While we can profile a user utilizing social media platforms such as Facebook, Twitter, LinkedIn, and so on, we can also use twofi, which stands for Twitter words of interest. This tool is written in Ruby script and utilizes the Twitter API to generate a custom list of words that can be utilized for offline password cracking.

In order to use twofi, we must have a valid Twitter API key and API secret. The following screenshot shows how to utilize twofi during passive reconnaissance to form our custom password wordlist; in the following example, we run twofi -m 6 -u @PacktPub > filename, which generates a list of custom words that were posted by the @PacktPub Twitter handle. twofi will be more powerful during an individual targeted attack: