GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Acceis → Leakscraper

Acceis / Leakscraper

Licence: gpl-3.0
LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.

Programming Languages

python
139335 projects - #7 most used programming language
python3
1442 projects

Labels

pentestingosintredteamcredentialsleak

Projects that are alternatives of or similar to Leakscraper

Osint tips
OSINT
Stars: ✭ 322 (+41.85%)
Mutual labels:  osint, pentesting, redteam
Cr3dov3r
Know the dangers of credential reuse attacks.
Stars: ✭ 1,700 (+648.9%)
Mutual labels:  pentesting, credentials, leak
Information Security Tasks
This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Stars: ✭ 108 (-52.42%)
Mutual labels:  osint, pentesting, redteam
PwnedPasswordsChecker
Search (offline) if your password (NTLM or SHA1 format) has been leaked (HIBP passwords list v8)
Stars: ✭ 52 (-77.09%)
Mutual labels:  osint, leak, redteam
Mxtract
mXtract - Memory Extractor & Analyzer
Stars: ✭ 499 (+119.82%)
Mutual labels:  pentesting, redteam, credentials
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+3856.39%)
Mutual labels:  osint, pentesting, redteam
Passcat
Passwords Recovery Tool
Stars: ✭ 164 (-27.75%)
Mutual labels:  pentesting, redteam, credentials
Redteam Tactics And Techniques
Red Teaming Tactics and Techniques
Stars: ✭ 2,190 (+864.76%)
Mutual labels:  pentesting, redteam
H8mail
Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
Stars: ✭ 2,163 (+852.86%)
Mutual labels:  osint, leak
Reconness
ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (-42.29%)
Mutual labels:  pentesting, redteam
Autosint
Tool to automate common OSINT tasks
Stars: ✭ 150 (-33.92%)
Mutual labels:  osint, pentesting
Awesome Mobile Security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+709.25%)
Mutual labels:  pentesting, redteam
Asnip
ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Stars: ✭ 126 (-44.49%)
Mutual labels:  osint, pentesting
Gtfoblookup
Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)
Stars: ✭ 123 (-45.81%)
Mutual labels:  pentesting, redteam
Spaces Finder
A tool to hunt for publicly accessible DigitalOcean Spaces
Stars: ✭ 122 (-46.26%)
Mutual labels:  osint, pentesting
Nimscan
🚀 Fast Port Scanner 🚀
Stars: ✭ 134 (-40.97%)
Mutual labels:  pentesting, redteam
Invoke Apex
A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.
Stars: ✭ 162 (-28.63%)
Mutual labels:  pentesting, redteam
Burpsuite Xkeys
A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Stars: ✭ 144 (-36.56%)
Mutual labels:  osint, pentesting
Raccoon
A high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+918.5%)
Mutual labels:  osint, pentesting
Oscp Pentest Methodologies
备考 OSCP 的各种干货资料/渗透测试干货资料
Stars: ✭ 166 (-26.87%)
Mutual labels:  pentesting, redteam
View All Similar Projects ➔

leakScraper

mongodb version

Python 3.5|3.6 License

LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. These tools are designed to help pentesters/redteamers doing OSINT, credentials gathering and credentials stuffing attacks.

Installation

  • First things first : have a working mongodb server.
  • Then : 
     git clone -b mongodb https://github.com/Acceis/leakScraper
 cd leakScraper
 sudo ./install.sh
    It will install a few pip packages and debian packages (python-magic, python3-pymongo and bottle).

Requirements

Linux (debian), python 3.x and a mongodb server.

Usage

See the wiki for that

Screenshot

The different tools

LeakScraper is split into three parts :

  • leakStandardizer : A tool to standardize leaks you got from some legit place on the internet. It takes in input a file containing credentials following some weird format, containing non ascii characters or empty lines, lines containing invalid emails or no password. It will produce, with your help (using regular expression), an easily greppable file using the following format : email#️⃣plain ("plain" for "plain text password").
  • leakImporter : A tool to import a standardized leak file into a mongodb database. It will take care of extracting data from the file, putting it into a mysql comprehensive format, creating/managing indexes ...
  • leakScraper : A tool and an interface to excavate data from the database and display it nicely.

Postulates

  • The covered usecase is the following : searching credentials belonging to a specific organization/company/structure. This is done by searching credentials associated to an email belonging to the organization in question. Eg: Searching credentials belonging to microsoft is done by searching credentials associated to accounts registered with an email ending with "@microsoft.com". It is the only usecase covered and it means a lot in terms of technical choices (database indexes and data representation in general).

  • Leaks can weight several gigabytes. It means that each process (standardizing, imports and researches) are using in-place algorithms in terms of memory. You can know beforehand how much memory theses tools will use to process a specific file, and it will never exhaust your computer's resources (unless you have a very old one).

  • Processing huge files and working with a lot of data takes time. It's important imo to have visual/real-time feedback to know how much time processing/importing a file will take. It's important to know if you just started a 7 hours long process or a 1,200 years long one.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].