Concept behind Newtoxton-locator is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites. Read more on newtoxton's Blog .Seeker Hosts a fake website which asks for Location Permission and if the target allows it, we can get :
- Longitude
- Latitude
- Accuracy
- Altitude - Not always available
- Direction - Only available if user is moving
- Speed - Only available if user is moving
Along with Location Information we also get Device Information without any permissions :
- Unique ID using Canvas Fingerprinting
- Device Model - Not always available
- Operating System
- Platform
- Number of CPU Cores - Approximate Results
- Amount of RAM - Approximate Results
- Screen Resolution
- GPU information
- Browser Name and Version
- Public IP Address
- Local IP Address
- Local Port
Automatic IP Address Reconnaissance is performed after the above information is received.
This tool is a Proof of Concept and is for Educational Purposes Only, Newtoxton-Locator shows what data a malicious website can gather about you and your devices and why you should not click on random links and allow critical permissions such as Location etc.
-
Other tools and services offer IP Geolocation which is NOT accurate at all and does not give location of the target instead it is the approximate location of the ISP.
-
Newtoxton-Locator uses HTML API and gets Location Permission and then grabs Longitude and Latitude using GPS Hardware which is present in the device, so Newtoxton-Locator works best with Smartphones, if the GPS Hardware is not present, such as on a Laptop, Newtoxton-Locator fallbacks to IP Geolocation or it will look for Cached Coordinates.
-
Generally if a user accepts location permsission, Accuracy of the information recieved is accurate to approximately 30 meters
-
Accuracy depends on multiple factors which you may or may not control such as :
- Device - Won't work on laptops or phones which have broken GPS
- Browser - Some browsers block javascripts
- GPS Calibration - If GPS is not calibrated you may get inaccurate results and this is very common
Available Templates :
- NearYou
- Google Drive (Suggested by @Akaal_no_one)
- WhatsApp (Suggested by @Dazmed707)
- Telegram
- Kali Linux
- BlackArch Linux
- Ubuntu
- Kali Nethunter
- Termux
- Parrot OS
git clone https://github.com/Newtoxton/newtoxton-locator.git
cd newtoxton-locator/
apt update
apt install python3 python3-pip php
pip3 install requestspacman -S newtoxtongit clone https://github.com/Newtoxton/newtoxton-locator.git
cd newtoxton-locator/
pkg update
pkg install python php
pip3 install requestsdocker pull Newtoxton/newtoxton-locatorpython3 newtoxton.py -h
usage: newtoxton.py [-h] [-s SUBDOMAIN]
optional arguments:
-h, --help show this help message and exit
-k KML, --kml Provide KML Filename ( Optional )
-p PORT, --port Port for Web Server [ Default : 8080 ]
-t TUNNEL, --tunnel Specify Tunnel Mode [ Available : manual ]
##################
# Usage Examples #
##################
# Step 1 : In first terminal
$ python3 newtoxton.py -t manual
# Step 2 : In second terminal start a tunnel service such as ngrok
$ ./ngrok http 8080
###########
# Options #
###########
# Ouput KML File for Google Earth
$ python3 seeker.py -t manual -k <filename>
# Use Custom Port
$ python3 newtoxton.py -t manual -p 1337
$ ./ngrok http 1337
################
# Docker Usage #
################
# Step 1
$ docker network create ngroknet
# Step 2
$ docker run --rm -it --net ngroknet --name newtoxton Newtoxton/newtoxton-locator
# Step 3
$ docker run --rm -it --net ngroknet --name ngrok wernight/ngrok ngrok http newtoxton:8080