Social Mapper – This Free Tool Lets You Track People Across Social Media
Researchers at Trustwave, a company that provides ethical hacking services, have made it easier for penetration testers and red teamers to search for social media profiles. It has released an open source intelligence tool called ‘Social Mapper’ that uses facial recognition to compare social media profiles across different sites based on a name and picture. This software tool is aimed at facilitating social engineering attacks.
Social Mapper automatically locates profiles on social media sites, such as Facebook, Instagram, LinkedIn, Google+, Vkontakte and microblogging websites like Weibo and Douban. Automated searching of profiles can be performed much faster and for many people simultaneously.
“Performing intelligence gathering is a time-consuming process, it typically starts by attempting to find a person’s online presence on a variety of social media sites. While this is an easy task for a few, it can become incredibly tedious when done at scale.” Trustwave states in a blog post.
“Introducing Social Mapper an open source intelligence tool that uses facial recognition to correlate social media profiles across a number of different sites on a large scale. Trustwave, which provides ethical hacking services, has successfully used the tool in a number of penetration tests and red teaming engagements on behalf of clients.”
How does Social Mapper work?
Social Mapper doesn’t require API access to social networks. On the basis of the requirement, the Social Mapper first prepares a list of targeted people for processing. It then uses names and photos as input to scan social media profiles online. The software tool then generates reports in the form of spreadsheets, which include profile information like photos, emails, etc. Based on provided names and photos, it takes approximately 60-70 seconds to scan one profile. It takes no less than 15 hours for searching details of 1,000 people.
Social Mapper “takes an automated approach to searching popular social media sites for names and pictures of individuals to accurately detect and group a person’s presence, outputting the results into a report that a human operator can quickly review”.
How to install Social Mapper
Social Mapper is written in Python and runs on Linux, chromeOS (Developer Mode), Windows, and Mac. However, before installing Social Mapper, latest version of Firefox, the Selenium API, and Geckodriver needs to be installed.
Running the Tool
After installing Social Mapper, it can be set into action by running the social_mapper.py file with target information and target social media site. The basic syntax of the command is as follows.
social_mapper.py -f <input format> -i <input type > -m <mode> –<target media>
To start up the tool 3 parameters must be provided, an input format, the input file or folder and the basic running mode.
The –i argument represents the input provided to the tool, which can either be a ‘name’, ‘csv’, ‘imagefolder’ or ‘socialmapper’ resume file. The –f specify the format of the input provided to the tool, which can be ‘social mapper’, a ‘name’, ‘csv’, or ‘imagefolder’. The –m represents the mode, which can be set as ‘fast’ or ‘accurate’ depending on the requirement.
Finally, we provide social media website information to the tool. The tool accepts –a argument as ‘select all social media’. The list of abbreviations provided below can be inputted into Social Mapper to collect information about targeted users.
-a : Selects all
-fb: Check Facebook
-tw: Check Twitter
-ig: Check Instagram
-l,: Check LinkedIn
-gp: Check GooglePlus
-vk: Check VKontakte
-wb: Check Weibo
-db: Check Douban
The tool allows some optional parameters, such as -t, -cid, -s, and -v, to use in the command to fine tune the search results. Some of the example runs are given below:
A quick run for facebook and twitter on some targets you have in an imagefolder, that you plan to manually review and don’t mind some false positives:
python social_mapper.py -f imagefolder -i ./mytargets -m fast -fb -tw
A exhaustive run on a large company where false positives must be kept to a minimum:
python social_mapper.py -f company -i “SpiderLabs” -m accurate -a -t strict
A large run that needs to be split over multiple sessions due to time, the first run doing LinkedIn and Facebook, with the second resuming and filling in Twitter, Google Plus and Instagram:
python social_mapper.py -f company -i “SpiderLabs” -m accurate -li -fb
python social_mapper.py -f socialmapper -i ./SpiderLabs-social-mapper-linkedin-facebook.html -m accurate -tw -gp -ig
You can read more about the Social Mapper on GitHub here.