This article explores the idea of discovering the victim’s location. Previously, we have used several tools for OSINT purposes, so, today let us try this fascinating tool, Seeker.
So, this tool seeker is:
Just like we host phishing pages to get credentials. So, why not host a fake page that requests your location like many popular location-based websites. Seeker Hosts a fake website that asks for Location Permission, and if the target allows it, we can get:
The environment you will need for this tool is Kali Linux and any smartphone or simulator.
Ok, so the first step we need to follow is cloning the tool into our Linux system. Then we will change the directory, and update our package.
𝚐𝚒𝚝 𝚌𝚕𝚘𝚗𝚎 𝚑𝚝𝚝𝚙𝚜://𝚐𝚒𝚝𝚑𝚞𝚋.𝚌𝚘𝚖/𝚝𝚑𝚎𝚠𝚑𝚒𝚝𝚎𝚑𝟺𝚝/𝚜𝚎𝚎𝚔𝚎𝚛.𝚐𝚒𝚝
𝚌𝚍 𝚜𝚎𝚎𝚔𝚎𝚛/
𝚊𝚙𝚝 𝚞𝚙𝚍𝚊𝚝𝚎
Installing the python3.
𝚊𝚙𝚝 𝚒𝚗𝚜𝚝𝚊𝚕𝚕 𝚙𝚢𝚝𝚑𝚘𝚗𝟹 𝚙𝚢𝚝𝚑𝚘𝚗𝟹–𝚙𝚒𝚙 𝚙𝚑𝚙
Lastly, Installing the other pre-requisite.
𝚙𝚒𝚙𝟹 𝚒𝚗𝚜𝚝𝚊𝚕𝚕 𝚛𝚎𝚚𝚞𝚎𝚜𝚝𝚜
After installing the tool, let’s try the “help” command to confirm that our tool is successfully installed.
python3 seeker.py -h
To run the tool, we need a server. For that purpose, here I am utilizing “ngrok server.” All you have to do is download the .zip file into your Kali Linux system, unzip the file, connect with the auth-token and run the ngrok with the port number.
./ngrok http 8080
After executing the ngrok commands, you will get two different forwarding links that we will use as our malicious link to send to our victim.
Fire up the seeker tool in your Kali Linux terminal.
You will prompt up with the options like Google or WhatsApp. Whatever your target is, select that option. In our case, I will select the WhatsApp option. Then, give any authentic and attractive name that makes the victim think that the malicious link is valid. Lastly, set the image path for WhatsApp.
sudo python3 seeker.py -t manual
Once the victim opens the malicious link, he will prompt a WhatsApp group invitation link. And we will get the details of the victim’s device.
This article demonstrates how a harmful URL can collect information about people and their devices using the Seeker tool. As well as why we must avoid clicking on unexpected links and granting crucial rights like Geolocation.
Industrial Cybersecurity
September 28, 2023
Want always be up to date?
By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.
Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings
Have you heard about the term “test automation” but don’t really know what it is? Well, you’ve come to the right page! Get all your
Can random characters in your code get you in trouble? They certainly can! Today, we are going to discuss CRLF injections and improper neutralization of
Every company has a variety of scanners for analyzing its network and identifying new or unknown open ports. It’s unthinkable to disguise the potentially malicious
Want always be up to date?
By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.
Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings
