seeker

Seeker is a Python security research tool that demonstrates how a fake webpage can gather precise location and device information from a smartphone visitor. The project's stated purpose is educational: to show developers and everyday users what data a deceptive website can collect, and why granting location permissions to unfamiliar pages carries real risk.

The tool works by hosting a local web server that displays a convincing fake page, chosen from several built-in templates styled after services like Google Drive, WhatsApp, Telegram, or Zoom. If the visitor grants the location request that appears in their browser, the page reads GPS coordinates directly from the device hardware. On a smartphone with GPS, the accuracy can reach within about 30 meters, which is far more precise than estimating location from an internet address alone.

Beyond coordinates, the page also collects general device information that browsers expose without any permission prompt: operating system, browser name and version, screen resolution, approximate CPU core count, graphics card details, and both public and local IP addresses. The tool uses a technique called canvas fingerprinting to generate a unique identifier for the device.

Seeker is described explicitly as a proof of concept, not a finished attack tool. Its main value in a research or training context is showing how social engineering combined with standard browser APIs can extract meaningful data that most people assume is private. The project runs on Linux distributions popular with security professionals, as well as macOS and the Termux environment on Android. Instructions are included for running the server behind a tunnel service that makes it reachable from the public internet during testing.