This article explores the idea of discovering the victim’s location. Previously, we have used several tools for OSINT purposes, so, today let us try this fascinating tool, Seeker.
So, this tool seeker is:
Just like we host phishing pages to get credentials. So, why not host a fake page that requests your location like many popular location-based websites. Seeker Hosts a fake website that asks for Location Permission, and if the target allows it, we can get:
- Altitude – Not always available
- Direction – Only available if the user is moving
- Speed – Only available if the user is moving
The environment you will need for this tool is Kali Linux and any smartphone or simulator.
Configure the tool in Kali Linux
Ok, so the first step we need to follow is cloning the tool into our Linux system. Then we will change the directory, and update our package.
𝚐𝚒𝚝 𝚌𝚕𝚘𝚗𝚎 𝚑𝚝𝚝𝚙𝚜://𝚐𝚒𝚝𝚑𝚞𝚋.𝚌𝚘𝚖/𝚝𝚑𝚎𝚠𝚑𝚒𝚝𝚎𝚑𝟺𝚝/𝚜𝚎𝚎𝚔𝚎𝚛.𝚐𝚒𝚝
Installing the python3.
𝚊𝚙𝚝 𝚒𝚗𝚜𝚝𝚊𝚕𝚕 𝚙𝚢𝚝𝚑𝚘𝚗𝟹 𝚙𝚢𝚝𝚑𝚘𝚗𝟹–𝚙𝚒𝚙 𝚙𝚑𝚙
Lastly, Installing the other pre-requisite.
𝚙𝚒𝚙𝟹 𝚒𝚗𝚜𝚝𝚊𝚕𝚕 𝚛𝚎𝚚𝚞𝚎𝚜𝚝𝚜
After installing the tool, let’s try the “help” command to confirm that our tool is successfully installed.
python3 seeker.py -h
Configure the NGROK Server
To run the tool, we need a server. For that purpose, here I am utilizing “ngrok server.” All you have to do is download the .zip file into your Kali Linux system, unzip the file, connect with the auth-token and run the ngrok with the port number.
./ngrok http 8080
After executing the ngrok commands, you will get two different forwarding links that we will use as our malicious link to send to our victim.
Trace the Location
Fire up the seeker tool in your Kali Linux terminal.
You will prompt up with the options like Google or WhatsApp. Whatever your target is, select that option. In our case, I will select the WhatsApp option. Then, give any authentic and attractive name that makes the victim think that the malicious link is valid. Lastly, set the image path for WhatsApp.
sudo python3 seeker.py -t manual
Once the victim opens the malicious link, he will prompt a WhatsApp group invitation link. And we will get the details of the victim’s device.
This article demonstrates how a harmful URL can collect information about people and their devices using the Seeker tool. As well as why we must avoid clicking on unexpected links and granting crucial rights like Geolocation.