SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks like Instagram, Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.
The purpose of this tool is to facilitate the search for vulnerable targets during the phase of Footprinting in an Ethical Hacking. It is common for employees of a company to publish their emails in social networks, either professional or personal, so if these emails have their credentials leaked, it is possible that the passwords found have been reused in the environment to be audited. If it’s not the case, at least you would have an idea of the patterns that follow this target to create the passwords and be able to perform other attacks with a higher level of effectiveness.
SocialPwned uses different modules:
Installation
Easy way
$ service docker start
$ docker pull mrtuxx/socialpwned
$ docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –help
The installation of Tor depends on your system. On a Debian:
$ sudo apt-get install tor
$ /etc/init.d/tor start
Clone the repository using Git:
$ git clone https://github.com/MrTuxx/SocialPwned.git
$ cd SocialPwned
$ sudo pip3 install –user –upgrade git+https://github.com/twintproject/twint.git@origin/master#egg=twint
$ sudo pip3 install -r requirements.txt
$ sudo python3 socialpwned.py –credentials credentials.json –help
To make use of the Instagram and Linkedin features you need to have an account created on each of the social networks. The credentials must be indicated in a JSON file:
{
“instagram”:{
“username”:”username”,
“password”:”password”
},
“linkedin”:{
“email”:”email”,
“password”:”password”
},
“ghunt”:{
“SID”:”SID”,
“SSID”:”SSID”,
“APISID”:”APISID”,
“SAPISID”:”SAPISID”,
“HSID”:”HSID”
},
“dehashed”:{
“email”:”email”,
“apikey”:”apikey”
}
}
NOTE: The cookies necessary for the GHunt module to work can be obtained by following the steps explained here
usage: socialpwned.py [-h] –credentials CREDENTIALS [–pwndb] [–tor-proxy PROXY] [–instagram] [–info QUERY]
[–location LOCATION_ID] [–hashtag-ig QUERY] [–target-ig USERNAME] [–search-users-ig QUERY]
[–my-followers] [–my-followings] [–followers-ig] [–followings-ig] [–linkedin]
[–company COMPANY_ID] [–search-companies QUERY] [–employees] [–my-contacts]
[–user-contacts USER_ID] [–search-users-in QUERY] [–target-in USERNAME] [–add-contacts]
[–add-a-contact USER_ID] [–twitter] [–limit LIMIT] [–year YEAR] [–since DATE]
[–until DATE] [–profile-full] [–all-tw] [–target-tw USERNAME] [–hashtag-tw USERNAME]
[–followers-tw] [–followings-tw] [–ghunt] [–email-gh email@gmail.com] [–dehashed]
[–email-dh email@gmail.com]
Output format
Each time SocialPwned is run, a directory with the following format will be generated:
output
└── session_year_month_day_time
├── dehashed
│ ├── raw_dehashed.txt
│ └── socialpwned_dehashed.txt
├── emails
│ └── socialpwned_emails.txt
├── instagram
│ └── socialpwned_instagram.txt
├── linkedin_userames
│ ├── first.last.txt
│ ├── firstl.txt
│ ├── first.txt
│ ├── f.last.txt
│ ├── flast.txt
│ ├── lastf.txt
│ └── rawnames.txt
├── pwndb
│ ├── passwords_pwndb.txt
│ ├── pwndb.txt
│ └── socialpwned_pwndb.txt
├── socialpwned.json
└── twitter
└── socialpwned_twitter.txt
Basic Examples and Combos
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –instagram –info España
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –instagram –location 832578276
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –instagram –hashtag-ig someHashtag –pwndb
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –instagram –target-ig username –pwndb
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –instagram –target-ig username –followers-ig –followings-ig –pwndb
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –linkedin –search-companies “My Target”
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –linkedin –search-companies “My Target” –employees –pwndb
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –linkedin –company 123456789 –employees –pwndb
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –linkedin –company 123456789 –employees –add-contacts
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –linkedin –user-contacts user-id –pwndb
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –linkedin –user-contacts user-id –add-contacts
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –twitter –hashtag-tw someHashtag –pwndb –limit 200 –dehashed
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –twitter –target-tw username –all-tw –pwndb –dehashed –ghunt
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –twitter –target-tw username –all-tw –followers-tw –followings-tw –pwndb
GHunt
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –ghunt –email-gh “email@example.com”
Dehashed
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –dehashed –email-dh “email@example.com”
Combos
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –instagram –target-ig username –followers-ig –followings-ig –linkedin –company 123456789 –employees –twitter –target-tw username –all-tw –pwndb –ghunt –dehashed
docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py –credentials credentials.json –instagram –target-ig username –linkedin –target-in username –twitter –target-tw username –all-tw –pwndb –ghunt –dehashed
If you’re learning Bash scripting, one of the most useful features you’ll come across is…
If you are new to Bash scripting or Linux shell scripting, one of the most…
How Does a Firewall Work Step by Step? What Is a Firewall and How Does…
ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…
Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…
SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…