creepy – A Geolocation Information Aggregator AKA OSINT Tool

Keep on Guard!


creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown accompanied with relevant information (i.e. what was posted from that specific location) to provide context to the presentation.

Creepy

Features

  • Automatic caching of retrieved information in order to reduce API calls and the possibility of hiting limit rates.
  • GUI with navigateable map for better overview of the accumulated information
  • 4 Maps providers (including Google Maps) to use.
  • Open locations in Google Maps in your browser
  • Export retrieved locations list as kmz (for Google Earth) or csv files.
  • Handling twitter authentication in an easy way using oAuth. User credentials are not shared with the application.
  • User/target search for twitter and flickr.

Map Providers

  • Google Maps
  • Virtual Maps
  • Open Street Maps

Information Retrieval Using

  • Twitter’s tweet location
  • Coordinates when tweet was posted from mobile device
  • Place (geographical name) derived from users ip when posting on twitter’s web interface. Place gets translated into coordinates using geonames.com
  • Bounding Box derived from users ip when posting on twitter’s web interface.The less accurate source , a corner of the bounding box is selected randomly.
  • Geolocation information accessible through image hosting services API
  • EXIF tags from the photos posted.

Social Networking Platforms Supported

  • Twitter
  • Foursquare (only checkins that are posted to twitter)
  • Gowalla (only checkins that are posted to twitter)

Image Hosting Services Supported

  • flickr – information retrieved from API
  • twitpic.com – information retrieved from API and photo exif tags
  • yfrog.com – information retrieved from photo exif tags
  • img.ly – information retrieved from photo exif tags
  • plixi.com – information retrieved from photo exif tags
  • twitrpix.com – information retrieved from photo exif tags
  • foleext.com – information retrieved from photo exif tags
  • shozu.com – information retrieved from photo exif tags
  • pickhur.com – information retrieved from photo exif tags
  • moby.to – information retrieved from API and photo exif tags
  • twitsnaps.com – information retrieved from photo exif tags
  • twitgoo.com – information retrieved from photo exif tags

You can download creepy here:

CreepySetup_0.1.94.exe

Or read more here.

Posted in: Privacy, Web Hacking

, , ,


Latest Posts:


DAST vs SAST - Dynamic Application Security Testing vs Static DAST vs SAST – Dynamic Application Security Testing vs Static
In security testing, much like most things technical there are two very contrary methods, Dynamic Application Security Testing or DAST and Static or SAST.
Cr3dOv3r - Credential Reuse Attack Tool Cr3dOv3r – Credential Reuse Attack Tool
Cr3dOv3r is a fairly simple Python-based set of functions that carry out the prelimary work as a credential reuse attack tool.
Mr.SIP - SIP Attack And Audit Tool Mr.SIP – SIP Attack And Audit Tool
Mr.SIP was developed in Python as a SIP Attack and audit tool which can emulate SIP-based attacks. Originally it was developed to be used in academic work.
Uber Paid Hacker To Hide 57 Million User Data Breach Uber Paid Hackers To Hide 57 Million User Data Breach
Uber is not known for it's high level of ethics, but it turns out Uber paid hackers to not go public with the fact they'd breached 57 Million accounts.
RDPY - RDP Security Tool For Hacking Remote Desktop Protocol RDPY – RDP Security Tool For Hacking Remote Desktop Protocol
RDPY is an RDP Security Tool in Twisted Python with RDP Man in the Middle proxy support which can record sessions and Honeypot functionality.
Terabytes Of US Military Social Media Spying S3 Data Exposed Terabytes Of US Military Social Media Spying S3 Data Exposed
Once again the old, default Amazon AWS S3 settings are catching people out, the US Military has left terabytes of social media spying S3 data exposed.


Comments are closed.