Today, researchers at Trustwave released a new open-source tool called Social Mapper, which uses facial recognition to track subjects across social media networks. Designed for security researchers performing social engineering attacks, the system automatically locates profiles on Facebook, Instagram, Twitter, LinkedIn, and other networks based on a name and picture.
Those searches can already be performed manually, but the automated process means it can be performed far faster and for many people at once. “Performing intelligence gathering online is a time-consuming process,” Trustwave explained in a post this morning. “What if it could be automated and done on a mass scale with hundreds or thousands of individuals?”
Social Mapper doesn’t require API access to social networks, a restriction that has hampered social media tracking tools like Geofeedia. Instead, the system performs automated manual searches in an instrumented browser window, then uses facial recognition to scan through the first 10 to 20 results for a match. The manual searches mean the tool can be quite slow compared to API-based scans. The developer estimates that searching a target list of 1,000 people could take more than 15 hours.
The end result is a spreadsheet of confirmed accounts for each name, perfect for targeted phishing campaigns or general intelligence gathering. Trustwave’s emphasis is on ethical hacking — using phishing techniques to highlight vulnerabilities that can then be fixed — but there are few restrictions on who can use the program. Social Mapper is licensed as free software, and it’s freely available on GitHub.