HomeLinuxWhapa - Forensic tools to analyze Whatsapp from Android

Whapa – Forensic tools to analyze Whatsapp from Android

Whatsapp forensic tool – Whapa is a set of graphical forensic tools to analyze WhatsApp from Android and soon iOS devices. All the tools have been written in Python 3.8 and have been tested on Linux, Windows, and macOS systems.

Whapa is included as a standard in distributions such as Tsurugi Linux (Digital Forensics) and BlackArch Linux (Penetration Testing).

Whapa toolset is divided into five tools:

Android

  1. Whapa (Whatsapp Parser)

  2. Whacipher (Whatsapp Encryption/Decryption) *** NEW Crypt14 ***

  3. Whagodri (Whataspp Google Drive Extractor)

  4. Whamerge (Whatsapp Merger)

  5. Whachat (Whatsapp Chat Exporter)

iPhone

  1. Whacloud (Whatsapp ICloud Extractor) NEW BETA TOOL FOR IPHONE

  2. Whachat (Whatsapp Chat Exporter)

How to install Whatsapp forensic tool

Step 1:

First, we need to download the Whatsapp forensic tool so type the below command on your terminal

For Linux

				
					git clone https://github.com/B16f00t/whapa.git
				
			

For Windows

download_the_tool

Step 2:

Change the directory to whapa so type the following command on terminal

				
					cd whapa
				
			
Whapa – Forensic tools to analyze whatsapp from Android

Step 3:

Permit the Whatsapp forensic tool python file so type the following

				
					chmod +x whapa-gui.py
				
			
Whapa – Forensic tools to analyze whatsapp from Android

How to use Whatsapp forensic tool

For Linux

Type the following command on your Linux to start the Whatsapp forensic tool

				
					python3 whapa-gui.py
				
			
Whapa - Forensic tools to analyze whatsapp from Android

For windows

Click on a whapa-gui.bat file to run the Whatsapp forensic tool on your windows

1. WHAPA

whapa.py is an Android Whatsapp database parser that automates the process and presents the data handled by the SQLite database in a way that is comprehensible to the analyst. If you copy the “wa.db” database into the same directory as the script, the phone number will be displayed along with the name. Whatsapp forensic tool

Reports

To create reports the first thing we need to do is to configure the file”./cfg/settings.cfg”. For example:

				
					[report]
company = Foo S.L
record = 1337
unit = Research group
examiner = B16f00t
notes = Chat maintained between the murderer and the victim
				
			

If we want to put the logo of our company, we must replace the file ‘./cfg/logo.png’ with one of our choices. In the file ‘./cfg/settings.cfg’, the name of the company or unit must be specified, as well as the assigned registration number, the unit or group we belong to, who the examiner is and we can also specify notes in the report. Whatsapp forensic tool

To generate the report we must specify the option “English” whether we want the report in English, as well as “ES” whether we want the report in Spanish.

If you specify the “wa.db” database, the phone number will be displayed along with the name. For the report to contains the images, videos, documents… you must copy the “WhatsApp/Media” folder of your phone to the report directory, otherwise, the program will generate thumbnails.

If we want to print the document or create the report in pdf, It recommends in the print option -> scale the view <= 60% or 70%, otherwise, the report will be displayed too large. Whatsapp forensic tool

2. WHACIPHER

Whacipher.py is a tool that allows the decryptor to encrypt the WhatsApp database. You must have the key of your phone to decrypt, and additionally an encrypted database as a reference to encrypt a new database.

3. WHAMERGE

Whamerge is a tool to joins backups in a new database, to be able to be analyzed and obtain more information, such as deleted groups, messages, etc…

4. WHAGODRI

Whagodri.py is a tool that allows WhatsApp users on Android to extract their backed-up WhatsApp data from Google Drive.

Make sure of:

  1. Download the latest version of whapa

  2. Install the requirements

  3. Settings:

Edit only the values of the./cfg/settings.cfg file

				
						[google-auth]
	gmail = alias@gmail.com
	# Optional. The account password or app password when using 2FA.
	password  = 
	# Optional. The result of "adb shell settings get secure android_id".
	android_id = 0000000000000000
	# Optional. Enter the backup country code + phonenumber be synchronized, otherwise it synchronizes all backups.
	# You can specify a list of celnumbr = BackupNumber1, BackupNumber2, ...
	celnumbr = 
				
			

5. WHACLOUD

Whacloud.py is a tool that allows WhatsApp users on iPhone to extract their backed up WhatsApp data from iCloud. BETA TOOL May contain bugs.

Make sure of:

  1. Download the latest version of whapa

  2. Install the requirements

  3. Settings:

Edit only the values of the./cfg/settings.cfg file

				
						[icloud-auth]
	icloud = alias@icloud.com
	passw = yourpassword
				
			

6. WHACHAT

whachat.py is a tool to make an interactive report from WhatsApp’s export chat functionality.

To export chats on an Android phone, here are the steps:

  1. Open the individual or group chat.

  2. Press the Menu button.

  3. Press More.

  4. Select Export chat.

  5. Choose Include or Exclude files.

To export chats on an iOS phone, here are the steps:

  1. Open the individual or group chat.

  2. Press on the name (Chat information).

  3. Slide down.

  4. Select Export chat.

  5. Choose Include or Exclude files.

RELATED ARTICLES

Leave A Reply

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular