Cr3d0v3r Credential Reuse Attack Tool

Hacking Truth
0

Cr3d0v3r Credential Reuse Attack Tool


Cr3d0v3r Credential Reuse Attack Tool 

So today we will know about the open source tool that helps in finding credentials reuse attack for any specific email address. This tool is scripted in python as you can tell -_- you can help us by subscribing to our youtube channel :. Kumar Atul Jaiswal .: before using the too.



You give Cr3dOv3r an email then it does two simple useful jobs with it:
- Search for public leaks for the email and returns the result with the most useful details about the leak (Using haveibeenpwned API) and tries to get the plain text passwords from leaks it find. Cr3d0v3r Credential Reuse Attack Tool

Now you give it a password or a leaked password then it tries this credentials against some well-known websites (ex: Facebook, Twitter, Google...), tells if the login successful and if there's captcha some where blocking our way!





How to install and use ?

Cr3dOv3r is compatible with Windows, Linux, and MacOS. The tool requires Python3 to operate. Cr3dOv3r can be installed by cloning the package from github repository using the following command.


git clone https://github.com/D4Vinci/Cr3dOv3r.git


Cr3d0v3r Credential Reuse Attack Tool


Cr3dOv3r required packages can be installed using the following command. If you are running a Python version 3 and other than 2.7, replace the version according to your installed Python package in the following command.


python3 -m pip install -r requirements.txt  or win_requirements.txt



Cr3d0v3r Credential Reuse Attack Tool


Let's Run

Cr3dOv3r can be set into action using the following command but before lets see a help command :

 

python3 Cr3dOv3r.py -h


Cr3d0v3r Credential Reuse Attack Tool





The above command starts the tool and displays the available options that can be set as arguments in the commands.


Let’s find out if our targeted email address is misused or the associated password has appeared in any leaks.


Python3 Cr3d0v3r.py –p <target email address >


Python3 Cr3d0v3r.py –p <atulth10000000@gmail.com >


Cr3d0v3r Credential Reuse Attack Tool



If there is no leak found publically, the tool asks for credentials (passwords) to perform a login attempt (registration check) for different well-known websites, this could be particularly useful for Red team engagements where credentials have been found elsewhere. If credentials are used somewhere else, they are displayed in the results as shown in the following screenshot.



Cr3d0v3r Credential Reuse Attack Tool


Cr3dOv3r is helpful in discovering the misuse of email addresses or leakage of the credentials. The tool not only finds the web applications where the targeted email address is used, but also looks for the plaintext passwords and whether they can be utilized within other accounts.




I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

Disclaimer

This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



- Hacking Truth by Kumar Atul Jaiswal


Video Tutorial :- 

 


      

Post a Comment

0 Comments
* Please Don't Spam Here. All the Comments are Reviewed by Admin.
Post a Comment (0)
Our website uses cookies to enhance your experience. Learn More
Accept !