Cr3d0v3r - credential reuse attack tool

Overview

Cr3dOv3r  is  credential resuse attack tool. Your best friend in credential reuse attacks.

You give Cr3dOv3r an email then it does two simple useful jobs with it:

  • Search for public leaks for the email and returns the result with the most useful details about the leak (Using haveibeenpwned API) and tries to get the plain text passwords from leaks it find (Using @GhostProjectME).
  • Now you give it a password or a leaked password then it tries this credentials against some well-known websites (ex: Facebook, Twitter, Google...), tells if the login successful and if there's captcha some where blocking our way!

Some of the scenarios Cr3dOv3r can be used in it

  • Check if the targeted email is in any leaks and then use the leaked password to check it against the websites.
  • Check if the target credentials you found is reused on other websites/services.
  • Checking if the old password you got from the target/leaks is still used in any website.

 

How to get this tool

To use this tool, please use a method listed below.

In a Linux (Debian OS), run the following command(s).

git clone https://github.com/D4Vinci/Cr3dOv3r.git 

cd Cr3dOv3r

python3 -m pip install -r requirements.txt

 

Download directly from the following link:

 

How to execute

python3 Cr3d0v3r.py -h

 

References:

 

-----

Next steps:

 

This article was contributed by Jason Jacobs from Guyana. Jason is a member of the Caribbean CSPA.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.