7/4/11

Creepy Tools for Social Engineers and Information Gathering

Gelocation has been a hot topic in the social engineering world for quite some time. As a social engineer it is important to be able to profile your targets efficiently. Tools like SETand Maltego make social engineering engagements easier.
Yet up until now there wasn’t a tool out there that helped a social engineer track the physical where-a-bouts of their targets. Of course you could go to their twitter, facebook, 4square and other social media accounts and gather all their messages and then find posts that have geo data in them and then take the time to gather all the details and make sense of them.
What if there was a way to retrieve information from Twitter as well as FourSquare. In addition, if you could then gather any geolocation data from flickr, twitpic.com, yfrog.com, img.ly, plixi.com, twitrpix.com, foleext.com, shozu.com, pickhur.com, moby.to, twitsnaps.com and twitgoo.com would that be impressive?

Enters Mr. Yiannis Kakavas. Yiannis approached Social-Engineer.Org with a beta of a tool he calls Cree.py…. and all I can say is creepy it is.
After a few minutes of installation it is up and running in BackTrack 4, Linux or Windows and you can track any targets gelocation from their tweets and social media.
Installation:
As I mentioned, installation in BackTrack is quite simple:
In a command console type:
Nano /etc/apt/sources.list
And add this to the end:
deb http://people.dsv.su.se/~kakavas/creepy/ binary/
Then in the console type:
apt-get update
Then to install cree.py type:
apt-get install creepy
Creepy is now in the global menu under Applications-> Internet.
Or can be run by typing
Creepymap
Into the console.
Running Cree.py
Once you start creepy up you are greeted by a very nice GUI interface:

Fig1 1024x662 Creepy Tools for Social Engineers and Information Gathering
Creepy Interface
In the “Search For” box you type in the full name of your target and hit “search”:

Fig2 1024x663 Creepy Tools for Social Engineers and Information Gathering
Searching with in Creepy
Once the search is done you can scroll through all your choices and double click them.  Which will place their nick into the Username field.
After that click the “Geolocate Target” button:

Fig3 1024x664 Creepy Tools for Social Engineers and Information Gathering
The Geolocation Map
That opens up the map view tab and starts to scrape through the targets tweets and other information looking for geolocation data.  When it is done searching:

Fig5 1024x660 Creepy Tools for Social Engineers and Information Gathering
Geo Data Galore


Some of the other great features of Cree.py is that you can export your targets map as a Google Earth filter and then open it up in Google Earth.

Fig6 1024x597 Creepy Tools for Social Engineers and Information Gathering
Google Earth Data


As you can see Cree.py is just that – CREEPY, but what a great tool to gather information and building profiles on targets.
It also should be a very rude awakening to how much information we release.
Thanks to Yiannis Kakavas for his hard work.  From what I heard from him, there are some new features coming.  Keep tuned to both social-engineer.org as well as in the next edition ofBackTrack as this tool will be featured.
If you want to touch base with Yiannis you can hit up his site all about Cree.py or continue to check back here for more information.

Δεν υπάρχουν σχόλια:

Δημοσίευση σχολίου