d4vinci / cr3dov3r Goto Github PK

View Code? Open in Web Editor NEW

2.0K 101.0 414.0 2 MB

Know the dangers of credential reuse attacks.

License: MIT License

Python 98.42% Dockerfile 1.58%

hacking hacking-tool pentesting credentials stealth leaks haveibeenpwned hacked-emails credential-reuse-attacks leak

cr3dov3r's Introduction

Cr3dOv3r

Your best friend in credential reuse attacks.

You give Cr3dOv3r an email then it does two simple useful jobs with it:

Search for public leaks for the email and returns the result with the most useful details about the leak (Using haveibeenpwned API) and tries to get the plain text passwords from leaks it find (Using @GhostProjectME).
Now you give it a password or a leaked password then it tries this credentials against some well-known websites (ex: Facebook, Twitter, Google...), tells if the login successful and if there's captcha some where blocking our way!

Some of the scenarios Cr3dOv3r can be used in it

Check if the targeted email is in any leaks and then use the leaked password to check it against the websites.
Check if the target credentials you found is reused on other websites/services.
Checking if the old password you got from the target/leaks is still used in any website.

Screenshots

Usage

usage: Cr3d0v3r.py [-h] [-p] [-np] [-q] email

positional arguments:
  email       Email/username to check

optional arguments:
  -h, --help  show this help message and exit
  -p          Don't check for leaks or plain text passwords.
  -np         Don't check for plain text passwords.
  -q          Quiet mode (no banner).

Installing and requirements

To make the tool work at its best you must have :

Python 3.x or 2.x (preferred 3).
Linux or Windows system.
Worked on some machines with MacOS and python3.
The requirements mentioned in the next few lines.

Installing

+For windows : (After downloading ZIP and upzip it)

cd Cr3dOv3r-master
python -m pip install -r win_requirements.txt
python Cr3d0v3r.py -h

+For Linux :

git clone https://github.com/D4Vinci/Cr3dOv3r.git
cd Cr3dOv3r
python3 -m pip install -r requirements.txt
python3 Cr3d0v3r.py -h

+For docker :

git clone https://github.com/D4Vinci/Cr3dOv3r.git
docker build -t cr3dov3r Cr3dOv3r/
docker run -it cr3dov3r "[email protected]"

If you want to add a website to the tool, follow the instructions in the wiki

Contact

Twitter

Donation

If this tool has been useful for you, feel free to thank me by buying me a coffee :)

Disclaimer

Cr3dOv3r is created to show how could credential reuse attacks get dangerous and it's not responsible for misuse or illegal purposes. Use it only for Pen-test or educational purpose !!!

Copying a code from this tool or using it in another tool is accepted as you mention where you get it from 😄

Pull requests are always welcomed :D

cr3dov3r's People

Contributors

Stargazers

Watchers

Forkers

yashodhank devclev puzanov lukevanin y0d4a hwahab ovidsec lollospring daviey shantanu561993 exploitcollection linuxdemo samyoyo zshell team-firebugs helmedeiros hanshaze vaginessa mohanad-mw3 g33kroid security-geeks magnologan voidp34r techlord-rce chubbymaggie dekuraan h3di mehrdad-shokri giranntu tobey123 av1080p lolici123 badexception coder1105 ksmaheshkumar nyukhalov 2sma3il1991juve r3dsm0k3 mgf15 jh00nbr willsmythe andyzhuang kcsec kerggy johnjohnsp1 lgg-awesome 0x43f irpr0 aljafark arduinoboy99 xeddmc msthtrxd jaikishantulswani datadrug djgrasss ggrecco khast3x xxnbyy m41doror ivancornejo-tech wandoelmo h4ck0ne liggle123 tuian sbambach mehran ops-sandy abdul0 clicknull rmusser01 maskedfox foksa23 gribel r3dfruitrollup coffnix izogain gogobook m00zh33 ayiezola kkirsche yarbojanks th3s3cr3tag3nt cocaman hackmycontrolsystem kumaranvpl mansoormajeed wuvs huvuqu 957204459 ccavxx selfevo upgoingstar luxame therockstardba aronjames ioanlongjing akpotter vansteki h1d3r oscommonjs

cr3dov3r's Issues

"haveibeenpwned" hangs in Python3

Hello! Seems like the haveibeenpwned code path have a bug, as following:

