Social Media Enumeration & Correlation Tool: Social Mapper

ID N0WHERE:172920
Type n0where
Reporter N0where
Modified 2018-08-22T17:26:38


Social Mapper is a Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to searching popular social media sites for targets names and pictures to accurately detect and group a person’s presence, outputting the results into report that a human operator can quickly review.

Social Mapper has a variety of uses in the security industry, for example the automated gathering of large amounts of social media profiles for use on targeted phishing campaigns. Facial recognition aids this process by removing false positives in the search results, so that reviewing this data is quicker for a human operator.

Social Mapper supports the following social media platforms:

  • LinkedIn
  • Facebook
  • Twitter
  • GooglePlus
  • Instagram
  • VKontakte
  • Weibo
  • Douban

Social Mapper takes a variety of input types such as:

  • An organisations name, searching via LinkedIn
  • A folder full of named images
  • A CSV file with names and url’s to images online

Use-cases (Why you want to run this)

Social Mapper is primarily aimed at Penetration Testers and Red Teamers, who will use it to expand their target lists and find their social media profiles. From here what you do is only limited by your imagination, but here are a few ideas to get started:

(Note: Social Mapper does not perform these attacks, it gathers you the data you need to perform them on a mass scale.)

  • Create fake social media profiles to ‘friend’ the targets and send them links or malware. Recent statistics show social media users are more than twice as likely to click on links and open documents compared to those delivered via email.
  • Trick users into disclosing their emails and phone numbers with vouchers and offers to make the pivot into phishing, vishing or smishing.
  • Create custom phishing campaigns for each social media site, knowing that the target has an account. Make these more realistic by including their profile picture in the email. Capture the passwords for password reuse.
  • View target photos looking for employee access card badges and familiarise yourself with building interiors.


As this is a python based tool, it should theoretically run on Linux, chromeOS ( Developer Mode ) and Mac. The main requirements are Firefox, Selenium and Geckodriver.

Using Social Mapper

Social Mapper is run from the command line using a mix of required and optional parameters. You can specify options such as input type and which sites to check alongside a number of other parameters which affect speed and accuracy.

Required Parameters

To start up the tool 4 parameters must be provided, an input format, the input file or folder and the basic running mode:

-f, --format    : Specify if the -i, --input is a 'name', 'csv', 'imagefolder' or 'socialmapper' resume file
-i, --input     : The company name, a csv file, imagefolder or social mapper html file to feed into social mapper
-m, --mode      : Fast or Accurate allows you to choose to skip potential targets after a first likely match is found, in some cases potentially speeding up the program x20

Additionally at least one social media site to check must be selected by including one or more of the following:

-a, --all       : Selects all of the options below and checks every site that social mapper has credentials for
-fb, --facebook     : Check Facebook
-tw, --twitter      : Check Twitter
-ig, --instagram    : Check Instagram
-li, --linkedin     : Check LinkedIn
-gp, --googleplus   : Check GooglePlus
-vk, --vkontakte    : Check VKontakte
-wb, --weibo        : Check Weibo
-db, --douban       : Check Douban

Optional Parameters

Additional optional parameters can also be set to add additional customisation to the way social mapper runs:

-t, --threshold     : Customises the faceial recognition threshold for matches, this can be seen as the match accuracy. Default is 'standard', but can be set to loose, standard, strict or superstrict. For example loose will find more matches, but some may be incorrect. While strict may find less matches but also contain less false positives in the final report. 
-cid, --companyid   : Additional parameter to add in a LinkedIn Company ID for if name searches are not picking the correct company.
-s, --showbrowser   : Makes the Firefox browser visable so you can see the searches performed. Useful for debugging. 
-v, --version       : Display current version
-e, --email     : Provide a fuzzy email format like "<f><last>" to generate additional csv files for each site with firstname,lastname,fullname,email,profileURL,photoURL. These can be fed into phishing frameworks such as GoPhish or Lucy.

Social Media Enumeration & Correlation Tool: Social Mapper Download