• Stars
    star
    1,405
  • Rank 33,478 (Top 0.7 %)
  • Language
    Python
  • License
    MIT License
  • Created almost 5 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Telegram Mass Surveillance Bot in Python

image

Informer - Telegram Mass Surveillance

Update 08-23-2021

  • Updated to latest Telethon 1.23.0
  • Fixed database issues by migrating to docker-compose
  • Made Google Spreadsheets optional in setup
  • Secure ENV files for setup
  • Easier setup
  • Replaced docker-compose in lieu of App Engine bc AE sux

About

Informer (TGInformer) is a bot library that allows you to masquerade as multiple REAL users on telegram and spy on 500+ Telegram channels per account. Details are logged to a MySQL database, a private Google Sheet and your own private channel for analysis.

This is a functioning proof-of-concept project with known bugs. Feel free to fork, share and drop me a line.

image

Potential Business Applications

  • Sock puppeteering to overthrow a despotic regime
  • Brand monitoring and sentiment analysis
  • Shilling cryptocurrency at a moments notice for financial gain
  • Influencing sentiment on topical issues
  • Getting in on price action early
  • Running analysis of a telegram channel

Features

  • Run all your bots in the cloud while you sleep. Support for Docker Compose

image

  • Write all notifications to private Google Sheet

image

  • Supports regular expressions for keyword filtering

  • SQLAlchemy for agnostic data persistence

image

  • Logging contextual message and channel data to a private channel and database

  • Stores meta information about sender of message, channel, number of participants in the channel

image

  • Auto-joins channels from CSV list containing Telegram channel URLs

image

  • Persists session of channels joined

  • Login once, bot stays logged in forever without needing 2FA re-authentication

  • Join up to 500 channels per account

image

  • Uses REAL accounts avoiding bot detection, THIS IS NOT A TELEGRAM BOT but a real automated user account. This is an important distinction because the official bot API is limited and bots are often restricted in public channels.

Requirements

OS / Infrastructure

Python packages

  • SQLAlchemy (1.3.11)
  • sqlalchemy-migrate (0.13.0)
  • Telethon (1.10.8)
  • mysql-connector-python (8.0.18)
  • gspread (3.1.0)
  • oauth2client (4.1.3)

Quick Start

Setup your ENV vars

Edit the file informer.env which contains all the required environmental variables for informer

You can retrieve the necessary Telegram-related information here:

Setup Your Telegram App

  1. Head over to https://my.telegram.org/auth to authenticate your account by providing a phone number and the confirmation code sent to your phone number (or Telegram) image

image

  1. Once you are authenticated, click on "API Development Tools" image

  2. Go ahead and create a New Application by filling out the form shown below image

  3. You should now have the necessary parameter values for the informer.env file fields TELEGRAM_API_HASH and TELEGRAM_API_APP_ID

image

  1. Go ahead and replace the values, including TELEGRAM_ACCOUNT_PHONE_NUMBER and move on to the next section

image

Getting your Telegram ID

So far we have what we need for Telethon and Informer to access the Telegram APIs, next we need to acquire the indentifiers for your bot's account.

  1. Open Telegram and search for the user userinfobot.

image

  1. You will see multiple, make sure you select the correctly spelled account.

image

  1. Click on the user and you should see a dialog option at the bottom that says "Start". Click on this.

image

  1. The bot has a single purpose, to reflect back to you your current Telegram account's information.

You should receive your Telegram username and your Telegram account ID. This is important

image

  1. Go ahead and edit the informer.env file and fill in the values for TELEGRAM_ACCOUNT_ID which should be your Telegram account ID from the previous step and TELEGRAM_ACCOUNT_USER_NAME.

You can optionally fill in TELEGRAM_NOTIFICATIONS_CHANNEL_ID with your user name or a channel ID.

  1. Make sure you have TELEGRAM_ACCOUNT_PHONE_NUMBER filled out as this is key to generating the session. For creating multiple accounts, please check out the Burner App below.

Initialize and authenticate session

Make sure you are running python 3 and simply run ./quick_start.sh in the directory.

You must run this first so that you can authenticate with Telegram on the first run and generate a local session file

You can later copy the files for the different accounts in app/session and mount them via Docker should you choose to do so.

image

You will be prompted to enter in the authentication code you received either via Telegram if you have logged in before, or via SMS

image

Hit enter and your session should be generated in the folder app/session with the file name as the international phone number you provided with a .session extension.

Continue to the next section where we use Docker Compose to setup a database.

