How to get the Exact Date of a LinkedIn Post Using OSINT Techniques

How to get the Exact Date of a LinkedIn Post Using OSINT Techniques

LinkedIn has grown into one of the most popular professional networking platforms, with millions of users posting updates and sharing content daily. For cybersecurity professionals, LinkedIn can be a valuable source of information for Open Source Intelligence (OSINT) and penetration testing. But unfortunately there is a common challenge faced by OSINT investigators and cybersecurity professionals when dealing with LinkedIn posts: the platform only displays the relative date of a post, such as "8mo" ago...

This relative timestamp lacks precision and makes it difficult to correlate events, analyze activity patterns, or build a temporal profile of a target.

In this blog post, we will introduce a simple yet powerful Python tool tool that solves this problem by extracting the exact date and time a LinkedIn post was created from its URL, providing valuable information that can be used in various OSINT and penetration testing scenarios.

Tool Overview

The LinkedIn Timestamp Tool is a Python script that takes a LinkedIn post URL as input and returns the date and time the post was created. This information can be useful in various OSINT investigations and penetration testing scenarios, where understanding the timing of a post may provide valuable insights into a target's activities and habits.

Source Code

import argparse
import re
import datetime


def get_post_id(url):
    regex = r"activity-([0-9]+)"
    match = re.search(regex, url)
    if match:
        return match.group(1)
    return None


def extract_unix_timestamp(post_id):
    as_binary = format(int(post_id), "064b")
    first42_chars = as_binary[:42]
    timestamp = int(first42_chars, 2)
    return timestamp


def unix_timestamp_to_human_date(timestamp):
    date_object = datetime.datetime.utcfromtimestamp(timestamp / 1000)
    human_date_format = date_object.strftime("%a, %d %b %Y %H:%M:%S (UTC)")
    return human_date_format


def get_date(url):
    post_id = get_post_id(url)
    if post_id:
        unix_timestamp = extract_unix_timestamp(post_id)
        human_date_format = unix_timestamp_to_human_date(unix_timestamp)
        return human_date_format
    return None


if __name__ == "__main__":
    parser = argparse.ArgumentParser(description="Extract the date from a LinkedIn post URL.")
    parser.add_argument("url", help="LinkedIn post URL")
    args = parser.parse_args()

    date = get_date(args.url)
    if date:
        print(f"Date: {date}")
    else:
        print("No valid post ID found in the provided URL.")
        

How the Tool Works

The tool consists of four main functions:

1. get_post_id(url): Extracts the post ID from the LinkedIn post URL using regular expressions.
2. extract_unix_timestamp(post_id): Converts the post ID into a UNIX timestamp.
3. unix_timestamp_to_human_date(timestamp): Converts the UNIX timestamp into a human-readable date format.
4. get_date(url): Coordinates the execution of the previous three functions to provide the final output.

To use the tool, simply run it from the command line, providing the LinkedIn post URL as an argument:

‍

python linkedin-timestamp.py 
"https://www.linkedin.com/posts/activity-
XXXXXXXXXXXXXXXXXXX/"

‍

Replace script_name.py with the name of the Python script, and XXXXXXXXXXXXXXXXXXX with the actual post ID.

Note: The URL can be copied by clicking on the posts action icon and selecting "Copy link to post"

So when used on this post URL: https://www.linkedin.com/posts/public-bryansmith_blueteam-redteam-activity-6978313257740615680-hWK_

You can see the actual timestamp of Wednesday Sep 2022 11:25:31 UTC

Applications in OSINT and Penetration Testing

Understanding the timing of a LinkedIn post can be extremely valuable in OSINT and penetration testing for several reasons:

1. Activity analysis: By analyzing the timing of posts, you can determine a target's activity patterns, which can provide insights into their daily routine, availability, and habits. This information can be useful in planning social engineering attacks or determining the best time to launch a cyberattack.
2. Event correlation: Extracting the timestamps of LinkedIn posts can help in correlating events and identifying trends related to a target. For instance, if a company announces a new product release or a significant event, the timing of the announcement may be linked to other events, such as a spike in cyberattacks or social engineering attempts.
3. Historical context: Timestamps can provide a historical context to the information posted on LinkedIn. This can help analysts understand the evolution of a target's interests, affiliations, or skillsets over time, which can be useful in crafting targeted phishing campaigns or profiling potential insider threats.
4. Temporal profiling: By studying the timestamps of multiple posts, it is possible to build a temporal profile of a target, revealing patterns in their online behavior. This information can be used to identify periods of increased vulnerability, such as times when the target is more likely to click on phishing emails or respond to social engineering attempts.

Final Thoughts

This tool was developed by Redline Cyber Security and used during a real engagement. We have open sourced it so anyone can use it as well and hopefully find value in their OSINT investigations and penetration testing. As red teamers, leveraging such tools can help us stay one step ahead in a constantly evolving target environment.

GitHub: https://github.com/securekomodo/LinkedIn-Timestamp