Frameworks information gathering tool Social Engineering Tools

Cr3dOv3r: Credential Reuse Attack

Written by Mubassir patel

Cr3dOv3r Python 3.5 Build Status

Your best friend in credential reuse attacks.

Cr3dOv3r simply you give it an email then it does two simple jobs (but useful) :

  • Search for public leaks for the email and if it any, it returns with all available details about the leak (Using hacked-emails site API).
  • Now you give it this email’s old or leaked password then it checks this credentials against 16 websites (ex: facebook, twitter, google…) then it tells you if login successful in any website!

Imagine with me this scenario

  • You checking a targeted email with this tool.
  • The tool finds it in a leak so you open the leakage link.
  • You get the leaked password after searching the leak.
  • Now you back to the tool and enters this password to check if there’s any website the user uses the same password in it.
  • You imagine the rest ?

Screenshots

Cr3dOv3r Cr3dOv3r Cr3dOv3r

Usage

usage: Cr3d0v3r.py [-h] email

positional arguments:
  email       Email/username to check

optional arguments:
  -h, --help  show this help message and exit

Installing and requirements

To make the tool work at its best you must have :

  • Python 3.x.
  • Linux or windows system.
  • The requirements mentioned in the next few lines.

Installing

+For windows : (After downloading ZIP and upzip it)

cd Cr3dOv3r-master
python -m pip install -r win_requirements.txt
python Cr3dOv3r.py -h

+For linux :

git clone https://github.com/D4Vinci/Cr3dOv3r.git
chmod 777 -R Cr3dOv3r-master
cd Cr3dOv3r-master
pip3 install -r requirements.txt
python Cr3dOv3r.py -h

If you want to add a website to the tool, follow the instructions in the wiki

About the author

Mubassir patel

Mubassir is a founder and developer of this site. He is a computer science engineer. He has a very deep interest in ethical hacking, penetration testing, website development and including all technology topic.

Leave a Comment