A tool to locate people using social engineering. This tool is made in GoLang and use HTML templates for social engineering to gather information and location of the target. This tool is merely a POC of what attackers can do using these tech and should be used only for learning purposes. This tools can be very useful in reconnaissance.
LOCTRACK
LocTrack use the javascript to gather all information about the target machine hidden in the template that the target is going to open. All information will be loaded as soon as target opens the link in their browser. Information like OS, RAM, GPU, CPU cores, Java enabled or not, etc will be automatically fetched. It works for every platform whether target opens that link in computer, android or iphone. Along with all these information it also send the targets IP and location to the attacker. Currently, this tool gets the target location using IP, GPS and cached location details. For getting GPS location, this tool required permission of the target, hence, comes social engineering to lure target into giving permission for the GPS access. This tools works best with smartphones because of the GPS hardware present in smartphones. There are various ways in which an attacker can lure target or trick into giving the permissions.
Installation
Either compile the code by yourself or use pre-compiled binaries available. There is a Make file available which contains these functionalities.
Make build — to build the code
Make install — to build and install the tool system wide
Make clean — to clean temp files
Make uninstall — to uninstall the tool
Simply typing sudo make on terminal in the tool’s directory and pressing enter will create a build, install the tool and clean temp files. All the above was for linux systems. For windows, you have to compile using GOLang inbuilt commands. This tool also supports colored texts in command prompt of windows.
Usage
Loctrack uses default SSL/TLS certs, SSH keys, tunnel and port which can be changed using command line arguments. To use your own certs, keys, put them in the respective folder with the same name. For your own SSH keys, you have to give permission 700 to the private key, else tunnel will not work.
This tool also gives option to run it on any port, use your own tunnel or use your custom subdomain names.
Loctrack generates a link with subdomain if it is given which can be opened anywhere since it uses reverse tunnel connection over SSL/TLS. Select any available template and the link generated will open it. As soon as target opens that link, all available information of their system will be shown on attackers console and if the target allows the permission pop-up then exact location will be shown with the google map’s link with exact latitude and longitude coordinates. Everything will be logged in the log.txt file.
In future, one more functionality can be added to this tool which will be very helpful in getting the exact location of the target. We can get a persons location by three means, IP address, GPS and telecommunication network. Currently this tool only implements two of the three.
For more information, issue, query or contact go to the github repo and read README.md
Thanks for reading!!