Traceback (most recent call last):
  File "Cr3d0v3r.py", line 139, in <module>
    main()
  File "Cr3d0v3r.py", line 110, in main
    to_print = ispwned.parse_data(email,1)
  File "/Users/totheiotragi/Tools/Cr3dOv3r/Core/ispwned.py", line 39, in parse_data
    Final_text   = "\n(GG)Results from haveibeenpwned website (W): (Y)"+str(len(data))
TypeError: object of type 'bool' has no len()

Seems like the data somehow gets a Bool value from check_haveibeenpwned():

def parse_data(email,parse_what=0):
    #Colors is (green - yellow - blue - red - white - magenta - cyan)
    if parse_what==0:
        data         = check_hackedEmails(email,"His shit :D")
        Final_text   = "\n(GG)Results from hacked-emails website (W): (Y)"+str(data["results"])
        data         = data["data"]
    else:
        data         = check_haveibeenpwned(email,"His shit :D")
        Final_text   = "\n(GG)Results from haveibeenpwned website (W): (Y)"+str(len(data))

Tool is awesome! But ..!

[+] Checking email in public leaks...
Traceback (most recent call last):
File "Cr3d0v3r.py", line 164, in
main()
File "Cr3d0v3r.py", line 138, in main
if ispwned.check(email):
File "/root/Downloads/Cr3dOv3r/ispwned.py", line 8, in check
res = req.json()
File "/usr/local/lib/python2.7/dist-packages/requests/models.py", line 892, in json
return complexjson.loads(self.text, **kwargs)
File "/usr/lib/python2.7/dist-packages/simplejson/init.py", line 518, in loads
return _default_decoder.decode(s)
File "/usr/lib/python2.7/dist-packages/simplejson/decoder.py", line 370, in decode
obj, end = self.raw_decode(s)
File "/usr/lib/python2.7/dist-packages/simplejson/decoder.py", line 400, in raw_decode
return self.scan_once(s, idx=_w(s, idx).end())
simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

Yahoo "Email not registered!" with valid email address

The tool doesn't recognize a valid Yahoo email address, returning "Email not registered!" even if I put the exact password of a personal account. I tried with two different valid Yahoo accounts and I got same results.

I'm using V0.4.1 on ParrotSec

ValueError: Expecting value: line 1 column 1 (char 0)

Tried to use this, but I am getting the following error with Python 3.4. on Linux (Gentoo).

[+] Checking email in public leaks...
Traceback (most recent call last):
  File "./Cr3d0v3r.py", line 119, in <module>
    main()
  File "./Cr3d0v3r.py", line 100, in main
    to_print = ispwned.parse_data(email)
  File "/home/zeno/.software/Cr3dOv3r/ispwned.py", line 18, in parse_data
    data         = check(email,"His shit :D")
  File "/home/zeno/.software/Cr3dOv3r/ispwned.py", line 7, in check
    res = json.loads(req.text)
  File "/usr/lib64/python3.4/json/__init__.py", line 318, in loads
    return _default_decoder.decode(s)
  File "/usr/lib64/python3.4/json/decoder.py", line 343, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib64/python3.4/json/decoder.py", line 361, in raw_decode
    raise ValueError(errmsg("Expecting value", s, err.value)) from None
ValueError: Expecting value: line 1 column 1 (char 0)

Linkedin gives a login successful everytime for emails not registered yet

I tried the tool and Linkedin everytime gives me a green record,
you can try any non associated email with a password like this 1236547890papa.

AttributeError: 'NoneType' object has no attribute 'select'

MacOS 10.12.6
Python 2.7.12

Traceback (most recent call last):
  File "Cr3d0v3r.py", line 119, in <module>
    main()
  File "Cr3d0v3r.py", line 111, in main
    print( login( wd ,dic ,email ,pwd ) )
  File "Cr3d0v3r.py", line 49, in login
    browser.select_form(form)
  File "/usr/local/lib/python2.7/site-packages/mechanicalsoup/stateful_browser.py", line 170, in select_form
    found_forms = self.__current_page.select(selector, limit=nr + 1)
AttributeError: 'NoneType' object has no attribute 'select'

Fail on email check

python3.6 Cr3d0v3r.py [email protected]
(I've tried using different emails, but see the same error)

