Targeted geolocation and tracking

HoneyBadger is a framework for targeted geolocation. HoneyBadger is used to identify the physical location of a web user using a combination of geolocation techniques using a browser’s share location feature, the visible WIFI networks, and the IP address.

The associated Metasploit Framework modules can be found here.

— Python
— SQLite3

— Copy the contents of the repository into the server/virtual host web root.
— Configure the web server/virtual host to restrict direct access to the “include”, “data” and “admin” directories. See “admin/vhost_config.txt” for an example Apache virtual host configuration file.
— Create a directory called data in the web root and make it writable by the user the web server is running as.
— Initialize the database and logging system by visiting the UI in a browser.
— Create a user with the “create_user.py” script in the “admin” directory. If this fails, it is most likely due to a missing pre-requisite or failure to do step 3.
— Log in to the UI using the newly created account.

API Usage

IP Geolocation
This method geolocates the target based on the source IP of the request and assigns the resolved location to the given target and agent.

Example: (Method: GET)


Known Coordinates
This method accepts previously resolved location data for the given target and agent.

Example: (Method: GET)


Wireless Survey
This method accepts wireless survey data and parses the information on the server-side, extracting what is needed to make a Google API geolocation call. The resolved geolocation data is then assigned to the given target and agent. Parsers currently exist for survey data from Windows, Linux and OS X using the following commands:


cmd.exe /c netsh wlan show networks mode=bssid | findstr "SSID Signal"


/bin/sh -c iwlist scan | egrep 'Address|ESSID|Signal'


/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s

Example: (Method: POST)


POST Payload


Universal Parameters
All requests can include an optional “comment” parameter. This parameter is sanitized and displayed within the UI as miscellaneous information about the target or agent.

Download from Bitbucket