Your best friend in credential reuse attacks.

You give Cr3dOv3r Massive a list of emails then it does two simple useful jobs with it:

• Search for public leaks for the emails and returns the result with the most useful details about the leak (Using haveibeenpwned API).
• Tries to get the plain text passwords from leaks it find (Using @GhostProjectME).

• Check if the targeted emails are in any leaks and then use the leaked password to check it against the websites.
• Check if the target credentials you found is reused on other websites/services.
• Checking if the old passwords you got from the targets/leaks is still used in any website.

Put your list of emails in email.json file (in the correct form, e.g. ["[email protected]", "[email protected]"] )
Otherwise you can run:
....................................
python getlistemail.py # (python 2)
....................................

and follow the steps.

next type:
....................................
python Cr3d0v3r.py
....................................
 
To run the script.

• Python 2.x
• Linux or Windows system.
• Worked on some machines with MacOS and python2.
• The requirements mentioned in the next few lines.

+For windows : (After downloading ZIP and upzip it)

cd Cr3dOv3r-master
python -m pip install -r win_requirements.txt
python Cr3d0v3r.py 

+For Linux :

git clone https://github.com/D4Vinci/Cr3dOv3r.git
cd Cr3dOv3r
python -m pip install -r requirements.txt
python Cr3d0v3r.py 

+For docker :

git clone https://github.com/D4Vinci/Cr3dOv3r.git
docker build -t cr3dov3r Cr3dOv3r/
docker run -it cr3dov3r 

If you want to add a website to the tool, follow the instructions in the wiki

D4Vinci- Twitter

HeroS3c- Telegram

Cr3dOv3r is created to show how could credential reuse attacks get dangerous and it's not responsible for misuse or illegal purposes. Use it only for Pen-test or educational purpose !!!

Copying a code from this tool or using it in another tool is accepted as you mention where you get it from 😄

Pull requests are always welcomed :D