Categories: Kali Linux

Cr3dOv3r – Know The Dangers Of Credential Reuse Attacks

Cr3dOv3r is know as the dangers of credential reuse attacks. It would be your best friend in credential reuse attacks. You give Cr3dOv3r an email then it does two simple useful jobs with it:

  • Search for public leaks for the email and returns the result with the most useful details about the leak (Using haveibeenpwned API) and tries to get the plain text passwords from leaks it find.
  • Now you give it a password or a leaked password then it tries this credentials against some well-known websites (ex: facebook, twitter, google…) and tells if the login successful!

Also Read EvilOSX – An Evil Remote Administration Tool For MacOS / OS X

Some Of The Scenarios Cr3dOv3r Can Be Used In It

  • Check if the targeted email is in any leaks and then use the leaked password to check it against the websites.
  • Check if the target credentials you found is reused on other websites/services.
  • Checking if the old password you got from the target/leaks is still used in any website.

Screenshots

Usage Cr3dOv3r

usage: Cr3d0v3r.py [-h] [-p] [-np] [-q] email

positional arguments:
  email       Email/username to check

optional arguments:
  -h, --help  show this help message and exit
  -p          Don't check for leaks or plain text passwords.
  -np         Don't check for plain text passwords.
  -q          Quiet mode (no banner).

Installing & Requirements

To make the tool work at its best you must have :

  • Python 3.x or 2.x (preferred 3).
  • Linux or Windows system.
  • Worked on some machines with MacOS and python3.
  • The requirements mentioned in the next few lines.

Installing

For windows : (After downloading ZIP and upzip it)

cd Cr3dOv3r-master
python -m pip install -r win_requirements.txt
python Cr3dOv3r.py -h

For Linux :

git clone https://github.com/D4Vinci/Cr3dOv3r.git
cd Cr3dOv3r
python3 -m pip install -r requirements.txt
python3 Cr3dOv3r.py -h

For docker :

git clone https://github.com/D4Vinci/Cr3dOv3r.git
docker build -t cr3dov3r Cr3dOv3r/
docker run -it cr3dov3r "example@gmail.com"

Disclaimer

Cr3dOv3r is created to show how could credential reuse attacks get dangerous and it’s not responsible for misuse or illegal purposes. Use it only for Pen-test or educational purpose !!!

R K

Share
Published by
R K
Tags: Cr3dOv3r
7 years ago

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 weeks ago