Performing intelligence gathering on is a time-consuming process, typically starting by attempting to find a person’s online presence on a variety of social media sites.
While this is an easy task when there are only a few targets, it can become incredibly tedious when done at scale.
To answer this need, Trustwave has announced the release of Social Mapper, an open source intelligence tool that uses facial recognition to correlate social media profiles across a number of different sites on a large scale.
Trustwave, which provides ethical hacking services, has successfully used the tool in a number of penetration tests and red teaming engagements on behalf of clients.
It takes an automated approach to searching popular social media sites for names and pictures of individuals to accurately detect and group a person’s presence, outputting the results into a report that a human operator can quickly review.
It's primarily aimed at penetration testers and red teamers, who will use it to expand their target lists, aiding them in social media phishing scenarios.
Its primary benefit comes from the automation of matching profiles and the report generation capabilities.
As the security industry continues to struggle with talent shortages and rapidly evolving adversaries, it is imperative that a penetration tester’s time is utilized in the most efficient means possible.
Social Mapper supports the following social media platforms:
Once Social Mapper has finished running and the reports have been collected, here are some examples of how pentesters can use the information generated. They can: