Skip to content

johnlockejrr/Cr3dOv3r

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

Core

Core

 
 

Data

Data

 
 

Cr3d0v3r.py

Cr3d0v3r.py

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

requirements.txt

requirements.txt

 
 

win_requirements.txt

win_requirements.txt

 
 

Repository files navigation

Cr3dOv3r Python 3.5 Python 2.7 Build Status

Your best friend in credential reuse attacks.

Cr3dOv3r simply you give it an email then it does two simple jobs (but useful) :

  • Search for public leaks for the email and if there's any, it returns with all available details about the leak (Using hacked-emails site API and now haveibeenpwned API too).
  • Now you give it this email's old or leaked password then it checks this credentials against 13 websites of well-known websites (ex: facebook, twitter, google...) then it tells you if login successful in any website!

Some of the scenarios Cr3dOv3r can be used in it

  • Searching for a targeted-email for leaks and then use the leaked password to check it against the websites.
  • Testing an email and an old password you found on the websites.
  • You got a target email and password and want to check if he uses the same password on other websites.

Screenshots (Not updated)

screenshot screenshot screenshot

Usage

usage: Cr3d0v3r.py [-h] email

positional arguments:
  email       Email/username to check

optional arguments:
  -h, --help  show this help message and exit
  -p          Use it if you only wants to check a password
  -api2       Use haveibeenpwned API too
  -q          Quit mode (no banner)

Installing and requirements

To make the tool work at its best you must have :

  • Python 3.x or 2.x (preferred 3).
  • Linux or Windows system.
  • Worked on some machines with MacOS and python3 (Thanks for @MansoorMajeed and needs to others to confirm that)
  • The requirements mentioned in the next few lines.

Installing

+For windows : (After downloading ZIP and upzip it)

cd Cr3dOv3r-master
python -m pip install -r win_requirements.txt
python Cr3dOv3r.py -h

+For Linux :

git clone https://github.com/D4Vinci/Cr3dOv3r.git
chmod 777 -R Cr3dOv3r
cd Cr3dOv3r
pip3 install -r requirements.txt
python3 Cr3dOv3r.py -h

+For docker :

git clone https://github.com/D4Vinci/Cr3dOv3r.git
cd Cr3dOv3r
docker build -t cr3d0v3r .
docker run -it cr3d0v3r "example@gmail.com"

If you want to add a website to the tool, follow the instructions in the wiki

Contact

Donation

If you liked my work and want to support me, you can give me a cup of coffee :)

bitcoin address: 1f4KfYikfqHQzEAsAGxjq46GdrBKc8jrG

Disclaimer

Cr3dOv3r is created to show how could credential reuse attacks get dangerous and it's not responsible for misuse or illegal purposes. Use it only for Pentest or educational purpose !!!

Copying a code from this tool or using it in another tool is accepted as you mention where you get it from 😄

Pull requests are always welcomed :D

UPDATE (johnlockejrr)

Added cfscrape method to bypass Cloudflare on hacked-emails.com on Core/ispwned.py

About

Fetched from https://github.com/D4Vinci/Cr3dOv3r

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages