Social Mapper is an open source tool that automates the process of discovering individuals’ social media accounts. The tool takes advantage of facial recognition technology and searches for targets’ accounts on LinkedIn, Facebook, Twitter, Google+, Instagram, VKontakte, Weibo and Douban.
The tool creates a list of targets based on the provided input, then it performs the online search. But it doesn’t rely on APIs to do that – instead, it opens a Firefox browser window, logs into the aforementioned social media sites, then begins searching for the targets by name.
“It pulls out the top results from this search (usually between 10 and 20) and starts downloading the profile pictures and performing facial recognition checks to try and find a match.”
Social Mapper is primarily aimed at Penetration Testers and Red Teamers, who will use it to expand their target lists and find their social media profiles. From here what you do is only limited by your imagination, but here are a few ideas to get started:
- Create fake social media profiles to 'friend' the targets and send them links or malware. Recent statistics show social media users are more than twice as likely to click on links and open documents compared to those delivered via email.
- Trick users into disclosing their emails and phone numbers with vouchers and offers to make the pivot into phishing, vishing or smishing.
- Create custom phishing campaigns for each social media site, knowing that the target has an account. Make these more realistic by including their profile picture in the email. Capture the passwords for password reuse.
- View target photos looking for employee access card badges and familiarize yourself with building interiors.