[+] Checking email in public leaks...
Traceback (most recent call last):
  File "Cr3d0v3r.py", line 119, in <module>
    main()
  File "Cr3d0v3r.py", line 99, in main
    if ispwned.check(email):
  File "/Users/puzanov/src/Cr3dOv3r/ispwned.py", line 7, in check
    res = json.loads(req.text)
  File "/usr/local/Cellar/python3/3.6.3/Frameworks/Python.framework/Versions/3.6/lib/python3.6/json/__init__.py", line 354, in loads
    return _default_decoder.decode(s)
  File "/usr/local/Cellar/python3/3.6.3/Frameworks/Python.framework/Versions/3.6/lib/python3.6/json/decoder.py", line 339, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/local/Cellar/python3/3.6.3/Frameworks/Python.framework/Versions/3.6/lib/python3.6/json/decoder.py", line 357, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

Stops working with message Python has stopped working on Windows Version 1709 (OS Build 16299.248)

I have Python 3.6.4 (v3.6.4:d48eceb, Dec 19 2017, 06:04:45) [MSC v.1900 32 bit (Intel)] but I get the following error whenever I run the program. Image attached.

instagram

always saying Instagram is successful. false positive.

failed to import mechanicalsoup as ms

When I download the requirements it downloads beautifulsoup4 instead of mechanicalsoup 0.9.
I'm guessing the import needs to be renamed to account for the update of mechanicalsoup to beautifulsoup.

p.s i tried swapping the names in the import modules and it didn't work, so it's not that straightforward.

so basically the script doesn't load for me at all until this is fixed.

UnicodeDecodeError

Plaintext password was found for
Name : neopets

Traceback (most recent call last):
  File "Cr3d0v3r.py", line 123, in <module>
    main()
  File "Cr3d0v3r.py", line 99, in main
    ispwned.parse_data(email,args.np)
  File "/root/Cr3dov3r/Core/ispwned.py", line 41, in parse_data
    print(C+" │"+B+"  └──── "+W+pp.split(":")[1])
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 6: ordinal not in range(128)

ideas

i would suggest you two useful alternatives:

instead of open and fill the login form, just POST the form action url
if available, prefer and act as a mobile request, often mobile version are way easier

keep on improving this tool, would be nice to have the leaks without popping out a web browser

regards

Doesn't actually work

Even with a bogus email, and the error of "Email not found" it's still able to "login" to sites. A found address and a bogus password also does the same.

Linkedin False-Positive

Results for Linkedin are also showing a sign of false positive as well. Instagram has been addressed on issue #33 . Password used for this particular test is foobar along with my personal email address.

False Positive with virustotal.com

Running the tool gives me a false positive for Virustotal, I'm guessing caused by their recent redesign.

I tried twice, with two separate passwords and both times the tool reports a successful login. And I confirmed that neither password is correct, via the website. By the way, I don't think I actually have an account at all (But maybe I do, I can't remember...)

Let me know if you need any more information.

Leaked password?

Now you give it this email's old or leaked password then it checks this credentials against 16 websites (ex: facebook, twitter, google...) then it tells you if login successful in any website!

Thanks for doing this, but have a quick question for you.

As you said to provide the old password, but hacked-email API only provides the email is leaked or not, not the password, so how we can get the password to submit for check-ups with other services?

503 Response in ispwned.grab_password()

ghostproject.fr has cloudflare protections so whenever you test for passwords, it will provide a 503 Response page and report no passwords found

Tool shows login successful if the website asked for google captcha

When it write out [+] [ StackOF ] Login successful! I tested mannually the site is ask for google captcha
successfully coplete it and go back to StackOF login page. I type credentials again mannually the site says: The email or password is incorrect. (second time don't alert)

json related error.

Hi all,

i am facing this json error

i got the same error on linux, windows & docker.
please assist.

JSON Error

I've used the Windows, Kali, Ubuntu 16.04, and Docker setup methods and using Python 2 and 3. I always get the same error:

[+] Checking email in public leaks... Traceback (most recent call last): File "Cr3d0v3r.py", line 139, in <module> main() File "Cr3d0v3r.py", line 99, in main if ispwned.check_hackedEmails(email): File "/Cr3dOv3r/Core/ispwned.py", line 9, in check_hackedEmails res = req.json() File "/usr/local/lib/python3.6/site-packages/requests/models.py", line 892, in json return complexjson.loads(self.text, **kwargs) File "/usr/local/lib/python3.6/json/__init__.py", line 354, in loads return _default_decoder.decode(s) File "/usr/local/lib/python3.6/json/decoder.py", line 339, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "/usr/local/lib/python3.6/json/decoder.py", line 357, in raw_decode raise JSONDecodeError("Expecting value", s, err.value) from None json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
Am I missing something?

