Trustwave Holdings, the American information security company, releases a new intelligence tool, Social Mapper, which uses facial recognition to correlate target profiles across various social media sites on a large scale. The tool locates profiles on Facebook, Twitter, LinkedIn, Instagram, and other networks by using just a name and a picture.
Social Mapper also takes a variety of other inputs such as an organization’s name, named image/s, CSV file with names and URLs to images online. The new open-source tool which is licensed as free software is specifically designed for security researchers, like the red teamers and penetration testers, performing social engineering attacks or ethical hacking.
Compared to other social media tracking tools like Geofeedia, Social Mapper automates manual searches in an instrumented browser window and uses facial recognition technology to scan through the results, probably the first 10-20 finding and doesn’t require API access to social networks. However, it is predicted that the manual search approach could hamper the speed of the new tool when tried on large numbers.
Social Mapper has a variety of uses in the security industry. It can be used to create fake social media profiles to friend ‘targets’ and send them links or malware; to trick users into disclosing their details with vouchers and offers; to create custom phishing campaigns for each social media site in which the target holds an account and many other use cases. Trustwave, however, restricts the tool’s use in ethical hacking, and for verified users alone.