JungleScam - a primeira ferramenta OSINT do eCommerce
JungleScam â The First eCommerce OSINT Tool
Iâve found myself at an awkward place at the intersection of OSINT and eCommerce. The reason I find it awkward is I feel like tons of people are talking about eCommerce but no one in the infosec or investigations community comes to mind. As more and more transactions become digital, I think itâs important to have a frame of reference on dealing with eCommerce scammers, hijackers, counterfeiters, and money launders. When searching through Amazon for potential red flags that may indicate some variation of fraud, I found myself doing a lot of manual labor. There are plenty of Google Chrome extensions available that do data mining with very useful visualization tools, but none of them conducted the searches I was looking for. I knew there would be a web scraping solution to this, but unfortunately I donât have the development skills, and am quickly learning I donât have the attention span either, to build a tool. So I reached out to the developer of Twint, Francesco Poldi (@noneprivacy) who Iâve been helping by providing guidance and basic development to. I asked how difficult it would be to achieve something on Amazon and he generously provided his services to me and created something in a matter of days. This collaboration is called JungleScam and itâs the beginning of what I think is a pioneer into the abyss of eCommerce OSINT. The Jungle part of it refers to Amazon (jungle), and the scam part is pretty self explanatory. Hereâs a quick snapshot.
I created a quick GUI for the program to make it a bit more user friendly and visually appealing. What JungleScam will do is scan all products listed in the search results and export any sellers who are listed as âJust Launchedâ into a csv. This means they are newer sellers who have yet to receive customer feedback. This is a general red flag for fraud, but doesnât necessary guarantee that the seller is fraudulent. Itâs simply a starting point. Hereâs a step by step of the input for JungleScam.
- Allows you to enter the URL of a search result page to scan for all listed sellers for each product. Simply type in âtoysâ to Amazon, for example, copy and paste the URL, and put it into JungleScam.
- Allows you to specify how many pages you want to crawl. Right now the crawler is very slow due to captcha issues on Amazon. You can get around it by spoofing your IP with a VPN, but weâre experimenting on how fast we want to make it without raising any red flags.
- Allows you to name the csv before export for easy access.
This script is currently in beta and there are plenty of other features that will be built into the program. For example, in v.1.2 Iâm planning on adding an option to search for sellers whose customer feedback falls below 60%, or any other arbitrary number I choose. Another feature Iâd like to add is the ability to scan all products on a page and test to see which products have mostly fake reviews using ReviewMeta API. This will likely be in v.1.3. Iâm sure there will be plenty of other features Iâd like to build into the platform once weâve proved the concept and seen value generated from it.
If youâd like to check the script out, you can find it at GitHub.
ComentĂĄrios
Postar um comentĂĄrio