Social Mapper: A Social Media Mapping Tool

Social Mapper

A Social Media Mapping Tool that correlates profiles via facial recognition by Jacob Wilkin(Greenwolf)

Social Mapper is an Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to search popular social media sites for targets names and pictures to accurately detect and group a person’s presence, outputting the results into a report that a human operator can quickly review.

Social Mapper has a variety of uses in the security industry, for example, the automated gathering of large amounts of social media profiles for use on targeted phishing campaigns. Facial recognition aids this process by removing false positives in the search results so that reviewing this data is quicker for a human operator.

Social Mapper supports the following social media platforms:

  • LinkedIn
  • Facebook
  • Twitter
  • GooglePlus
  • Instagram
  • VKontakte
  • Weibo
  • Douban

Social Mapper takes a variety of input types such as:

  • An organizations name, searching via LinkedIn
  • A folder full of named images
  • A CSV file with names and url’s to images online”

Usecases (Why you want to run this)

Social Mapper is primarily aimed at Penetration Testers and Red Teamers, who will use it to expand their target lists and find their social media profiles. From here what you do is only limited by your imagination, but here are a few ideas to get started:

(Note: Social Mapper does not perform these attacks, it gathers you the data you need to perform them on a mass scale.)

  • Create fake social media profiles to ‘friend’ the targets and send them links or malware. Recent statistics show social media users are more than twice as likely to click on links and open documents compared to those delivered via email.
  • Trick users into disclosing their emails and phone numbers with vouchers and offers to make the pivot into phishing, vishing or smishing.
  • Create custom phishing campaigns for each social media site, knowing that the target has an account. Make these more realistic by including their profile picture in the email. Capture the passwords for password reuse.
  • View target photos looking for employee access card badges and familiarise yourself with building interiors.

Install && Use

Social Mapper Created by Jacob Wilkin Copyright (C) 2017 Trustwave Holdings, Inc.

Share