Penetration Testing, Vulnerability Management

Social Mapper: The What, Why, and How

By Marcos Colon

The amount of information available to the cybersecurity warriors of today can be quite useful. However, the intelligence-gathering process is quite cumbersome. If you’re focusing on smaller sample sizes, sure, it may not take you or your team much time. But when you’re looking to gather information at scale, it’s an entirely different story.

Jacob Wilkin, security consultant at Trustwave SpiderLabs, knows this, so he created open source intelligence tool that enables penetration testers and red teasers to scrape information from social media accounts.

From LinkedIn and Facebook to Instagram and Weibo, Social Mapper leverages facial recognition to correlate social media profiles across a total of eight social media channels.

“It’s meant for scraping various social networks for information that can later be reused to build phishing campaigns or social engineering campaigns,” Karl Sigler, threat intelligence manager at Trustwave SpiderLabs told InfoSec Insider during a recent interview shot at the Black Hat Conference in Las Vegas. “It uses a photograph of a person and uses facial recognition to pinpoint that exact person.”

In the full interview below, Sigler discusses how penetration testers and red teamers can leverage Social Mapper and gives us a demonstration of how the threat intelligence gathering tool works.

To learn more about topics like this and others, be sure to attend the upcoming InfoSec World Conference & Expo in Orlando, Florida.

Alexandre Godreau

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.