Setup a Notification Channel

This step is optional, but if you would like to create a private group channel and would like to acquire the group ID do the following:

  • Create a group (or channel) and set it as private or public
  • Be sure to get the Telegram URL image

Set the URL in the informer.env file under the parameter TELEGRAM_NOTIFICATIONS_CHANNEL_URL

To get the channel ID simply run python3 bot.py <TELEGRAM_ACCOUNT_ID> in the app directory where <TELEGRAM_ACCOUNT_ID> is the account ID you previously generated.

When the script loads, it will display all the channels you are in, simply copy this value and put it in the TELEGRAM_NOTIFICATIONS_CHANNEL_ID parameter of the informer.env file and kill the script. You're now ready to run Informer.

Running Docker Compose

After running quick_start.sh you can run docker compose by:

  • running ./start.sh to build the Docker containers which include the MySQL database

image

  • Run ./stop.sh to stop the containers

  • Run ./clean.sh to remove an dangling containers and volumes. ** NOTE ** this will RESET the database and you will lose all your data.

A few things to note:

Before you were required to run your own MySQL instance and this created some issues with connection string compatability and versioning. In this update, it is just created for you and persisted on disk.

Additionally Dozzle is provided so that you may view logs in your browser, simply go to http://localhost:9999 and click on the app_informer container.

Create a telegram account with Burner App

If you do not want to use your own phone number and want to run the Informer bot with some degree of anonymity you can use the Burner App available on iOS and Android.

  1. Install the app Burner

image

  1. Follow the same steps as above by providing the new phone number here: https://my.telegram.org/auth

  2. Validate with Burner. You will be sent an authcode via SMS, you will need to provide

image

  1. Log into Telegram

  2. Attempt to login with the app by running

python3 bot.py <api_user_id> in the app directory.

  1. Since you are logging in with Telethon it will ask you for your authcode in the terminal like earlier.

This was sent via Telegram message or SMS.

Provide this and it will save your session credentials in the session file mentioned below. You will no longer need to authenticate so long as you have the session file saved.

Sessions are saved in the app/session/ folder as <telegram_phone_number>.session

Rinse and repeat until you have all the necessary session files and simply mount them in Docker.

Scaling Telegram accounts

Figuring out how to scale accounts was a bit of a nightmare as I needed an automated process. Telegram requires you use a real phone number that can recieve texts from a shortcode.

Unfortunately services with APIs like Twilio are prohibited from receiving SMS from shortcodes in the US, Canada and UK https://support.twilio.com/hc/en-us/articles/223181668-Can-Twilio-numbers-receive-SMS-from-a-short-code- for fraud purposes. This would’ve been ideal, bahumbug.

A whole evening was wasted on this endeavor until I remembered a great app I used in the past: Burner (https://www.burnerapp.com/) — which coincidentally does have an API (https://developer.burnerapp.com/api-documentation/incoming-webhooks/). Meaning you can dynamically generate numbers, instantiate a new account and authenticate it all via Telegram’s client SDK in Python (Telethon: https://docs.telethon.dev/en/latest/)

The best part is Burner numbers are free for 14 days. Telegram accounts connected via client API need only login once and permanently persist sessions. I have not integrated with the Burner API, but the process is straight forward.

Telethon SDK

The bot is built on top of the Telethon Python SDK (https://docs.telethon.dev/en/latest/)

A few things to note and gotchas encountered in building this proof of concept:

  1. Rate Limiting Telegram does intense rate limiting which will throw FloodWaitErrors. In my research it seems like no one knows the algorithm for this but you want your back off waits to scale in response because when you violate and exceed the unknown rate limit, the waits become exponential. I’ve found a happy medium with my approach to waiting.

FloodWaitErrors can occur when you are submitting too many requests to the API whether it is querying users information or joining too many channels too fast

  1. Telethon Sessions Telethon will create a session file. You can set the name of the session file when you instantiate the Telethon client:

TelegramClient(<session_file_name>, <api_user_id>, <api_user_hash>)

This file happens to be a sqlite database which you can connect to. It 	
acts like a cache and stores historical data as well as your session 
authentication information so you will not have to re-authenticate with 
Telegram’s 2FA . Note that you will need to login for a first time and 
authenticate when you first use the API.

Managing Multiple Bot Accounts

As the bot runs and joins channel, you will see your client update in real time and display the new channels you have joined.

image

TIP: TelegramX is by far the better client to use for these purposes as it supports multiple login. Download here:

Google Sheets Integration

The python library gspread is used for managing io with Google Sheets. You will need to have a Google Cloud Platform account and enable Google Drive APIs. Afterwards you must generate server credentials with a json api key.

Instructions are here: https://www.twilio.com/blog/2017/02/an-easy-way-to-read-and-write-to-a-google-spreadsheet-in-python.html

This is optional.

Known Bugs

  • Currently a channel must have already been joined in order to begin monitoring of keywords. It is likely you will need to run the bot.py twice, once to let it join channels and another time to monitor them. I’m aware of this glaring bug and will fix it in the next revision.

Todo

  • Create user interface dashboard for bot management
    • Create new accounts
    • Add / remove channels
    • Add / remove keywords to monitor
    • View notifications
    • Recieve web push notifications
  • Automatically poll the database to update the keywords to monitor in memory
  • Automate creation of phone numbers via Burner API and authcode process

Getting in touch

Did you find this project interesting? Please star it if so.

It was made in two days as a proof of concept for a friend in the cryptocurrency space. If you find any interesting or lucrative applications, I’m always happy to collaborate. You can reach me at:

@paulpierre on Twitter or hi (at) paulpierre (dot) com

Most of my interesting projects are private on github, but feel free to check them out: http://www.github.com/paulpierre or past work at http://www.paulpierre.com

Open Source License


Copyright (c) 2020 Paul Pierre Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in allcopies or substantial portions of the Software. THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

More Repositories

1

RasaGPT

💬 RasaGPT is the first headless LLM chatbot platform built on top of Rasa and Langchain. Built w/ Rasa, FastAPI, Langchain, LlamaIndex, SQLModel, pgvector, ngrok, telegram
Python
2,288
star
2

markdown-crawler

A multithreaded 🕸️ web crawler that recursively crawls a website and creates a 🔽 markdown file for each page, designed for LLM RAG
Python
257
star
3

hydralisk

Hydralisk - scale and fund millions of EVM-chain wallets via CLI
Python
29
star
4

pp_deviantspy

Deviant Spy is a native advertising (RevContent) spy tool
PHP
27
star
5

pp_shopifyiq

ShopifyIQ is an e-commerce spy tool to monitor products your competitors scale
JavaScript
25
star
6

webflow-medium

Dynamically embed medium articles previews in Webflow, Shopify, Square Space or wherever TF you want! 👍
JavaScript
12
star
7

solglow-hackathon

The official SolGlow submission to the Star Atlas Solana Hackathon
CSS
11
star
8

pp_adsensor

Adsensor is an anti-fraud and cloaking tool built in PHP and JS
PHP
8
star
9

twig

twig.py - a twitter web3 influencer truffle pig used for finding engaged users
Python
6
star
10

pp_topforexsignal

Top Forex Signal is a web front-end to trade copying bots
HTML
5
star
11

binarygame

I made a binary options platform PoC for crypto
CSS
5
star
12

provide_jar-android-malware-payload-06132018

About:Payload from Lukas Stefanko,
Java
4
star
13

pp_canary

Canary is a platform that helps anticipate fraud and fulfillment delays in Shopify
JavaScript
3
star
14

pp_apprewarder

Apprewarder - An incentivized app install client and server for ios and android
PHP
3
star
15

maskhtml

maskhtml.py - bypass ad and landing page submission fingerprinting + heuristic checks by fracturing your html source code! 'murka
Python
3
star
16

com.nanobytes.pickaxe

Pickaxe Android Cryptoasset Miner - Disassembled
3
star
17

pp_chartvisual

Chart Visual is a tool that helps forex traders get an edge to informed trading
JavaScript
3
star
18

crypto-mmbot

Crypto Trading Bot
Python
2
star
19

p2a_assessment

Phone2Action Assessment Project - Parody Kremlin Lander
HTML
2
star
20

pp_cfkonnektive

Integrate Konnektive with Clickfunnels with easy to use shell script and javascript wizardry
PHP
2
star
21

MacShiny-Reversed

JavaScript
2
star
22

trumprun

Trump game
C#
2
star
23

dmr

Double Meta Refresh server
JavaScript
1
star
24

paulpierre

1
star
25

nuff-test

Python
1
star
26

pp_cgcf

CGCF tracks your Voluum or Everflow campaigns and postbacks within Clickfunnels
JavaScript
1
star
27

google-bq-export-downloader

Google BigQuery Export Downloader
Python
1
star
28

vimrc

My vim settings
1
star
29

cf-rules

🔎 Identify Cloudflare zones with excess page rules you forgot about
Shell
1
star
30

podcasts

List of Cryoto Podcasts
1
star
31

escape_rooms

A list of all the Worlds Escape Rooms as of July 2019 and the source code
HTML
1
star
32

pp_shopifykonnektive

Bypass Shopfiy and checkout with Konnektive, no APIs needed
PHP
1
star
33

google-next-talks-2019

A curated list of relevant talks at the Google Next 2019 conference I attended in San Francisco’s Moscone Center. The list mainly reflects my interest in their latest Big Data, Severless and ML product offerings.
1
star