Mechanicalsoup: Link not found Error

Hello,

I've tried your code, and i've run into an error on websites logins:

Traceback (most recent call last):
  File "Cr3d0v3r.py", line 119, in <module>
    main()
  File "Cr3d0v3r.py", line 111, in main
    print( login( wd ,dic ,email ,pwd ) )
  File "Cr3d0v3r.py", line 43, in login
    browser.select_form(form)
  File "/home/louis/.local/lib/python3.5/site-packages/mechanicalsoup/stateful_browser.py", line 175, in select_form
    raise LinkNotFoundError()
mechanicalsoup.utils.LinkNotFoundError

Here's a screenshot aswell:

Cheers,

banners. ubuntu

Hello , Master!
Here is a problem.

Traceback (most recent call last):
File "Cr3d0v3r.py", line 123, in
main()
File "Cr3d0v3r.py", line 96, in main
banner()
File "/home/xxx/Downloads/Cr3dOv3r/Core/utils.py", line 22, in banner
banner = open(os.path.join("Data","banners.txt"), encoding="utf8").read()
TypeError: 'encoding' is an invalid keyword argument for this function

was fixed by add next lines :

import sys, codecs
banner = codecs.open(os.path.join("Data","banners.txt"), encoding="utf8").read()

But! Still CAN'T type password

help!

False positives second attempt

Using the following credentials you will login to LinkedIn. If you go to the site and login, it says that it's the wrong password:

Email: [email protected]
Password: password1

Test:

baal@baal-Aspire-5733Z:~/bin/python/cred$ python3 Cr3d0v3r.py "[email protected]"


              .,:,#&6dHHHb&##o\_
          .oHHMMMMMMMMMMMMMMMMMH*\,.
        oHMMMMMMMMMMMMMMMMMMMMMMHb:'-.
     .dMMMMMMMMMMMMMMMMMMMMMMMMMH|\/'  .
    ,&HMMMMMMMMMMMMMMMMMMMMMMM/"&.,d.   -.
   dboMMHMMMMMMMMMMMMMMMMMMMMMML `'       .
  HMHMMM$Z***MMMMMMMMMMMMMMMMMM|.-         .
 dMM]MMMM#'  `9MMMH?"`MMMMR'T'  _           :
|MMMbM#''     |MM"    ``MMMH.   <_           .
dMMMM#&        *&.     .?`*"   .'&:          .
MMMMMH-         `'    -v/H   .dD "'  '       :
MMMM*                  `*M: 4MM*::-!v,_      :
MMMM                     `*?::" "'``"?9Mb::. :
&MMM,                       `"'"'|"._ "?`| - :
`MMM].H                          ,#dM[_H   ..:
 9MMi`M: .                   .ooHMMMMMMM,  ..
  9Mb `-                     1MMMMMMMMMM|  :    Cr3d0v3r By @D4Vinci - V0.2
   ?M                        |MM#*#MMMM*  .       Know the dangers of email credentials reuse attacks.
    -.                       `     |#"' ,'            Loaded 13 website.
      .                            -" v`
        -.                          .-
           - .                   . `
              '-*#d#HHMMMMHH#"-'



[+] Checking email in public leaks...

