Noureddine RAMDI / WhatsApp-OSINT: A Python CLI tool for WhatsApp phone number intelligence via RapidAPI

Created Sat, 23 May 2026 20:41:14 +0000 Modified Sat, 23 May 2026 20:41:27 +0000
903 Words
github-stars python osint whatsapp cli rapidapi security

kinghacker0/WhatsApp-OSINT

WhatsApp numbers carry more than just a contact detail—they hold a layer of public and semi-public data that can be valuable for security investigations and OSINT research. WhatsApp-OSINT offers a practical way to tap into this data through a command-line interface that wraps a RapidAPI WhatsApp OSINT service. It makes querying profile images, business verification, user status, linked devices, and privacy settings straightforward and interactive, without dealing directly with WhatsApp’s internal protocols.

what WhatsApp-OSINT does and how it works

WhatsApp-OSINT is a Python-based command-line tool designed to extract intelligence from WhatsApp phone numbers by interfacing with the WhatsApp OSINT API available on RapidAPI. The tool targets security professionals and researchers who need quick access to WhatsApp-related metadata without building complex integrations or reverse-engineering WhatsApp protocols.

The codebase is structured around an interactive terminal menu, built using Python libraries such as requests for HTTP communication, python-dotenv for environment variable management, and colorama for colored terminal output. It supports six key API endpoints:

  • Retrieving the profile picture in raw image form
  • Retrieving the profile picture encoded as base64
  • Verifying if the account is a business profile
  • Checking the user’s status message
  • Enumerating devices linked to the WhatsApp account
  • Inspecting privacy settings associated with the number

The tool automatically validates phone numbers before making API calls, improving the robustness of queries and reducing unnecessary API requests. Additionally, profile pictures downloaded are automatically saved locally as JPG files, offering a persistent artifact for later review.

Under the hood, the tool is a thin wrapper around the RapidAPI WhatsApp OSINT endpoints, meaning it does not implement any WhatsApp protocol handling or scraping itself. Instead, it relies fully on the external API, which does the heavy lifting of querying WhatsApp data.

technical strengths and design tradeoffs

The strength of WhatsApp-OSINT lies in its straightforward design and developer experience (DX). The interactive menu makes it accessible for users who may not want to script API calls manually but still need detailed WhatsApp intelligence.

Code quality is pragmatic: the repo uses environment variables to manage API keys securely, avoiding hardcoding secrets. The use of colorama for colored output improves usability, making results easier to scan in the terminal. Input validation ensures the tool handles incorrect or malformed phone numbers gracefully.

A tradeoff is the tool’s total dependency on the RapidAPI WhatsApp OSINT API. This means:

  • API rate limits and availability are outside the tool’s control.
  • Users must obtain and configure their own RapidAPI key to use it.
  • The tool itself does not provide offline or self-hosted capabilities.

From a security and ethical standpoint, the project is explicit about its intended use: it restricts usage to legitimate security investigations and educational purposes. This transparency is a positive, but also highlights a limitation in that misuse or unauthorized reconnaissance is explicitly disallowed.

The codebase is clean but relatively simple, which fits the tool’s scope. It’s not designed for bulk or automated OSINT at scale but rather for targeted, manual investigations. Automation would require scripting on top of the CLI or modifying the code.

quick start

Installation requires Python 3.8+ and a few dependencies. The repo provides a straightforward setup using a virtual environment:

git clone https://github.com/kinghacker0/whatsapp-osint
cd whatsapp-osint
python3 -m venv myvenv
source myvenv/bin/activate
pip3 install -r requirements.txt

After installing dependencies, users must create a .env file with their RapidAPI key to authenticate API requests. The interactive CLI is then launched, allowing users to input phone numbers and select the desired lookup operation from the menu.

This setup is typical for Python CLI tools, prioritizing environment isolation and dependency management. The commands are copied verbatim from the project’s README, ensuring accuracy.

verdict

WhatsApp-OSINT is a practical, no-frills tool that simplifies querying WhatsApp phone number intelligence via a third-party API. It’s well-suited for security researchers and OSINT practitioners who need an interactive, terminal-based client without diving deep into WhatsApp internals.

The tradeoff is the reliance on RapidAPI’s WhatsApp OSINT endpoints, which means you’re at the mercy of that service’s uptime, rate limits, and pricing. It’s not a tool for bulk data harvesting or automation out of the box, but it can serve as a solid building block or quick reference.

Its ethical use disclaimers are important; the tool is not intended for misuse or unauthorized surveillance. If your workflow includes legitimate WhatsApp intelligence gathering and you want a simple, interactive CLI wrapper, this repo is worth a look.

Overall, the code is clean, the UX is straightforward, and the dependencies minimal. For anyone needing a quick way to pull WhatsApp phone number data from RapidAPI, WhatsApp-OSINT delivers without unnecessary complexity.

→ GitHub Repo: kinghacker0/WhatsApp-OSINT ⭐ 646 · Python