Posts tagged: Information Gathering Tool

Oct 21 2013

Facebook Data Mining Tool Uncovers Your Life

You know you shouldn’t post potentially damaging data on Facebook, but more often that not, your friends don’t think twice about it, and this can impact you even more than you think. At the Hack In The Box conference in Kuala Lumpur, security consultants Keith Lee and Jonathan Werrett from SpiderLabs revealed how a simple tool can enable anyone to find a comprehensive amount of data on any user.

Facebook Data Mining
Keith Lee and Jonathan Werrett during their presentation

To get the information, they created the aptly named FBStalker. This tool reverse-engineers the Facebook Graph and can find information on almost anyone. You don’t have to be a friend with someone on the network – the only thing that FBStalker needs to work is for parts of your posts to be marked as public. The tool will find things based on photos you’ve been tagged in, the comments you’ve put on other people’s posts, the things that you like, etc.

If you are tagged in a photo, we can assume you know the people you’re in the photo with. If you comment on a post, FBStalker knows there’s an association. Most people have an open friends list and this gives the tool a variety of people to target for more information. By looking at their posts and your interactions with them, it’s possible to understand how some of those people are important in your life.

Even though many users don’t use the Check-In function, it’s still possible to determine their favorite places to hang-out based on the tagged photos and posts from their friends. Just imagine the level of detail you can achieve and how that can help you if you want to mount a targeted social engineering attack against the user.

The first thing that came to mind when I learned about this tool was to ask if it’s a violation of Facebook’s terms of service. Werrett was expecting the question, he says with a smile: “The tool is basically automating what the user can do in the browser. We’re not using any APIs or unofficial ways of interacting with the interface. We’re using Graph Search to build-up this profile.”

FBStalker goes also a step further and provides private information about the targeted user that might not be obvious to others. It allows you to analyze the time when the person is online and, with time you are able to guess their sleep patterns and active hours.

This type of tool works well if you haven’t locked down your profile, but it can still work even if you have, provided that your friends haven’t locked down their profiles. You know the old saying – the chain is only as strong as its weakest link. With Facebook’s recent announcement that they are removing a privacy feature and that every user is going to be discoverable by name, things are getting increasingly harder to hide.

Even if your account is locked down, you can’t mark your profile picture as private. Once you change it and people like the picture, the attacker can start building a view of your friends list.

What can you do to protect yourself? The authors have a few suggestions: turn off location tracking and tighten your Facebook privacy settings. However, with the social networking giant increasingly removing privacy options, you may have trouble staying hidden.

Jan 27 2012

theHarvester – Information Gathering Tool

The HarvestertheHarvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources like search engines and PGP key servers.

This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective.

The sources supported are:
– Google – emails,subdomains/hostnames
– Google profiles – Employee names
– Bing search – emails, subdomains/hostnames,virtual hosts
– Pgp servers – emails, subdomains/hostnames
– Linkedin – Employee names
– Exalead – emails,subdomain/hostnames

New features:
– Time delays between requests
– XML and HTML results export
– Search a domain in all sources
– Virtual host verifier
– Shodan computer database integration
– Active enumeration (DNS enumeration,DNS reverse lookups, DNS TLD expansion)
– Basic graph with stats

Some Examples:
Searching emails accounts for the domain microsoft.com, it will work with the first 500 google results:

./theharvester.py -d microsoft.com -l 500 -b google

Searching emails accounts for the domain microsoft.com in a PGP server, here it’s not necessary to specify the limit.

./theharvester.py -d microsoft.com -b pgp

Searching for user names that works in the company microsoft, we use google as search engine, so we need to specify the limit of results we want to use:

./theharvester.py -d microsoft.com -l 200 -b linkedin

Searching in all sources at the same time, with a limit of 200 results:

./theHarvester.py -d microsoft.com -l 200 -b all

Download: https://code.google.com/p/theharvester