Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

MrTuxx / Socialpwned

Licence: gpl-3.0

SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks such as Instagram, Linkedin and Twitter to find possible credentials leaks in PwnDB.

Programming Languages

python

139335 projects - #7 most used programming language

Labels

hacking osint instagram-api haveibeenpwned social-engineering

Projects that are alternatives of or similar to Socialpwned

Trape

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

Stars: ✭ 6,753 (+6393.27%)

Mutual labels: osint, hacking, social-engineering

H8mail

Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

Stars: ✭ 2,163 (+1979.81%)

Mutual labels: osint, hacking, haveibeenpwned

Osintgram

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

Stars: ✭ 312 (+200%)

Mutual labels: instagram-api, osint, hacking

Penetration Testing Tools

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

Stars: ✭ 614 (+490.38%)

Mutual labels: hacking, social-engineering

Linkedin2username

OSINT Tool: Generate username lists for companies on LinkedIn

Stars: ✭ 504 (+384.62%)

Mutual labels: osint, hacking

Osrframework

OSRFramework, the Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches.

Stars: ✭ 534 (+413.46%)

Mutual labels: osint, hacking

Vault

swiss army knife for hackers

Stars: ✭ 346 (+232.69%)

Mutual labels: osint, hacking

Torbot

Dark Web OSINT Tool

Stars: ✭ 821 (+689.42%)

Mutual labels: osint, hacking

Reconspider

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

Stars: ✭ 621 (+497.12%)

Mutual labels: osint, hacking

Pwnedornot

OSINT Tool for Finding Passwords of Compromised Email Addresses

Stars: ✭ 888 (+753.85%)

Mutual labels: osint, haveibeenpwned

Awesome Social Engineering

A curated list of awesome social engineering resources.

Stars: ✭ 1,110 (+967.31%)

Mutual labels: osint, social-engineering

Goohak

Automatically Launch Google Hacking Queries Against A Target Domain

Stars: ✭ 432 (+315.38%)

Mutual labels: osint, hacking

Hosthunter

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Stars: ✭ 427 (+310.58%)

Mutual labels: osint, hacking

Favfreak

Making Favicon.ico based Recon Great again !

Stars: ✭ 564 (+442.31%)

Mutual labels: osint, hacking

Email2phonenumber

A OSINT tool to obtain a target's phone number just by having his email address

Stars: ✭ 379 (+264.42%)

Mutual labels: osint, hacking

Pentesting Bible

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Stars: ✭ 8,981 (+8535.58%)

Mutual labels: osint, hacking

Dr0p1t Framework

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

Stars: ✭ 1,132 (+988.46%)

Mutual labels: hacking, social-engineering

Geo Recon

An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.

Stars: ✭ 82 (-21.15%)

Mutual labels: osint, hacking

Vajra

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Stars: ✭ 269 (+158.65%)

Mutual labels: osint, hacking

Osint tips

OSINT

Stars: ✭ 322 (+209.62%)

Mutual labels: osint, hacking

View All Similar Projects ➔

SocialPwned

Spanish🗨

SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks like Instagram, Linkedin and Twitter to find the possible credential leaks in PwnDB.

The purpose of this tool is to facilitate the search for vulnerable targets during the phase of Footprinting in an Ethical Hacking. It is common for employees of a company to publish their emails in social networks, either professional or personal, so if these emails have their credentials leaked, it is possible that the passwords found have been reused in the environment to be audited. If it’s not the case, at least you would have an idea of the patterns that follow this target to create the passwords and be able to perform other attacks with a higher level of effectiveness.

SocialPwned uses different modules:

Instragram: Making use of the unofficial Instagram API from @LevPasha, different methods were developed to obtain the emails published by users. An Instagram account is required.
Linkedin: Using @tomquirk's unofficial Linkedin API, different methods were developed to obtain a company's employees and their contact information (email, twitter or phone). In addition, it is possible to add the employees found to your contacts, so that you can later have access to their network of contacts and information. A Linkedin account is required.
Twint: Using Twint from @twintproject you can track all the Tweets published by a user looking for some email. A Twitter account is not necessary.
PwnDB: Inspired by the tool PwnDB created by @davidtavarez a module has been developed that searches for all credential leaks from the emails found. In addition, for each email a POST request is made to HaveIBeenPwned to find out the source of the leak.

Installation 🛠

The installation of Tor depends on your system. On a Debian:

$ sudo apt-get install tor
$ /etc/init.d/tor start

NOTE: tor service must be up and running to be connected to port 9050

Clone the repository using Git:

$ git clone https://github.com/MrTuxx/SocialPwned.git
$ cd SocialPwned
$ pip3 install -r requirements.txt

Usage

To make use of the Instagram and Linkedin features you need to have an account created on each of the social networks. The credentials must be indicated in a JSON file:

{
    "instagram":{
        "username":"username",
        "password":"password"
    },
    "linkedin":{
        "email":"email",
        "password":"password"
    }
}

usage: socialpwned.py [-h] --credentials CREDENTIALS [--pwndb] [--output FILE] [--tor-proxy PROXY] [--instagram] [--info QUERY]
                      [--location LOCATION_ID] [--hashtag-ig QUERY] [--target-ig USER_ID] [--search-users-ig QUERY] [--my-followers]
                      [--my-followings] [--followers-ig] [--followings-ig] [--linkedin] [--company COMPANY_ID] [--search-companies QUERY]
                      [--employees] [--my-contacts] [--user-contacts USER_ID] [--search-users-in QUERY] [--target-in USERNAME] [--add-contacts]
                      [--add-a-contact USER_ID] [--twitter] [--limit LIMIT] [--year YEAR] [--since DATE] [--until DATE] [--profile-full]
                      [--all-tw] [--target-tw USERNAME] [--hashtag-tw USERNAME] [--followers-tw] [--followings-tw]

Basic Examples and Combos 🚀

Here are some examples:

Instagram

python3 socialpwned.py --credentials credentials.json --instagram --info España

python3 socialpwned.py --credentials credentials.json --instagram --location 832578276

python3 socialpwned.py --credentials credentials.json --instagram --hashtag-ig someHashtag --pwndb

python3 socialpwned.py --credentials credentials.json --instagram --target-ig username --pwndb

python3 socialpwned.py --credentials credentials.json --instagram --target-ig username --followers-ig --followings-ig --pwndb

python3 socialpwned.py --credentials credentials.json --linkedin --search-companies "My Target"

python3 socialpwned.py --credentials credentials.json --linkedin --search-companies "My Target" --employees --pwndb

python3 socialpwned.py --credentials credentials.json --linkedin --company 123456789 --employees --pwndb

python3 socialpwned.py --credentials credentials.json --linkedin --company 123456789 --employees --add-contacts

python3 socialpwned.py --credentials credentials.json --linkedin --user-contacts user-id --pwndb

python3 socialpwned.py --credentials credentials.json --linkedin --user-contacts user-id --add-contacts

Twitter

python3 socialpwned.py --credentials credentials.json --twitter --hashtag-tw someHashtag --pwndb --limit 200

python3 socialpwned.py --credentials credentials.json --twitter --target-tw username --all-tw --pwndb

python3 socialpwned.py --credentials credentials.json --twitter --target-tw username --all-tw --followers-tw --followings-tw --pwndb

Combos

python3 socialpwned.py --credentials credentials.json --instagram --target-ig username --followers-ig --followings-ig --linkedin --company 123456789 --employees --twitter --target-tw username --all-tw --pwndb --output results.txt

python3 socialpwned.py --credentials credentials.json --instagram --target-ig username --linkedin --target-in username --twitter --target-tw username --all-tw --pwndb

References

Instagram API. Author: LevPasha
Linkedin API. Author: tomquirk
Twint. Author: twintproject
PwnDB. Author: davidtavarez

Disclaimer

The usage of SocialPwned to attack targets without prior mutual consent is illegal. In addition, it makes use of different modules that violate Linkedin and Instagram rules, therefore, you will be banned temporarily or permanently.

It is the responsibility of the end user to use SocialPwned. The developers are not responsible and are not liable for any misuse or damage caused.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 104

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