Whatsapp Parser Toolset

Updated: May 2022

WhatsApp Messenger Version 2.21.9.14

Whapa is a set of graphical forensic tools to analyze WhatsApp from Android and soon iOS devices. All the tools have been written in Python 3.8 and have been tested on Linux, Windows, and macOS systems.

Note: Whapa provides 10x more performance and fewer bugs on Linux systems than on windows.

Whapa is included as a standard in distributions such as Tsurugi Linux (Digital Forensics) and BlackArch Linux (Penetration Testing).

Whapa toolset is divided into five tools:

Android

• Whapa (Whatsapp Parser)(Only working with old database, Working in Progress…)
• Whacipher (Whatsapp Encryption/Decryption) *** Not support Crypt15 ***
• Whagodri (Whataspp Google Drive Extractor)
• Whamerge (Whatsapp Merger) (Only working with old database, Working in Progress…)
• Whachat (Whatsapp Chat Exporter)

Changelog

[+] whapa-gui.py v1.58
[+] whacipher.py
[-] Fixed Decrypt crypt14 files.
[+] whagodri.py
[-] Fixed bug connecting with Google.
[-] Added No parallel downloads
[-] Added support for jpeg files with option “-si”

Install

git clone https://github.com/B16f00t/whapa.git
pip install -r ./doc/requirements.txt

Use

if you use the Linux system:

• python3 whapa-gui.py

if you use Windows system:

• python whapa-gui.py or
• click on whapa-gui.bat

WHAPA

whapa.py is an android WhatsApp database parser which automates the process and presents the data handled by the SQLite database in a way that is comprehensible to the analyst. The software is divided into four modes:

• Message Mode: Analyzes all messages in the database, applying different filters. It extracts thumbnails when they’re available. “./Media” is the directory where thumbnails are being written. The rows are sorted by timestamp, not by id.
• Decryption Mode: Decrypts the crypto12 databases as long as it has the key.
• Info Mode: Displays different information about statuses, broadcasts list and groups.
• Extract Mode: Extracts all thumbnails from the database

If you copy the “wa.db” database into the same directory as the script, the phone number will be displayed along with the name.

Please note that this project is an early stage. As such, you could find errors. Use it at your own risk!

WHADEME

whademe is a tool to decrypt directories containing backups and join them in a new database, to be able to be analyzed and obtain more information, such as deleted groups, messages, etc…

WHAGODRI

whagodri.py is a tool which allows WhatsApp users on Android to extract their backed up WhatsApp data from Google Drive.

Make sure of:

• Disable 2FA in your Google Account
• Download the latest version of whapa
• Install the requirements
• Settings:

Edit only the values of the./cfg/settings.cfg file

[auth]

	gmail = alias@gmail.com

	passw = yourpassword

	devid = Device ID (optional, if specified get more information)

	celnumbr = BackupPhoneNumber (ex. 3466666666666, no + or 00)

• If you request it, log in to your browser and then click here, https://accounts.google.com/DisplayUnlockCaptcha.

WHACIPHER

whacipher.py is a tool which allows decrypt or encrypt WhatsApp database. You must have the key of your phone to decrypt, and additionally an encrypted database as a reference to encrypt a new database.

Copyright (C) 2018 B16f00t

Source: https://github.com/B16f00t/