# SOWEL: SOcmint Weaknesses Enumeration List ### 📚 Your Step-by-Step Guide to Social Media OSINT Investigations 👉 This project will help you quickly understand how to use data from social platforms and related sources to solve your problem. > [!example] Some SOWEL guides: > - [[How to deanonymize an account]] > - [[How to confirm a connection between people]] > - [[What to do with closed accounts]] **❓What is "weakness" in the SOCMINT (social media intelligence) context?** We refer to certain aspects as weaknesses when they arise from technical or business constraints or even human behaviour. These weaknesses can provide valuable information and insights during investigations and research. *Last updated: 01-06-2024* ## How to use SOWEL Several approaches are possible: 1) **Solve your problem with SOWEL.** There are **Instructions** for specific use cases in the corresponding directory with ATT&CK-like diagrams and checklists. Study them to understand how to use advanced methods, tips and tricks for your investigations or research. 2) **Deepen your knowledge of SOCMINT tools.** Learn more about typical patterns of **Functionality (SOFL)** implemented in social media platforms and affected by various weaknesses. Check the linked **Techniques (SOTL)** and attached links to the most useful tools. 3) **Immerse yourself in the theory of weaknesses.** Learn where and how to find information during social media investigations. Look at the list of **Weaknesses (SOWEL)**: abstract principles, processes and conditions allowing you to get more info. Then, study related techniques and suggested methods. ## Contributor guide We developed a structure and rules, so please read them and follow them for the contribution. Just so you know, SOWEL is still not finished, and even your doubts about some definitions or inconsistencies will be valuable. #### SOWEL - **Example**: [[SOWEL-1. Having and Filling Account]] => social media platforms are forcing us to register accounts and put various information that could be used in a different way - **Test sentence** for new weaknesses: "For SOCMINT task X, some human weakness will help. People are (sometimes) *SOWEL name*". - **Name** of entity: should be enough to describe the reason for utilising some technique. E.g. [[SOTL-4.1. Try To Recover Access]] to get the recovery phone number part, cause people are filling in this account information as social media reminds them. #### SOTL - Example: [[SOTL-3.6. Start a Search From Tags and Keywords]] => in case of a broad search use this type of functionality to collect some posts and accounts - **Test sentence** for new techniques: "In this situation during SOCMINT investigation/research you may *SOTL name*" - **Name** of entity: should be enough to describe some steps to plan (define sources and inputs), collect and analyze information. E.g. [[SOTL-4.1. Try To Recover Access]] to get the recovery phone number part. #### SOFL - Example: [[SOFL-5. Reviews]] => people are leaving a review cause companies are interested in getting feedback, maps of reviews are interesting in mining data - **Test sentence** for the functionality: "functionality of X is common for some types of social media platforms and sites that people interact with". - **Name** of entity: short high-level explanation of this functionality. ## The idea SOWEL was inspired by another enumeration from the cybersecurity world is [CWE – the list of software and hardware weaknesses](https://cwe.mitre.org/data/index.html). It’s a community-driven list capturing the specific effects, behaviours, exploit mechanisms, and implementation details. It allows us to see hierarchical representations, different mappings (views) such as Top-N lists (more essential and actual weaknesses) as well as see subject-specific views like trends or weaknesses working for specific technologies or cases (see various applications [here](https://cwe.mitre.org/data/index.html)).  But, unfortunately, it's difficult to use such enumeration without some frameworks, allowing you to quickly navigate in new information and select only what is necessary. That's why took into account the design and philosophy of [MITRE ATT&CK](https://attack.mitre.org/), [CAPEC](https://capec.mitre.org/about/index.html) and [DISARM](https://www.disarm.foundation/framework) frameworks to make it easier to use. # The value In our time of rapid growth of amount of different tools with corresponding difficulty in understanding what and how to use, it seems right to bring techniques and approaches to the foreground. SOWEL, as an attempt to make such a framework, techniques-oriented, allows you to create tools-agnostic standard operating procedures (SOP) for your work in a universal language. For **OSINT practitioners** it makes sense to start from tailored checklists for specific cases, which helps them to get out of a difficult situation: [[#How to use SOWEL]]. For **OSINT trainers** it allows them to build custom programs based on scenarios and requests from participants taking into account their use cases. For **OSINT tools developers** techniques list could be used as a source of ideas: almost every entry reveals some principle which could be automated. # Methodology **What is a social media platform** Nowadays we have a lot of social media profiles with messenger capabilities and vice versa; almost all sites and forums with login suggest filling out a personal profile and allowing to discover (or just open) another account’s page. Because of the variety of sites that are close to social media networks in this document, we will call them just platforms, but for specific weaknesses, we will highlight applicable types of platforms. **Entities** ```mermaid erDiagram Weakness ||--|{ Technique : implies Instruction ||--o{ Hypothesis : includes Instruction ||--o{ Technique : includes Weakness ||--|| Functionality : related Technique ||--|| Functionality : related ``` **Types of weaknesses (reasons)** - Technical - implementation, some restrictions or historical legacy - Behavioural - human nature, habits - Business - how companies that own media make money from us **Properties** - Code - Name - Explanation - Input - Output - Types - Examples **Types of information for input/output** - Personal account (usually a URL and some basic info like name and photo)  - Personal information (various details, bio/about, etc) - Full name - Username (nickname, alias) - Image (could be a photo with a face, but not necessarily) - Face (as a part of a photo used in social media account) - Location  - Activity - Posts - Friend - Followers - Followees - Login (could be different from username, could be email address or phone number) - Email address - Phone number - IP address - URL (some link to profile, website, etc.)