Results found : 21
---------------------------------------
      Name of leak => dailymotion.com
      Date of leakage => 2017-08-12T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-dailymotioncomemai
---------------------------------------
      Name of leak => Unknown Database
      Date of leakage => 2017-08-10T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-mixdatabasesuserpl
---------------------------------------
      Name of leak => edmodo.com
      Date of leakage => 2017-06-04T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-edmodocom77mbcrypt
---------------------------------------
      Name of leak => evony.com
      Date of leakage => 2017-03-22T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-evonycom178msha1md
---------------------------------------
      Name of leak => evony.com
      Date of leakage => 2017-03-22T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-evonycom287mplaint
---------------------------------------
      Name of leak => heroesofnewerth.com
      Date of leakage => 2017-03-21T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-heroesofnewerthcom
---------------------------------------
      Name of leak => funimation.com
      Date of leakage => 2016-12-24T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-funimationcom20160
---------------------------------------
      Name of leak => justdate.com
      Date of leakage => 2016-09-29T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-justdateuserdetail
---------------------------------------
      Name of leak => dfb.de
      Date of leakage => 2016-08-31T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-dfbdemailhashtxt
---------------------------------------
      Name of leak => Unknown Subscribers Database
      Date of leakage => 2016-08-09T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-unknownsubscribers
---------------------------------------
      Name of leak => exploit.in (compilation)
      Date of leakage => 2016-07-31T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-exploitin800mcompi
---------------------------------------
      Name of leak => leet.cc
      Date of leakage => 2016-07-31T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-leetccsha512201602
---------------------------------------
      Name of leak => Unknown Subscribers Database
      Date of leakage => 2016-07-22T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-unknownsuscribersd
---------------------------------------
      Name of leak => Unknown Database FR
      Date of leakage => 2016-07-19T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-unknowndumpsemailp
---------------------------------------
      Name of leak => wiiuiso.com
      Date of leakage => 2016-06-27T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-wiiuisocom250915
---------------------------------------
      Name of leak => mate1.com
      Date of leakage => 2016-06-14T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-mate1comfeb20162
---------------------------------------
      Name of leak => LBSG.net (Lifeboat)
      Date of leakage => 2016-01-04T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-lbsgnetmd512mjan
---------------------------------------
      Name of leak => R2Games.com
      Date of leakage => 2015-11-30T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-r2gamescomvb22md
---------------------------------------
      Name of leak => 000webhost.com
      Date of leakage => 2015-10-26T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-000webho
---------------------------------------
      Name of leak => Adobe Users
      Date of leakage => 2013-09-30T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-adobecre
---------------------------------------
      Name of leak => Tumblr
      Date of leakage => 2013-01-04T00:00:00+00:00
      Details => https://hacked-emails.com/leak/anon-tumblr2013txt

Please enter the password=> 

[+] Testing websites with one form (10)!
 -[  Ask.fm   ] Login unsuccessful!
 -[  Github   ] Login unsuccessful!
 -[  Reddit   ] Login unsuccessful!
 -[  StackOF  ] Login unsuccessful!
 -[  Twitter  ] Login unsuccessful!
 -[ Ebay.com  ] Login unsuccessful!
 -[ Facebook  ] Login unsuccessful!
 -[ FourSquare ] Login unsuccessful!
 -[ Linkedin  ] Login successful !
 -[ Wikipedia ] Login unsuccessful!

[+] Testing websites with two forms (2)!
 -[ Google ] Login unsuccessful!
 -[ Yahoo  ] Email not registered!

[+] Testing websites with post requests (1)!
 -[ Mediafire ] Login unsuccessful!
baal@baal-Aspire-5733Z:~/bin/python/cred$

Go ahead and give it a try. (this issue is related to issue #12)

Unicode Crash - Windows

When getting password input, after submiting it (pressing ENTER) Python itself crashes. This is due to a conflict with the win_unicode_console library.
I was able to run win_unicode_console.disable() before the input which prevented the crash but I don't notice a difference with this lib disabled (is it really needed).

(Also created a PR to fix banner encoding issue for Windows users)

Environment: Windows 10, Python 3.7

Can't reach internet! altrough im on wifi

Instagram login is a false positive

On a wrong password, the script says the instagram password is successful.

#Now let's check if it was success by trying to use the same form again and if I could use it then the login not success
	try:
		browser.select_form(form2)
		browser.close()
		return "{2} -[{1}{3} {0} {4}{2}] Login unsuccessful!{4}".format(name,R,W,Bold,end)
	except:
		browser.close()
		return "{2} -[{1}{3} {0} {4}{2}] Login successful !{4}".format(name,G,W,Bold,end)

I think this is the part where the issue is.

Issues with login requests

When checking whether an old password still works with the various popular websites listed, the results from the login requests were incorrect.

For instance, I entered Cr3dOv3r as my password, which was incorrect. However, I still received Login successful ! for services such as Vimeo, Dropbox, Bitbucket and Mediafire.

GetPassWarning: Can not control echo on the terminal.

Either in Python 2.7 nether in Python 3.6 has the problem.
The Logs:

////////////////////////////////////////////////////////////////////////////////////////////////////////

[+] Checking email in public leaks...

Results found : 1

  Name of leak => Dropbox
  Date of leakage => 2012-07-14T00:00:00+00:00
  Details => https://hacked-emails.com/leak/anon-dropbox68m2012txt

C:\Python27amd64\lib\getpass.py:92: GetPassWarning: Can not control echo on the terminal.
return fallback_getpass(prompt, stream)
Warning: Password input may be echoed.
Please enter the password=>

////////////////////////////////////////////////////////////////////////////////////////////////////////

linkedin question?

