• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2018
  • August
  • 15
  • Social Mapper – A Social Media Enumeration & Correlation Tool

Social Mapper – A Social Media Enumeration & Correlation Tool

August 15, 2018August 13, 2018 Comments Off on Social Mapper – A Social Media Enumeration & Correlation Tool
how to use social mapper social mapper social mapper commands social mapper tutorial Social Mapper – A Social Media Enumeration & Correlation Tool

Social Mapper is a Social Media Mapping Tool that correlates profiles via facial recognition by Jacob Wilkin(Greenwolf).

Social Mapper is an Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale.

It takes an automated approach to search popular social media sites for targets names and pictures to accurately detect and group a person’s presence, outputting the results into a report that a human operator can quickly review.

Social Mapper has a variety of uses in the security industry, for example, the automated gathering of large amounts of social media profiles for use on targeted phishing campaigns.

Facial recognition aids this process by removing false positives in the search results so that reviewing this data is quicker for a human operator.

Social Mapper supports the following social media platforms:

  • LinkedIn
  • Facebook
  • Twitter
  • GooglePlus
  • Instagram
  • VKontakte
  • Weibo
  • Douban

Social Mapper takes a variety of input types such as:

  • An organizations name, searching via LinkedIn
  • A folder full of named images
  • A CSV file with names and URLs to images online.

Why Do You want To Run Social Mapper?

Social Mapper is primarily aimed at Penetration Testers and Red Teamers, who will use it to expand their target lists and find their social media profiles. From here what you do is only limited by your imagination, but here are a few ideas to get started:

(Note: Social Mapper does not perform these attacks, it gathers you the data you need to perform them on a mass scale.)

  • Create fake social media profiles to ‘friend’ the targets and send them links or malware. Recent statistics show social media users are more than twice as likely to click on links and open documents compared to those delivered via email.
  • Trick users into disclosing their emails and phone numbers with vouchers and offers to make the pivot into phishing, vising or smishing.
  • Create custom phishing campaigns for each social media site, knowing that the target has an account. Make these more realistic by including their profile picture in the email. Capture the passwords for password reuse.
  • View target photos looking for employee access card badges and familiarize yourself with building interiors.

Getting Started

These instructions will show you the requirements for and how to use Social Mapper.

Prerequisites

As this is a python based tool, it should theoretically run on Linux, ChromeOS (Developer Mode), Mac, and Windows. The main requirements are Firefox, Selenium, and Geckodriver. To install the tool and set it up to follow these 4 steps:

Install the latest version of Mozilla Firefox here:

https://www.mozilla.org/en-GB/firefox/new/

Install the Geckodriver for your operating system and make sure it’s in your path, on Mac you can place it in,/usr/local/bin on ChromeOS you can place it in,/usr/local/bin and on Linux, you can place it in /usr/bin.

Download the latest version of Geckodriver here:

https://github.com/mozilla/geckodriver/releases

Install the required python 2.7 libraries:

git clone https://github.com/SpiderLabs/social_mapper
cd social_mapper/setup
python -m pip install --no-cache-dir -r requirements.txt

Provide Social Mapper with Credentials to log into social media services:

Open social_mapper.py and enter social media credentials into global variables at the top of the file

Using Social Mapper

Social Mapper is run from the command line using a mix of required and optional parameters. You can specify options such as input type and which sites to check alongside a number of other parameters which affect speed and accuracy.

Required Parameters

To start up the tool 4 parameters must be provided, an input format, the input file or folder and the basic running mode:

-f, --format	: Specify if the -i, --input is a 'name', 'csv', 'imagefolder' or 'socialmapper' resume file
-i, --input 	: The company name, a csv file, imagefolder or social mapper html file to feed into social mapper
-m, --mode		: Fast or Accurate allows you to choose to skip potential targets after a first likely match is found, in some cases potentially speeding up the program x20

Additionally at least one social media site to check must be selected by including one or more of the following:

-a, --all 		: Selects all of the options below and checks every site that social mapper has credentials for
-fb, --facebook 	: Check Facebook
-tw, --twitter 		: Check Twitter
-ig, --instagram 	: Check Instagram
-li, --linkedin 	: Check LinkedIn
-gp, --googleplus 	: Check GooglePlus
-vk, --vkontakte 	: Check VKontakte
-wb, --weibo 		: Check Weibo
-db, --douban 		: Check Douban

Optional Parameters

Additional optional parameters can also be set to add additional customization to the way social mapper runs:

-t, --threshold 	: Customises the faceial recognition threshold for matches, this can be seen as the match accuracy. Default is 'standard', but can be set to loose, standard, strict or superstrict. For example loose will find more matches, but some may be incorrect. While strict may find less matches but also contain less false positives in the final report. 
-cid, --companyid 	: Additional parameter to add in a LinkedIn Company ID for if name searches are not picking the correct company.
-s, --showbrowser	: Makes the Firefox browser visable so you can see the searches performed. Useful for debugging. 
-v, --version		: Display current version

Example Runs

Here is a couple of example runs to get started for differing use cases:

A quick run for facebook and twitter on some targets you have in an imagefolder, that you plan to manually review and don't mind some false positives:
python social_mapper.py -f imagefolder -i ./mytargets -m fast -fb -tw

A exhaustive run on a large company where false positives must be kept to a minimum:
python social_mapper.py -f company -i "SpiderLabs" -m accurate -a -t strict

A large run that needs to be split over multiple sessions due to time, the first run doing LinkedIn and Facebook, with the second resuming and filling in Twitter, Google Plus and Instagram:
python social_mapper.py -f company -i "SpiderLabs" -m accurate -li -fb
python social_mapper.py -f socialmapper -i ./SpiderLabs-social-mapper-linkedin-facebook.html -m accurate -tw -gp -ig

Post navigation

Neofetch- A Command-Line System Information Tool.
WarChild – Denial Of Service Testing Suite Made For Analyzing

Related Articles

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialScan – Check Email Address and Username Availability on Online Platforms

- Social Media Hacking
June 17, 2019

Shellphish – Phishing Tool For 18 Social Media Apps

- Phishing, Social Media Hacking
June 10, 2019July 27, 2019
hacker gadgets
hacker phone covers

Recent Posts

Seekr: multi-purpose toolkit for gathering and managing OSINT Data

Seekr: multi-purpose toolkit for gathering and managing OSINT Data

February 7, 2023
reportly: AzureAD user activity report tool

reportly: AzureAD user activity report tool

February 7, 2023
PoC Exploit For GoAnywhere MFT 0-Day Flaw (CVE-2023-0669) Published Online

PoC Exploit For GoAnywhere MFT 0-Day Flaw (CVE-2023-0669) Published Online

February 7, 2023
FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis

FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis

February 6, 2023
Heap_Detective - The Simple Way To Detect Heap Memory Pitfalls In C++ And C

Heap_Detective – The Simple Way To Detect Heap Memory Pitfalls In C++ And C

February 6, 2023
OneNoteAnalyzer: analyzing malicious OneNote documents

OneNoteAnalyzer: analyzing malicious OneNote documents

February 6, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW