1. Tim Tomes
  2. Recon-ng
  3. Issues


Issue #57 resolved

Proposed module for discussion - Mediastalker

created an issue

I am planning (if you are cool with it) on making a mediastalker mod for recon-ng. The idea is that you give it a single name/tag (eg, lanmaster53, mubix, webbreacher) and it'll search all the media sites (eg, flcikr, slideshare, youtube, pandora, last.fm...) for that name and then return what that person listens to, who their friends are, what they present/share slides on...etc. Think about it as a more in-depth recon on a specific target/person.

This is a little outside the normal recon-ng "get info about hosts and get contact info of people". Wanted to propose it before I do it. Thoughts?

Comments (6)

  1. Tim Tomes repo owner

    This is almost what PushPin does. Thrapt started porting PushPin to a module (see pull requests), but I've not had the chance to review it. It's quite large.

  2. aidden keli

    I am with WebBreacher Tim. This sounds a little different then pushpin. This sounds like more of a person specific module as apposed to a location specific search like pushpin. I would like to see something like this as it can be, while scarey, very powerful for Social Engineering engagements. Instead of trying to see everyones stuff you can focus on just one target to get the most effective SE approch. I imagine thats how the higher end APT would do it. Maybe it can be just a mode to pushpin to allow it to be person specific.

  3. aidden keli

    Maybe the pushpin module, if it updates the DB, can be the starting point for this. The reason i say that is that pushpin can provide the user names you need and it would be cool to run the pushpin module to get user names added to the DB and then run the 'stalker' modules to get person specific info, pulling usernames from the DB. Let me know if there is anything I can do. I have very noob coding skills in python but i'm here to help if needed.

  4. Tim Tomes repo owner

    I plan to have something that satisfies both of these requests complete by Black Hat. I'll begin looking at this more seriously in the coming weeks. Thanks for your input.

  5. Log in to comment