I've noticed that I get a Linkedin successful password return for my personal account however when I try to validate I am unable to login - can you advise?

Readme typo

In instalation part for linux and windows, the "O" in the filename Cr3dOv3r.py should be a zero "0".
I'm a perfectionist 🗡️

Thumbs up for this tiny useful app 👍

Would be nice if a Ctrl+C (and other aborts) would leave the console in a nice state

Currently the font is set grey after you abort the script on the password prompt.

Link not found

[+] Testing websites with one form (14)!
 -[   Vimeo   ] Login successful !
 -[  Ask.fm   ] Login unsuccessful!
Traceback (most recent call last):
  File "Cr3d0v3r.py", line 120, in <module>
    main()
  File "Cr3d0v3r.py", line 112, in main
    print( login( wd ,dic ,email ,pwd ) )
  File "Cr3d0v3r.py", line 44, in login
    browser.select_form(form)
  File "/usr/local/lib/python3.5/dist-packages/mechanicalsoup/stateful_browser.py", line 175, in select_form
    raise LinkNotFoundError()
mechanicalsoup.utils.LinkNotFoundError

suggestion: multiple leaksources

For future releases maybe expand with more leakreporting sources like haveibeenpwned.com for example.

rgrds
Davelicious

Upgrade

Could you add Office365 Email in there to check the creds against?

outlook.office365.com

Also allow option to use ALL passwords found

Feature Request: Take Emails and Passwords in bulk

Please can we incorporate a feature in this tool to accept multiple emails and passwords?

[+] Plaintext passwords found! Error

used python version: python2.7
error message: [+] Plaintext passwords found!
Traceback (most recent call last):
File "Cr3d0v3r.py", line 123, in
main()
File "Cr3d0v3r.py", line 99, in main
ispwned.parse_data(email,args.np)
File "/root/Cr3d0v3r/Core/ispwned.py", line 41, in parse_data
print(C+" │"+B+" └──── "+W+pp.split(":")[1])
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 6: ordinal not in range(128)
thanks for help

Python error

I used the following command:

python Cr3d0v3r.py [email protected]

The script can't be executed because of this:

Traceback (most recent call last):
File "Cr3d0v3r.py", line 123, in
main()
File "Cr3d0v3r.py", line 96, in main
banner()
File "C:\Users\Tony\Desktop\DB\TOOL_Cr3dOv3r-master\Core\utils.py", line 22, in banner
banner = open(os.path.join("Data","banners.txt")).read()
File "C:\Users\Tony\AppData\Local\Programs\Python\Python36\lib\encodings\cp1252.py", line 23, in decode
return codecs.charmap_decode(input,self.errors,decoding_table)[0]
UnicodeDecodeError: 'charmap' codec can't decode byte 0x90 in position 972: character maps to

mall list

hi ineed to check mall list is Possible

work with ihavebeenpwned

my bad

json.decoder error

Hi just recently i have started experiencing below issue

[+] Checking email in public leaks...
Traceback (most recent call last):
File "Cr3d0v3r.py", line 140, in
main()
File "Cr3d0v3r.py", line 99, in main
if ispwned.check_hackedEmails(email):
File "/home/csirt/tools/Cr3dOv3r/Core/ispwned.py", line 10, in check_hackedEmails
res = req.json()
File "/usr/lib/python3/dist-packages/requests/models.py", line 808, in json
return complexjson.loads(self.text, **kwargs)
File "/usr/lib/python3.5/json/init.py", line 319, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.5/json/decoder.py", line 339, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.5/json/decoder.py", line 357, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

Newline error

When I run " python2.7 Cr3d0v3r.py [email protected]" I get

bash: syntax error near unexpected token `newline'

Any suggestion?

