A command line tool to detect shared passwords
Scala Python Ruby

README.md

shard

A command line tool to detect shared passwords

Usage

List options:

Shard (1.5) can run in 3 modes:

1) Single user single password          - Use -u and -p
2) Single user multiple passwords       - Use -u and -f
3) Multiple users and multple passwords - Use -f only

For more detailed usage examples see the wiki.

Usage: java -jar shard-1.5.jar [options]

  -u, --username <value>  Username to test
  -p, --password <value>  Password to test
  -f, --file <value>      A path to a file containing a set of credentials or passwords
  --format <value>        The format of the credentials. Must be a regular expression with 2 capture groups. The first capture group for the username and the second capture group for the password. Defaults to a regex that will match:
        "username":"password"
  -l, --list              List available modules
  -v, --version           Print the version
  --modules <value>       Only run specific modules. A comma separated list
  --help                  Prints this usage text

List available modules:

$ java -jar shard.jar -l
Available modules:
        Facebook
        LinkedIn
        Reddit
        Twitter
        Instagram
        GitHub
        BitBucket
        Kijiji
        DigitalOcean
        Vimeo
        Laposte
        DailyMotion

Examples

Given a username and password shard will attempt to authenticate with multiple sites:

$ java -jar shard.jar -u username-here -p password-here
21:16:25.950 [+] Running in single credential mode
21:16:30.302 [+] username-here:password-here - Reddit, Instagram

To test multiple credentials supply a filename. By default this expects one credential per line in the format "username":"password". Custom formats can be supplied with the --format option

$ java -jar shard.jar -f /tmp/creds.txt
21:16:39.501 [+] Running in multi-credential mode
21:16:39.516 [+] Parsed 2 credentials
21:16:42.794 [+] username1:password1 - Reddit, Instagram
21:16:45.189 [+] username2:password2 - Facebook, LinkedIn, Twitter

Installation

Grab the latest release from the release tab, which was built as a fat jar using sbt assembly.

or

Build it yourself using sbt, sbt assembly

Developing a new module

Adding a new module is easy. Create a new class that inherits from AbstractModule in the module package and add the module to the ModuleFactory.

The AbstractModule has one abstract method:

  def tryLogin(creds: Credentials): Boolean

This method takes a Credentials object and returns a boolean indicating a successful login. I recommend using the TwitterModule as an template. For an indepth explanation of adding a new module see the example on the wiki

Dependencies:

  • JSoup is used for HTTP communication and HTML parsing
  • spray-json is used for handling json

If Scala is not your thing check out the secondary_implementations, these are rewrites of shard in other languages. If you add a module to one of these implementations I will rewrite in Scala and add it to the main project as well.

Bugs, Requests, and Feedback

Contact me, join the Gitter room, or use this GitHub project

Enjoy this project? Consider donating 1EpSQumsD2EFKnisJXjStsUVsXpF4ge8dj