InstaRecon is a powerful Instagram Open Source Intelligence (OSINT) tool designed for cybersecurity professionals, penetration testers, and ethical hackers to gather publicly available information from Instagram profiles.
This tool is intended for EDUCATIONAL and AUTHORIZED SECURITY TESTING purposes ONLY.
- β Legal Use: Authorized penetration testing, security research, educational purposes
- β Illegal Use: Stalking, harassment, unauthorized surveillance, privacy violations
- π Your Responsibility: Users must comply with all applicable laws and regulations
- ποΈ Legal Compliance: Ensure you have proper authorization before testing any accounts
- π Privacy Respect: Only gather information that is publicly available
The developers of this tool are NOT responsible for any misuse or illegal activities conducted with this software.
- π User Intelligence Gathering: Extract comprehensive public profile information
- π Engagement Analysis: Calculate follower-to-following ratios and engagement metrics
- π Advanced Lookup: Retrieve obfuscated contact information when available
- π± Contact Information: Extract public email addresses and phone numbers
- πΌοΈ Profile Media: High-resolution profile picture URLs
- π Account Metrics: Detailed statistics including posts, followers, and following counts
- π’ Business Intelligence: Identify business accounts and verification status
- π External Links: Extract website URLs and external connections
- π Easy Setup: Automatic dependency installation
- π» Cross-Platform: Works on Windows, macOS, and Linux
- Python 3.6 or higher
- Valid Instagram account (for session ID)
- Internet connection
-
Clone the repository
git clone https://github.com/Faizee-Asad/InstaRecon.git cd instarecon -
Run the tool (dependencies will auto-install)
python instarecon.py -u target_username -s your_session_id
If you prefer to install dependencies manually:
pip install requests phonenumbers pycountrySearch by Username:
python instarecon.py -u username -s your_session_idSearch by User ID:
python instarecon.py -i 123456789 -s your_session_idEnable Debug Mode:
python instarecon.py -u username -s your_session_id --debug- Open Instagram in your web browser and log in
- Open Developer Tools (
F12or right-click β Inspect) - Navigate to Application tab β Storage β Cookies β
https://www.instagram.com - Find the cookie named
sessionid - Copy the Value field
Options:
-h, --help Show help message and exit
-s, --sessionid Instagram session ID (required)
-u, --username Instagram username to investigate
-i, --id Instagram user ID to investigate
--debug Show debug information and all available fields
--no-banner Skip the banner display
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β InstaRecon β
β Instagram OSINT Tool β
β β
β For Penetration Testing & Ethical Hacking @Faizee-Asad β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π Starting reconnaissance for username: target_user
β³ Gathering intelligence...
============================================================
INSTAGRAM RECONNAISSANCE RESULTS
============================================================
Username : target_user
User ID : 1234567890
Full Name : John Doe
Verified Account : β
Business Account : β
Private Account : β
Engagement Metrics:
Followers : 15,432
Following : 892
Posts : 156
Following/Follower Ratio: 0.06
External Links:
Website : https://johndoe.com
Biography:
Photographer | Travel Enthusiast
π§ contact@johndoe.com
π Based in New York
Public Contact Info:
Email : john@johndoe.com
Profile Picture : https://instagram.com/profile_pic_url
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ADVANCED RECONNAISSANCE
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Obfuscated Email : j***@g****.com
Obfuscated Phone : +1 ***-***-1234
============================================================
π Security Note: This information is publicly available
Use responsibly and in accordance with applicable laws.
Basic Profile Data:
- Username and User ID
- Full name and biography
- Account verification status
- Business account status
- Privacy settings
Engagement Metrics:
- Follower count
- Following count
- Post count
- Engagement ratios
Contact Information:
- Public email addresses
- Public phone numbers (with country detection)
- External website links
- Obfuscated recovery information
Media Information:
- High-resolution profile pictures
- IGTV post counts
Instagram implements rate limiting to prevent abuse. If you encounter rate limit errors:
- Wait 10-15 minutes between requests
- Use different session IDs if available
- Avoid making too many requests in a short time period
We welcome contributions! Please follow these guidelines:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Follow PEP 8 coding standards
- Add comments for complex functions
- Test your changes thoroughly
- Update documentation as needed
- Respect the ethical guidelines
Solution: Wait 10-15 minutes and try again. Consider using a different Instagram account.
Solution: Verify the username spelling. The user might have changed their username or deleted their account.
Solution: Check your internet connection and try again.
Solution:
- Ensure you're logged into Instagram in your browser
- Get a fresh session ID following the guide above
- Make sure you copied the entire session ID value
Solution: The tool automatically installs dependencies. If this fails:
pip install requests phonenumbers pycountryThis tool is designed for legitimate security testing and educational purposes:
- Penetration Testing: Assess social media exposure during security audits
- Security Research: Study social engineering attack vectors
- Digital Forensics: Investigate public social media presence
- Cybersecurity Training: Demonstrate OSINT techniques
- Privacy Awareness: Show users what information is publicly available
Respect Privacy: Only gather information that is publicly available on Instagram.
Get Authorization: Always ensure you have proper authorization before investigating accounts.
Follow Laws: Comply with local laws and regulations regarding data collection and privacy.
Use Responsibly: Do not use this tool for harassment, stalking, or any malicious activities.
Report Issues: If you find vulnerabilities in Instagram's platform, report them responsibly to Meta's security team.
This tool accesses only publicly available information through Instagram's standard web interface. Users are responsible for ensuring their use complies with:
- Local and international privacy laws
- Instagram's Terms of Service
- Applicable cybersecurity and computer crime laws
- Ethical hacking guidelines and standards
This project is licensed under the MIT License - see the LICENSE file for details.
- Instagram for providing public APIs
- The cybersecurity community for OSINT methodology
- Contributors and ethical hackers who improve the tool
- Open source libraries:
requests,phonenumbers,pycountry
- Issues: Please use GitHub Issues
- Discussions: Use GitHub Discussions for questions
- Security: Report security issues privately via email
Remember: With great power comes great responsibility. Use this tool ethically and legally.
β If you find this tool useful for your security research, please give it a star!
Developed by Asad faizee for the cybersecurity community