hardening

The tool essentially acts as a wrapper for API calls. However, to avoid detection and IP blocking, the tool utilizes rotating user-agents. If you are an incident responder, understanding how to harden against this is crucial. The primary mitigation technique is to validate the `Referer` header on the server side to prevent automated scraping.

Defensive Tactics (Windows/Linux):

  • Block known scrapers: On an Apache/NGINX server, add rules to block requests from known OSINT tool user agents.
  • Rate Limiting: Implement strict API rate limiting using `iptables` or Cloudflare.

Linux Command for Rate Limiting (using iptables):

sudo iptables -A INPUT -p tcp --dport 80 -m hashlimit --hashlimit-1ame http --hashlimit-above 50/sec --hashlimit-burst 100 -j DROP

5. Integrating ShareTrace with Corporate Threat Intelligence

For blue teams, ShareTrace is a valuable addition to the OSINT toolkit. When investigating phishing campaigns, attackers often use Discord or TikTok share links to drive traffic to malicious domains. By feeding the extracted metadata into a SIEM (Security Information and Event Management) or MISP (Malware Information Sharing Platform), analysts can correlate activities.

Step‑by‑step guide to reporting:

  1. Extract the data to a JSON file: python sharetrace.py -u 
     -o output.json</code>.</li>
<li>Use `jq` (Linux) to parse and push the data into your database:
[bash]
jq '.username, .phone_number' output.json | curl -X POST -d @- https://your-siem-url
  2. For Windows, use PowerShell to parse and export to CSV: 
    Get-Content output.json | ConvertFrom-Json | Export-Csv -Path report.csv -1oTypeInformation

6. Hardening Personal Accounts Against ShareTrace

If you want to prevent your profile from being easily scraped:
- TikTok/Instagram: Set your profile to "Private". ShareTrace will fail to retrieve most data without the API being authenticated by a session cookie.
- Discord: Do not use permanent invite links in public forums. Generate links that expire after 24 hours.
- Disable link previews in corporate messaging systems: Many internal systems display previews, which often ping the external server and expose the user’s IP address and client information. This is known as "image proxy" leakage.

What Undercode Say:

  • Key Takeaway 1: ShareTrace is not just a tool; it’s a demonstration of how easy it is to pivot from a seemingly harmless share link to a full profile dossier.
  • Key Takeaway 2: The reliance of social media platforms on static, predictable API endpoints makes them inherently susceptible to automated scraping, undermining the concept of "private browsing."

Analysis:

The emergence of centralized OSINT tools like OSINTrack represents a democratization of surveillance capabilities, placing once-complex querying into the hands of script kiddies and serious investigators alike. This extends the attack surface beyond traditional hacking; a social engineer can now build a complete psychological profile without ever sending a friend request. Corporations, particularly those with high-profile execs, face an elevated risk of targeted spear-phishing as metadata reveals relationship graphs and activity timestamps. The threat is mitigated by awareness and account lockdowns, but the education required to understand that a simple "share" button can leak such data is a race we are currently losing. Red team operators will love this for reconnaissance, while Blue teams must adapt their monitoring to detect the abnormal rates of API requests, as the line between "API call" and "Privacy Breach" grows dangerously thin.

Prediction:

  • +1: Increased awareness will drive social media platforms to implement more aggressive anti-bot measures, such as AI-driven behavioral detection, improving overall platform security.
  • -1: The availability of tools like ShareTrace will lower the barrier for entry into doxing campaigns, leading to an increase in personal harassment and corporate espionage enabled solely by public share links.
  • -1: Legacy API endpoints that cannot be updated will become the primary target for data harvesters, forcing companies to deprecate older link-sharing formats, potentially breaking functionality for millions of users.
  • +1: Cybersecurity curricula will universally adopt ShareTrace-like tools to teach students about the importance of metadata sanitization and the "Open Source" reality of public data.

▶️ Related Video (84% Match):

🎯Let’s Practice For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

IT/Security Reporter URL:

Reported By: Mariosantella Osint - Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky

Related Posts: