Cr3dOv3r - Know the dangers of credential reuse attacks

screenshot
Your best friend in credential reuse attacks.
Cr3dOv3r simply you give it an email then it does two simple jobs (but useful) :
  • Search for public leaks for the email and if it any, it returns with all available details about the leak (Using hacked-emails site API).
  • Now you give it this email's old or leaked password then it checks this credentials against 16 websites (ex: facebook, twitter, google...) then it tells you if login successful in any website!

Imagine with me this scenario

  • You checking a targeted email with this tool.
  • The tool finds it in a leak so you open the leakage link.
  • You get the leaked password after searching the leak.
  • Now you back to the tool and enters this password to check if there's any website the user uses the same password in it.
  • You imagine the rest 

 screenshot

Usage

usage: Cr3d0v3r.py [-h] email

positional arguments:
  email       Email/username to check

optional arguments:
  -h, --help  show this help message and exit

Installing and requirements

To make the tool work at its best you must have :

  • Python 3.x or 2.x (Prefered 3).
  • Linux or windows system (Not tested on OSX yet) .
  • The requirements mentioned in the next few lines.

Installing

+For windows : (After downloading ZIP and upzip it)
cd Cr3dOv3r-master
python -m pip3 install -r win_requirements.txt
python Cr3dOv3r.py -h
+For linux :
git clone https://github.com/D4Vinci/Cr3dOv3r.git
chmod 777 -R Cr3dOv3r
cd Cr3dOv3r
pip3 install -r requirements.txt
python3 Cr3dOv3r.py -h

No comments

Note: Only a member of this blog may post a comment.

Powered by Blogger.