This tool is no longer actively maintained, parts of it may still work and I will accept pull requests to keep it up to date
WARNING: FACEBOOK NOW DETECTS THIS AFTER A FEW 100 SEARCHES, USE ONLY DISPOSABLE FACEBOOK ACCOUNTS
A Social Media Mapping Tool that correlates profiles via facial recognition by Jacob Wilkin (Greenwolf).
Social Mapper is an Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to search popular social media sites for targets' names and pictures to accurately detect and group a person’s presence, outputting the results into report that a human operator can quickly review.
Social Mapper has a variety of uses in the security industry, for example the automated gathering of large amounts of social media profiles for use on targeted phishing campaigns. Facial recognition aids this process by removing false positives in the search results, so that reviewing this data is quicker for a human operator.
Social Mapper supports the following social media platforms:
- Google Plus
- VKontakte
- Douban
Social Mapper takes a variety of input types such as:
- An organisation's name, searching via LinkedIn
- A folder full of named images
- A CSV file with names and URL’s to images online
Social Mapper is primarily aimed at Penetration Testers and Red Teamers, who will use it to expand their target lists and find their social media profiles. From here what you do is only limited by your imagination, but here are a few ideas to get started:
(Note: Social Mapper does not perform these attacks, it gathers you the data you need to perform them on a mass scale.)
- Create fake social media profiles to 'friend' the targets and send them links or malware. Recent statistics show social media users are more than twice as likely to click on links and open documents compared to those delivered via email.
- Trick users into disclosing their emails and phone numbers with vouchers and offers to make the pivot into phishing, vishing or smishing.
- Create custom phishing campaigns for each social media site, knowing that the target has an account. Make these more realistic by including their profile picture in the email. Capture the passwords for password reuse.
- View target photos looking for employee access card badges and familiarise yourself with building interiors.
Install the required libraries:
On Linux install the following prerequisites:
sudo apt-get install build-essential cmake
sudo apt-get install libgtk-3-dev
sudo apt-get install libboost-all-dev
Now we set up Social Mapper in our Kali Linux system. First we need to configure our system for Social Mapper. We need to install Gecodriver in /usr/bin. We can download Geckodriver's latest version for our Kali Linux 64 bit system from https://github.com/mozilla/geckodriver/releases
After download it in our Downloads folder, we need to extract Geckodriver files, To do that we open our terminal and we go to Downloads directory by using following command:
cd Downloads
Then we type following command to extract the tar.gz compressed file:
tar -xvzf geckodriver-vx.xx.x-linux32.tar.gz
Here x.xx.x is referring the downloaded version of Geckodriver. See the following screenshot:
Now we copy the Geckodriver folder to /usr/bin using following command:
cp geckodriver /usr/bin
Geckodriver is copied, now we need to install some prerequisites to run Social Mapper. To do that we use following command:
apt install build-essential cmake libgtk-3-dev libboost-all-dev
The download and installation will depend on our internet speed and system performance. The screenshot is following:
Now we are almost able to run Social Mapper. Then we go back to Social Mapper's directory using following command :
cd ..
We can check the help option by using
python3 social_mapper.py -h
The help menu is following:
Social Mapper requires one account of social media to search across social media platforms, like if we want to search a photo on Facebook and Twitter we need to give our Facebook and Twitters username and password. Here for our safety we shouldn't give our own social media account's credentials. We should open fake account on social media to safer use of Social Mapper.
For Facebook & Instagram, make sure the language of the account which you have provided credentials for is set to 'English (US)' for the duration of the run. Additionally make sure all of your accounts are working, and can be logged into without requiring 2 factor authentication.
We can add our username and password in social_mapper.py file. To do we open the file in any text editor (we are using leafpad here).
leafpad social_mapper.py
The screenshot of the command is following:
Then we need to scroll down and stop here as following screenshot:
Here we need to provide our username and password. Then we just save and close the text editor.
Then we open the Social Mapper folder in file manager and navigate to
Input-Examples > imagefolder as shown below
Here we can see some examples. We can add target's photo in this folder to perform a scan. Here we have added.
Then we type following command to perform a fast scan on Facebook:
python3 social_mapper.py -f imagefolder -i /root/social_mapper/Input-Examples/imagefolder -m fast -fb
The screenshot is following:
Here we can see the links of the profiles matched and also the results are saved in a csv and html file. We can open the html file in firefox web browser.