🐛 Encoding issue

When I execture the following command:

python Cr3d0v3r.py

The following error appears:

Traceback (most recent call last):
  File "Cr3d0v3r.py", line 6, in <module>
    from Core import ispwned
  File "/GitHub/D4Vinci/Cr3dOv3r/Core/ispwned.py", line 40
SyntaxError: Non-ASCII character '\xe2' in file /GitHub/D4Vinci/Cr3dOv3r/Core/ispwned.py on line 40, but no encoding declared; see http://python.org/dev/peps/pep-0263/ for details

Pls, add the following in the second line of Core/ispwned.py:

# -*- encoding: utf-8 -*-

Possible if e-mail id's can be given in a file

Just asking for a new feature, if possible to pass email id's in a file
Thanks

OSX Requirements Error

$ pip install -r requirements.txt
Requirement already satisfied: mechanicalsoup>=0.9 in /Library/Python/2.7/site-packages (from -r requirements.txt (line 1))
Requirement already satisfied: requests in /Library/Python/2.7/site-packages (from -r requirements.txt (line 2))
Collecting pyOpenSSL>=16.2.0 (from -r requirements.txt (line 3))
Using cached pyOpenSSL-17.4.0-py2.py3-none-any.whl
Requirement already satisfied: lxml in /Library/Python/2.7/site-packages (from mechanicalsoup>=0.9->-r requirements.txt (line 1))
Requirement already satisfied: beautifulsoup4 in /Library/Python/2.7/site-packages (from mechanicalsoup>=0.9->-r requirements.txt (line 1))
Requirement already satisfied: six>=1.4 in /Library/Python/2.7/site-packages (from mechanicalsoup>=0.9->-r requirements.txt (line 1))
Requirement already satisfied: idna<2.7,>=2.5 in /Library/Python/2.7/site-packages (from requests->-r requirements.txt (line 2))
Requirement already satisfied: urllib3<1.23,>=1.21.1 in /Library/Python/2.7/site-packages (from requests->-r requirements.txt (line 2))
Requirement already satisfied: certifi>=2017.4.17 in /Library/Python/2.7/site-packages (from requests->-r requirements.txt (line 2))
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /Library/Python/2.7/site-packages (from requests->-r requirements.txt (line 2))
Requirement already satisfied: cryptography>=1.9 in /Library/Python/2.7/site-packages (from pyOpenSSL>=16.2.0->-r requirements.txt (line 3))
Requirement already satisfied: cffi>=1.7; platform_python_implementation != "PyPy" in /Library/Python/2.7/site-packages (from cryptography>=1.9->pyOpenSSL>=16.2.0->-r requirements.txt (line 3))
Requirement already satisfied: enum34; python_version < "3" in /Library/Python/2.7/site-packages (from cryptography>=1.9->pyOpenSSL>=16.2.0->-r requirements.txt (line 3))
Requirement already satisfied: asn1crypto>=0.21.0 in /Library/Python/2.7/site-packages (from cryptography>=1.9->pyOpenSSL>=16.2.0->-r requirements.txt (line 3))
Requirement already satisfied: ipaddress; python_version < "3" in /Library/Python/2.7/site-packages (from cryptography>=1.9->pyOpenSSL>=16.2.0->-r requirements.txt (line 3))
Requirement already satisfied: pycparser in /Library/Python/2.7/site-packages (from cffi>=1.7; platform_python_implementation != "PyPy"->cryptography>=1.9->pyOpenSSL>=16.2.0->-r requirements.txt (line 3))
Installing collected packages: pyOpenSSL
Found existing installation: pyOpenSSL 0.13.1
DEPRECATION: Uninstalling a distutils installed project (pyOpenSSL) has been deprecated and will be removed in a future version. This is due to the fact that uninstalling a distutils project will only partially uninstall the project.
Uninstalling pyOpenSSL-0.13.1:
Exception:
Traceback (most recent call last):
File "/Library/Python/2.7/site-packages/pip-9.0.1-py2.7.egg/pip/basecommand.py", line 215, in main
status = self.run(options, args)
File "/Library/Python/2.7/site-packages/pip-9.0.1-py2.7.egg/pip/commands/install.py", line 342, in run
prefix=options.prefix_path,
File "/Library/Python/2.7/site-packages/pip-9.0.1-py2.7.egg/pip/req/req_set.py", line 778, in install
requirement.uninstall(auto_confirm=True)
File "/Library/Python/2.7/site-packages/pip-9.0.1-py2.7.egg/pip/req/req_install.py", line 754, in uninstall
paths_to_remove.remove(auto_confirm)
File "/Library/Python/2.7/site-packages/pip-9.0.1-py2.7.egg/pip/req/req_uninstall.py", line 115, in remove
renames(path, new_path)
File "/Library/Python/2.7/site-packages/pip-9.0.1-py2.7.egg/pip/utils/init.py", line 267, in renames
shutil.move(old, new)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 302, in move
copy2(src, real_dst)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 131, in copy2
copystat(src, dst)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 103, in copystat
os.chflags(dst, st.st_flags)
OSError: [Errno 1] Operation not permitted: '/var/folders/6d/xdknsm5d50gdnnd8zp7771xh0000gn/T/pip-XxIxGh-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pyOpenSSL-0.13.1-py2.7.egg-info'

