explaingit

thewhiteh4t/seeker

9,409CSSAudience · researcherComplexity · 2/5Setup · moderate

TLDR

Seeker is a Python proof-of-concept tool that hosts a fake webpage to trick smartphone visitors into granting location access, then captures their GPS coordinates and device details, built for security education and awareness.

Mindmap

mindmap
  root((seeker))
    What it does
      Hosts fake webpage
      Captures GPS location
      Fingerprints device
    Data collected
      GPS coordinates
      Browser and OS info
      Public and local IP
      Canvas fingerprint
    Built-in templates
      Google Drive
      WhatsApp
      Telegram
      Zoom
    Platforms
      Linux
      macOS
      Android Termux
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Demonstrate to a team how a convincing fake login page can harvest precise GPS coordinates from any smartphone visitor

USE CASE 2

Run a security awareness training session showing what browser APIs expose (OS, screen size, IP, GPU) without any permission

USE CASE 3

Test your own device's canvas fingerprint surface to understand how trackers generate persistent identifiers

USE CASE 4

Set up a phishing simulation behind a tunnel to teach users why granting location permission to unknown sites is dangerous

Tech stack

PythonCSSHTML

Getting it running

Difficulty · moderate Time to first run · 30min

Requires a tunnel service like Ngrok to expose the local server to the public internet for real-device testing.

In plain English

Seeker is a Python security research tool that demonstrates how a fake webpage can gather precise location and device information from a smartphone visitor. The project's stated purpose is educational: to show developers and everyday users what data a deceptive website can collect, and why granting location permissions to unfamiliar pages carries real risk. The tool works by hosting a local web server that displays a convincing fake page, chosen from several built-in templates styled after services like Google Drive, WhatsApp, Telegram, or Zoom. If the visitor grants the location request that appears in their browser, the page reads GPS coordinates directly from the device hardware. On a smartphone with GPS, the accuracy can reach within about 30 meters, which is far more precise than estimating location from an internet address alone. Beyond coordinates, the page also collects general device information that browsers expose without any permission prompt: operating system, browser name and version, screen resolution, approximate CPU core count, graphics card details, and both public and local IP addresses. The tool uses a technique called canvas fingerprinting to generate a unique identifier for the device. Seeker is described explicitly as a proof of concept, not a finished attack tool. Its main value in a research or training context is showing how social engineering combined with standard browser APIs can extract meaningful data that most people assume is private. The project runs on Linux distributions popular with security professionals, as well as macOS and the Termux environment on Android. Instructions are included for running the server behind a tunnel service that makes it reachable from the public internet during testing.

Copy-paste prompts

Prompt 1
Using the Seeker codebase, walk me through adding a new fake template page that mimics a Google Meet video call invitation, including the HTML, CSS, and how to register it in the template picker
Prompt 2
How does Seeker collect the visitor's local IP address without asking for any browser permission? Show me the JavaScript responsible
Prompt 3
I want to run Seeker behind an Ngrok tunnel on a cloud VPS so the fake page is reachable publicly, write the exact steps
Prompt 4
Explain the canvas fingerprinting technique Seeker uses to generate a unique device ID and show how I could add extra entropy to make it more stable across sessions
Open on GitHub → Explain another repo

← thewhiteh4t on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.