Here can come some fake profile of our target because we have used fast scan, to perform a accurate scan on Facebook and Twitter both we use following command:
python3 social_mapper.py -f imagefolder -i /root/social_mapper/Input-Examples/imagefolder -m accurate -fb -tw
Social Mapper is run from the command-line using a mix of required and optional parameters. You can specify options such as input type and which sites to check alongside a number of other parameters which affect speed and accuracy.
To start up the tool 4 parameters must be provided, an input format, the input file or folder and the basic running mode:
-f, --format : Specify if the -i, --input is a 'name', 'csv', 'imagefolder' or 'socialmapper' resume file
-i, --input : The company name, a CSV file, imagefolder or Social Mapper HTML file to feed into Social Mapper
-m, --mode : 'fast' or 'accurate' allows you to choose to skip potential targets after a first likely match is found, in some cases potentially speeding up the program x20
Additionally at least one social media site to check must be selected by including one or more of the following:
-a, --all : Selects all of the options below and checks every site that Social Mapper has credentials for
-fb, --facebook : Check Facebook
-tw, --twitter : Check Twitter
-ig, --instagram : Check Instagram
-li, --linkedin : Check LinkedIn
-gp, --googleplus : Check Google Plus
-vk, --vkontakte : Check VKontakte
-wb, --weibo : Check Weibo
-db, --douban : Check Douban
Additional optional parameters can also be set to add additional customisation to the way Social Mapper runs:
-t, --threshold : Customises the facial recognition threshold for matches, this can be seen as the match accuracy. Default is 'standard', but can be set to 'loose', 'standard', 'strict' or 'superstrict'. For example 'loose' will find more matches, but some may be incorrect. While 'strict' may find less matches but also contain less false positives in the final report.
-cid, --companyid : Additional parameter to add in a LinkedIn Company ID for if name searches are not picking the correct company.
-s, --showbrowser : Makes the Firefox browser visible so you can see the searches performed. Useful for debugging.
-w, --waitafterlogin : Wait for user to press Enter after login to give time to enter 2FA codes. Must use with -s
-v, --version : Display current version.
-vv, --verbose : Verbose Mode (Useful for Debugging)
-e, --email : Provide a fuzzy email format like "<f><last>@domain.com" to generate additional CSV files for each site with firstname, lastname, fullname, email, profileURL, photoURL. These can be fed into phishing frameworks such as Gophish or Lucy.
Here are a couple of example runs to get started for differing use cases:
A quick run for Facebook and Twitter on some targets you have in an imagefolder, that you plan to manually review and don't mind some false positives:
python3 social_mapper.py -f imagefolder -i ./Input-Examples/imagefolder/ -m fast -fb -tw
The same as above but with the browser showing, and waiting enabled to allow a user to enter 2FA codes and manually rectify changed login processes:
python3 social_mapper.py -f imagefolder -i ./Input-Examples/imagefolder/ -m fast -fb -tw -s -w
An exhaustive run on a large company where false positives must be kept to a minimum:
python3 social_mapper.py -f company -i "Evil Corp LLC" -m accurate -a -t strict
A large run that needs to be split over multiple sessions due to time, the first run doing LinkedIn and Facebook, with the second resuming and filling in Twitter, Google Plus and Instagram:
python3 social_mapper.py -f company -i "Evil Corp LLC" -m accurate -li -fb
python3 social_mapper.py -f socialmapper -i ./Evil-Corp-LLC-social-mapper-linkedin-facebook.html -m accurate -tw -gp -ig
A quick run (~5min) without facial recognition to generate a CSV full of names, email addresses, profiles and photo links from up to 1000 people pulled out of a LinkedIn company, where the email format is known to be "firstname.lastname":
python3 social_mapper.py -f company -i "Evil Corp LLC" -m accurate -li -e "<first>.<last>@evilcorpllc.com"
Social Media sites often change their page formats and class names, if Social Mapper isn't working for you on a specific site, check out the docs section for troubleshooting advice on how to fix it. Please feel free to submit a pull request with your fixes.
For a guide to loading your Social Mapper results into Maltego, check out the docs section.
- Jacob Wilkin - Research and Development