OSX issue

Version:0.3.1

Cloned- pip3 installed and run with python3

[+] Checking email in public leaks...
Traceback (most recent call last):
  File "Cr3d0v3r.py", line 139, in <module>
    main()
  File "Cr3d0v3r.py", line 99, in main
    if ispwned.check_hackedEmails(email):
  File "/Users/kaic/Cr3dOv3r/Core/ispwned.py", line 9, in check_hackedEmails
    res = req.json()
  File "/usr/local/lib/python3.6/site-packages/requests/models.py", line 892, in json
    return complexjson.loads(self.text, **kwargs)
  File "/usr/local/Cellar/python3/3.6.4_2/Frameworks/Python.framework/Versions/3.6/lib/python3.6/json/__init__.py", line 354, in loads
    return _default_decoder.decode(s)
  File "/usr/local/Cellar/python3/3.6.4_2/Frameworks/Python.framework/Versions/3.6/lib/python3.6/json/decoder.py", line 339, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/local/Cellar/python3/3.6.4_2/Frameworks/Python.framework/Versions/3.6/lib/python3.6/json/decoder.py", line 357, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

Invalid info about bitbucket and dropbox account

The python codes checks and give login successful to bitbucket and dropbox even user never created and account on bitbucket and the password is not same on the dropbox as give while running the script but it still shows that the login is successful.

False positives

Deliberately using the wrong password and getting a false positive with it:

[+] Testing websites with one form (14)!
 -[   Vimeo   ] Login successful !  #<- No
 -[  Ask.fm   ] Login unsuccessful!
 -  Dropbox  form data is invalid! please report to us!
 -[  Github   ] Login successful ! #< Yes
 -[  Reddit   ] Login unsuccessful!
 -[  StackOF  ] Login unsuccessful!
 -[  Twitter  ] Login successful ! #<- No
 -[ Bitbucket ] Login successful !
 -[ Ebay.com  ] Login unsuccessful!
 -[ Facebook  ] Login unsuccessful!
 -[ FourSquare ] Login unsuccessful!
 -[ Linkedin  ] Login unsuccessful!
 -[ Mediafire ] Login successful ! #<- No
 -[ Wikipedia ] Login unsuccessful!

[+] Testing websites with two forms (2)!
 -[ Google ] Login unsuccessful!
 -[ Yahoo  ] Email not registered!

'encoding' is an invalid keyword

Hello, when I execute the script (all deps are satisfied) I only have this error message:

Traceback (most recent call last):
  File "Cr3d0v3r.py", line 151, in <module>
    main()
  File "Cr3d0v3r.py", line 124, in main
    banner()
  File "/home/elan42/Cr3dOv3r/Core/utils.py", line 22, in banner
    banner = open(os.path.join("Data","banners.txt"), encoding="utf8").read()
TypeError: 'encoding' is an invalid keyword argument for this function

My system:

Linux elan42-mint 4.15.0-29-generic #31~16.04.1-Ubuntu SMP Wed Jul 18 08:54:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

This happens with the Python version, not with the Docker one.

ghostproject.fr/search.php query for leaked paswords is now broken

Their main website still responds with results. So it should still be possible to get to them.

It appears they now want you to use a particular cookie "test=1".

diff --git a/Core/ispwned.py b/Core/ispwned.py
index 44af319..12ad603 100644
--- a/Core/ispwned.py
+++ b/Core/ispwned.py
@@ -21,7 +21,9 @@ def grab_password(email):
     # No docs(Because no API), just found it by analyzing the network and told the admin :D
     url  = "https://ghostproject.fr/search.php"
     data = {"param":email}
-    req = requests.post(url,headers=UserAgent,data=data)
+    jar = requests.cookies.RequestsCookieJar()
+    jar.set('test', '1', domain='ghostproject.fr')
+    req = requests.post(url,headers=UserAgent,data=data,cookies=jar)
     result = req.text.split("\\n")
     if "Error" in req.text or len(result)==2:
         return False

Instagram & LinkedIn Are always "Login successful !"

I've tried a lot of emails and they are always "Login successful !" when checking on Instagram & LinkedIn
I've also tried on my own email with a wrong password and it shows a "Login successful !"