Your best friend in credential reuse attacks.
You give Cr3dOv3r Massive a list of emails then it does two simple useful jobs with it:
- Search for public leaks for the emails and returns the result with the most useful details about the leak (Using haveibeenpwned API).
- Tries to get the plain text passwords from leaks it find (Using @GhostProjectME).
- Check if the targeted emails are in any leaks and then use the leaked password to check it against the websites.
- Check if the target credentials you found is reused on other websites/services.
- Checking if the old passwords you got from the targets/leaks is still used in any website.
Put your list of emails in email.json file (in the correct form, e.g. ["[email protected]", "[email protected]"] )
Otherwise you can run:
....................................
python getlistemail.py # (python 2)
....................................
and follow the steps.
next type:
....................................
python Cr3d0v3r.py
....................................
To run the script.
- Python 2.x
- Linux or Windows system.
- Worked on some machines with MacOS and python2.
- The requirements mentioned in the next few lines.
+For windows : (After downloading ZIP and upzip it)
cd Cr3dOv3r-master
python -m pip install -r win_requirements.txt
python Cr3d0v3r.py
+For Linux :
git clone https://github.com/D4Vinci/Cr3dOv3r.git
cd Cr3dOv3r
python -m pip install -r requirements.txt
python Cr3d0v3r.py
+For docker :
git clone https://github.com/D4Vinci/Cr3dOv3r.git
docker build -t cr3dov3r Cr3dOv3r/
docker run -it cr3dov3r
If you want to add a website to the tool, follow the instructions in the wiki
D4Vinci- Twitter
HeroS3c- Telegram
Cr3dOv3r is created to show how could credential reuse attacks get dangerous and it's not responsible for misuse or illegal purposes. Use it only for Pen-test or educational purpose !!!
Copying a code from this tool or using it in another tool is accepted as you mention where you get it from ๐
Pull requests are always welcomed :D