GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → D4Vinci → Cr3dov3r

D4Vinci / Cr3dov3r

Licence: mit
Know the dangers of credential reuse attacks.

Programming Languages

python
139335 projects - #7 most used programming language
Dockerfile
14818 projects

Labels

hackingpentestinghacking-toolcredentialsleakhaveibeenpwnedstealthleakshaveibeenpwndhacked-emailscredential-reuse-attacks

Projects that are alternatives of or similar to Cr3dov3r

Scilla
🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration
Stars: ✭ 116 (-93.18%)
Mutual labels:  hacking, pentesting, hacking-tool
Evillimiter
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Stars: ✭ 764 (-55.06%)
Mutual labels:  hacking, pentesting, hacking-tool
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+326.24%)
Mutual labels:  hacking, pentesting, hacking-tool
Thc Archive
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (-72.12%)
Mutual labels:  hacking, pentesting, hacking-tool
H8mail
Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
Stars: ✭ 2,163 (+27.24%)
Mutual labels:  hacking, leak, haveibeenpwned
Powershell Rat
Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
Stars: ✭ 636 (-62.59%)
Mutual labels:  hacking, pentesting, hacking-tool
Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (-57.35%)
Mutual labels:  hacking, pentesting, hacking-tool
Cameradar
Cameradar hacks its way into RTSP videosurveillance cameras
Stars: ✭ 2,775 (+63.24%)
Mutual labels:  hacking, pentesting, hacking-tool
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+428.29%)
Mutual labels:  hacking, pentesting, hacking-tool
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 870 (-48.82%)
Mutual labels:  hacking, pentesting, hacking-tool
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (-74.88%)
Mutual labels:  hacking, pentesting, hacking-tool
Web Brutator
Fast Modular Web Interfaces Bruteforcer
Stars: ✭ 97 (-94.29%)
Mutual labels:  hacking, pentesting, hacking-tool
Vault
swiss army knife for hackers
Stars: ✭ 346 (-79.65%)
Mutual labels:  hacking, pentesting, hacking-tool
Sippts
Set of tools to audit SIP based VoIP Systems
Stars: ✭ 116 (-93.18%)
Mutual labels:  hacking, pentesting, hacking-tool
Cheatsheet God
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Stars: ✭ 3,521 (+107.12%)
Mutual labels:  hacking, pentesting, hacking-tool
Lockdoor Framework
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (-60.18%)
Mutual labels:  hacking, pentesting, hacking-tool
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-89.29%)
Mutual labels:  hacking, pentesting, hacking-tool
Webmap
A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing
Stars: ✭ 188 (-88.94%)
Mutual labels:  hacking, pentesting, hacking-tool
Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (-54.41%)
Mutual labels:  hacking, pentesting, hacking-tool
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (-33.18%)
Mutual labels:  hacking, pentesting, hacking-tool
View All Similar Projects ➔

Cr3dOv3r Python 3.5 Python 2.7 Build Status

Your best friend in credential reuse attacks.

You give Cr3dOv3r an email then it does two simple useful jobs with it:

  • Search for public leaks for the email and returns the result with the most useful details about the leak (Using haveibeenpwned API) and tries to get the plain text passwords from leaks it find (Using @GhostProjectME).
  • Now you give it a password or a leaked password then it tries this credentials against some well-known websites (ex: Facebook, Twitter, Google...), tells if the login successful and if there's captcha some where blocking our way!

Some of the scenarios Cr3dOv3r can be used in it

  • Check if the targeted email is in any leaks and then use the leaked password to check it against the websites.
  • Check if the target credentials you found is reused on other websites/services.
  • Checking if the old password you got from the target/leaks is still used in any website.

Screenshots

screenshot screenshot screenshot

Usage

usage: Cr3d0v3r.py [-h] [-p] [-np] [-q] email

positional arguments:
  email       Email/username to check

optional arguments:
  -h, --help  show this help message and exit
  -p          Don't check for leaks or plain text passwords.
  -np         Don't check for plain text passwords.
  -q          Quiet mode (no banner).

Installing and requirements

To make the tool work at its best you must have :

  • Python 3.x or 2.x (preferred 3).
  • Linux or Windows system.
  • Worked on some machines with MacOS and python3.
  • The requirements mentioned in the next few lines.

Installing

+For windows : (After downloading ZIP and upzip it)

cd Cr3dOv3r-master
python -m pip install -r win_requirements.txt
python Cr3d0v3r.py -h

+For Linux :

git clone https://github.com/D4Vinci/Cr3dOv3r.git
cd Cr3dOv3r
python3 -m pip install -r requirements.txt
python3 Cr3d0v3r.py -h

+For docker :

git clone https://github.com/D4Vinci/Cr3dOv3r.git
docker build -t cr3dov3r Cr3dOv3r/
docker run -it cr3dov3r "[email protected]"

If you want to add a website to the tool, follow the instructions in the wiki

Contact

Donation

If this tool has been useful for you, feel free to thank me by buying me a coffee :)

Coffee

Disclaimer

Cr3dOv3r is created to show how could credential reuse attacks get dangerous and it's not responsible for misuse or illegal purposes. Use it only for Pen-test or educational purpose !!!

Copying a code from this tool or using it in another tool is accepted as you mention where you get it from 😄

Pull requests are always welcomed :D

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].