What is it?
Facepalm is a facebook stalking tool that can be used to create a graph out of a facebook friend list. It will display clusters of friends that might aid gathering further information on a facebook user.
It is written in Java.
There are two views in the latest version. You can see additional information on the target on both views. One view is called "Partitioning" and one is called "Overview". In the Partitioning view you can see possible groups of friends, separetd with different colors. This aids to find information on how many different circle of friends the target might have. In the overview page you can see the friends of the target in the same configuration as in the Partitioning view, but colors now represent the gender.
Remember: Your friends tell me all I need to know about you!
How does it work?
Basically it crawls a target's facebook friend list and then each friend's friend list again. It then writes the result into an in memory SQLite database which is used by the gephi toolkit library to produce a xml formated gexf file. The gexf file is then displayed as a graph either by using gephi or the gexf flash explorer.
It works on the new timeline feature as well without modification.
fbpwn - A cross-platform Java based Facebook social engineering framework, sends friend requests to a list of Facebook profiles, and polls for the acceptance notification. Once the victim accepts the invitation, it dumps all their information,photos and friend list to a local folder. Extensible module interfaces and built-in modules for advanced social engineering tricks.
socgraph is a facebook app that seems to do similar things.
The code is GPLv3!
There is a jar for the lazy users: https://github.com/yorn42/facepalm/blob/master/facepalm-v0.5.jar
Usage: java -jar facepalm-v0.5.jar FBID CONFIG
- Performance, it takes about 1 minute for 150 friends, depending on your ISP.
- The graph gets very big when having more than 500 friends in the list.
- The GexfExplorer stopped working on Linux with Firefox and Chrome, Win32 seems fine.
- Improve performance, check if fbpwn has better approaches.
- Improve usability, e.g. login to get rid of the cookie data crap.
- Java sucks on having crazy charsets like arabic, etc.
- Remove dead code.