What is Cr3dOv3r?
Cr3dOv3r simply you give it an email then it does two simple jobs (but useful) :
– Search for public leaks for the email and if there’s any, it returns with all available details about the leak (Using hacked-emails site API and now haveibeenpwned API too).
– Now you give it this email’s old or leaked password then it checks this credentials against 13 websites of well-known websites (ex: facebook, twitter, google…) then it tells you if login successful in any website!
Some of the scenarios Cr3dOv3r can be used in it
- Searching for a targeted-email for leaks and then use the leaked password to check it against the websites.
- Testing an email and an old password you found on the websites.
- You got a target email and password and want to check if he uses the same password on other websites.
To make the tool work at its best you must have :
– Python 3.x or 2.x (preferred 3).
– Linux or Windows system.
– Worked on some machines with MacOS and python3 (Thanks for @MansoorMajeed and needs to others to confirm that)
– The requirements mentioned in the next few lines.
For windows : (After downloading ZIP and upzip it):
cd Cr3dOv3r-master python -m pip install -r win_requirements.txt python Cr3dOv3r.py -h
For Linux :(Kali Linux)
git clone https://github.com/D4Vinci/Cr3dOv3r.git
chmod 777 -R Cr3dOv3r cd Cr3dOv3r pip install -r requirements.txt
python Cr3dOv3r.py -h
For docker :
git clone https://github.com/D4Vinci/Cr3dOv3r.git docker build -t cr3dov3r Cr3dOv3r/ docker run -it cr3dov3r "[email protected]"
usage: Cr3d0v3r.py [-h] email positional arguments: email Email/username to check optional arguments: -h, --help show this help message and exit -p Use it if you only wants to check a password -api2 Use haveibeenpwned API too -q Quit mode (no banner)
Cr3dOv3r is created to show how could credential reuse attacks get dangerous and it’s not responsible for misuse or illegal purposes. Use it only for Pentest or educational purpose !!!