Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False positives #12

Closed
Ekultek opened this issue Nov 14, 2017 · 9 comments
Closed

False positives #12

Ekultek opened this issue Nov 14, 2017 · 9 comments
Labels
bug good first issue

Comments

@Ekultek
Copy link

Ekultek commented Nov 14, 2017

Deliberately using the wrong password and getting a false positive with it:

[+] Testing websites with one form (14)!
 -[   Vimeo   ] Login successful !  #<- No
 -[  Ask.fm   ] Login unsuccessful!
 -  Dropbox  form data is invalid! please report to us!
 -[  Github   ] Login successful ! #< Yes
 -[  Reddit   ] Login unsuccessful!
 -[  StackOF  ] Login unsuccessful!
 -[  Twitter  ] Login successful ! #<- No
 -[ Bitbucket ] Login successful !
 -[ Ebay.com  ] Login unsuccessful!
 -[ Facebook  ] Login unsuccessful!
 -[ FourSquare ] Login unsuccessful!
 -[ Linkedin  ] Login unsuccessful!
 -[ Mediafire ] Login successful ! #<- No
 -[ Wikipedia ] Login unsuccessful!

[+] Testing websites with two forms (2)!
 -[ Google ] Login unsuccessful!
 -[ Yahoo  ] Email not registered!
@Ekultek
Copy link
Author

Ekultek commented Nov 14, 2017

Second attempt:

[+] Testing websites with one form (14)!
 -[   Vimeo   ] Login successful !
 -[  Ask.fm   ] Login unsuccessful!
 -  Dropbox  form data is invalid! please report to us!
 -[  Github   ] Login unsuccessful!
 -[  Reddit   ] Login unsuccessful!
 -[  StackOF  ] Login unsuccessful!
 -[  Twitter  ] Login unsuccessful!
 -[ Bitbucket ] Login successful !
 -[ Ebay.com  ] Login unsuccessful!
 -[ Facebook  ] Login unsuccessful!
 -[ FourSquare ] Login unsuccessful!
 -[ Linkedin  ] Login unsuccessful!
 -[ Mediafire ] Login successful !
 -[ Wikipedia ] Login unsuccessful!

[+] Testing websites with two forms (2)!
 -[ Google ] Login unsuccessful!
 -[ Yahoo  ] Email not registered!

@trap1001
Copy link

Same problem

@D4Vinci
Copy link
Owner

D4Vinci commented Nov 14, 2017

Ok I will fix it ASAP

@trap1001
Copy link

@D4Vinci thanks

@sdcampbell
Copy link

In addition to the false positive that I came here to report, if you don't enter any password (because no breach results were found) then it not only reports a false positive for login to Vimeo but it also returns this error:

[+] Testing websites with one form (14)!
-[ Vimeo ] Login successful !
-[ Ask.fm ] Login unsuccessful!
Traceback (most recent call last):
File "./Cr3d0v3r.py", line 123, in
main()
File "./Cr3d0v3r.py", line 115, in main
print( login( wd ,dic ,email ,pwd ) )
File "./Cr3d0v3r.py", line 53, in login
browser.select_form(form)
File "/usr/local/lib/python3.6/dist-packages/mechanicalsoup/stateful_browser.py", line 170, in select_form
found_forms = self.__current_page.select(selector, limit=nr + 1)
AttributeError: 'NoneType' object has no attribute 'select'

Let me know if I should report this as a separate issue. The application should be able to fail gracefully if no password is entered.

@D4Vinci
Copy link
Owner

D4Vinci commented Nov 15, 2017

updated to version 0.1.1 released yesterday and it won't crash

@0xIslamTaha
Copy link

I used a random password and here are the results!

[+] Checking email in public leaks...

Results found : 1
---------------------------------------
      Name of leak => Dropbox
      Date of leakage => 2012-07-14T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-dropbox68m2012txt

Please enter the password=> 

[+] Testing websites with one form (14)!
 -[   Vimeo   ] Login successful !
 -[  Ask.fm   ] Login unsuccessful!
 -[  Dropbox  ] Login successful !
 -[  Github   ] Login unsuccessful!
 -[  Reddit   ] Login unsuccessful!
 -[  StackOF  ] Login unsuccessful!
 -[  Twitter  ] Login unsuccessful!
 -[ Bitbucket ] Login successful !
 -[ Ebay.com  ] Login unsuccessful!
 -[ Facebook  ] Login unsuccessful!
 -[ FourSquare ] Login unsuccessful!
 -[ Linkedin  ] Login unsuccessful!
 -[ Mediafire ] Login successful !
 -[ Wikipedia ] Login unsuccessful!

[+] Testing websites with two forms (2)!
 -[ Google ] Login unsuccessful!
Traceback (most recent call last):
  File "Cr3d0v3r.py", line 123, in <module>
    main()
  File "Cr3d0v3r.py", line 120, in main
    print( custom_login( wd ,dic ,email ,pwd ) )
  File "Cr3d0v3r.py", line 69, in custom_login
    browser.select_form(form2)
  File "/usr/local/lib/python3.5/dist-packages/mechanicalsoup/stateful_browser.py", line 170, in select_form
    found_forms = self.__current_page.select(selector, limit=nr + 1)
  File "/usr/lib/python3/dist-packages/bs4/element.py", line 1426, in select
    'Unsupported or invalid CSS selector: "%s"' % token)
ValueError: Unsupported or invalid CSS selector: "form[class="pure-form"

@dmcxbluecoder
Copy link

Yeah its just false positives I usually get them more at Mediafire, Linkedin BItbucket and Vimeo
but everything else is fine I dont get those errors that are commented in here I was trying to add new websites but can seem to add them correctly

@D4Vinci
Copy link
Owner

D4Vinci commented Nov 17, 2017

Released Version 0.2 check it out and please reopen the issue if the problem continues 😄

@D4Vinci D4Vinci closed this as completed Nov 17, 2017
@Ekultek Ekultek mentioned this issue Nov 21, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug good first issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@sdcampbell @Ekultek @0xIslamTaha @dmcxbluecoder @D4Vinci @trap1001