Skip to main content

SEEKER. ..(Accurate locate smartphone using)

README.md





 

Available in
Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites.
Seeker Hosts a fake website on In Built PHP Server and uses Serveo to generate a link which we will forward to the target, website asks for Location Permission and if the target allows it, we can get :
  • Longitude
  • Latitude
  • Accuracy
  • Altitude - Not always available
  • Direction - Only available if user is moving
  • Speed - Only available if user is moving
Along with Location Information we also get Device Information without any permissions :
  • Operating System
  • Platform
  • Number of CPU Cores
  • Amount of RAM - Approximate Results
  • Screen Resolution
  • GPU information
  • Browser Name and Version
  • Public IP Address
  • IP Address Reconnaissance
This tool is a Proof of Concept and is for Educational Purposes Only, Seeker shows what data a malicious website can gather about you and your devices and why you should not click on random links and allow critical permissions such as Location etc.

How is this Different from IP GeoLocation

  • Other tools and services offer IP Geolocation which is NOT accurate at all and does not give location of the target instead it is the approximate location of the ISP.
  • Seeker uses HTML API and gets Location Permission and then grabs Longitude and Latitude using GPS Hardware which is present in the device, so Seeker works best with Smartphones, if the GPS Hardware is not present, such as on a Laptop, Seeker fallbacks to IP Geolocation or it will look for Cached Coordinates.
  • Generally if a user accepts location permsission, Accuracy of the information recieved is accurate to approximately 30 meters, Accuracy Depends on the Device.
Note : On iPhone due to some reason location accuracy is approximately 65 meters.

Tested On :

  • Kali Linux 2019.2
  • BlackArch Linux
  • Ubuntu 19.04
  • Kali Nethunter
  • Termux
  • Parrot OS

Installation

Kali Linux / Ubuntu / Parrot OS

git clone https://github.com/thewhiteh4t/seeker.git
cd seeker/
chmod 777 install.sh
./install.sh

BlackArch Linux

pacman -S seeker

Docker

docker pull thewhiteh4t/seeker

Termux

git clone https://github.com/thewhiteh4t/seeker.git
cd seeker/
chmod 777 termux_install.sh
./termux_install.sh

Usage

python3 seeker.py -h

usage: seeker.py [-h] [-s SUBDOMAIN]

optional arguments:
  -h, --help                              show this help message and exit
  -s SUBDOMAIN, --subdomain Subdomain    Provide Subdomain for Serveo URL ( Optional )
  -k KML, --kml KML                       Provide KML Filename ( Optional )
  -t TUNNEL, --tunnel TUNNEL              Specify Tunnel Mode [manual]

# Example

# SERVEO 
########
python3 seeker.py

# NGROK ETC.
############

# In First Terminal Start seeker in Manual mode like this
python3 seeker.py -t manual

# In Second Terminal Start Ngrok or any other tunnel service on port 8080
./ngrok http 8080

#-----------------------------------#

# Subdomain
########### 
python3 seeker.py --subdomain google
python3 seeker.py --tunnel manual --subdomain zomato

#-----------------------------------#

# Docker Usage
##############

# SERVEO
########
docker run -t --rm thewhiteh4t/seeker

# NGROK
#######

# Step 1
docker network create ngroknet

# Step 2
docker run --rm -t --net ngroknet --name seeker thewhiteh4t/seeker python3 seeker.py -t manual

# Step 3
docker run --rm -t --net ngroknet --name ngrok wernight/ngrok ngrok http seeker:8080

Known Problems

  • Services like Serveo and Ngrok are banned in some countries such as Russia etc., so if it's banned in your country you may not get a URL, if not then first READ CLOSED ISSUES, if your problem is not listed, create a new issue.

Demo

Comments

Post a Comment

Popular posts from this blog

RouterSploit ..(Exploitation Framework for Embedded Devices)

RouterSploit - Exploitation Framework for Embedded Devices   The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. click here to video It consists of various modules   that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against network services scanners - modules that check if a target is vulnerable to any exploit payloads - modules that are responsible for generating payloads for various architectures and injection points generic - modules that perform generic attacks Installation Requirements Required: future requests paramiko pysnmp pycrypto Optional: bluepy - bluetooth low energy Installation on Kali Linux apt-get install python3-pip git clone https://www.github.com/threat9/routersploit cd routersploit python3 -m pip install -r requirements.txt python3 rsf.py Bluetooth Low Energy suppo...
Post a Comment
Read more

Embed Payload (Exe) into a PDF Documents – EvilPDF

 Hey folks, today we are going to talk about the tool that can easily add malicious payloads within the .PDF extension files and after which you can easily access any system. As we know it is prohibited to execute malicious payloads inside the window defender system, hence we will send our payload through the PDF files.   Environment Kali Linux = Attacker Window 10 = Victim ( Tested On ) Lets take a look 🙂 !! EvilPDF The EvilPDF tool is specifically designed to embed payloads inside PDF files. It is an open source tool hosted on the github page that we will download using the wget command. git clone https://github.com/thelinuxchoice/evilpdf cd evilpdf 1 2 git clone https://github.com/thelinuxchoice/evilpdf cd evilpdf It require some additional features that we can download using the following command. python -m pip install pypdf2 1 python -m pip install pypdf2 Now we can use this tool using the given command. python evilpdf.py 1 python evilpdf.py In the image below you have t...
Post a Comment
Read more

TheFatRat ( make a bypass antivirus create payload )

TheFatRat             A Massive Exploiting Tool TheFatRat  is an exploiting tool which compiles a malware with famous payload, and then the compiled maware can be executed on Linux , Windows , Mac and Android.  TheFatRat  Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus. Features ! Fully Automating MSFvenom & Metasploit. Local or remote listener Generation. Easily Make Backdoor by category Operating System. Generate payloads in Various formats. Bypass anti-virus backdoors. File pumper that you can use for increasing the size of your files. The ability to detect external IP & Interface address . Automatically creates AutoRun files for USB / CDROM exploitation Installation Instructions on how to install  TheFatRat git clone https://github.com/Screetsec/TheFatRat.git cd TheFatRat chmod +x setup.sh && ./setup.sh Update cd TheFatRat ./update && c...
Post a Comment
Read more