Cr3dOv3r is a python-based tool, which simply uses email address for credential reuse attack. You can use it by some simple set of commands and functions to get your required output. It is an open source and free to use. It will provide the credentials including plaintext form passwords of a given or specific email address.
Cr3dOv3r: Credential Reuse Attack Tool
When you provide an Email to Cr3dOv3r, it fairly performs following two actions:
- It will start searching possible leaks for given email, after searching it will give information that includes all related details about the leaks. This whole action will be performed by the help of haveibeenpwned API and hacked-emails site API.
- Then, if you provide given email’s old or leaked password then Cr3dOv3r uses these credentials against some popular websites like Google, Facebook and Twitter etc. It will return and notifies the successful logins to any website. If Cr3dOv3r finds any captcha during the login to website which is blocking, the successful login will also include in its results.
Some conditions that may be used in Cr3dOv3r:
- A targeted email can be checked by this tool.
- It finds if the targeted email is in any leak
- After searching the leak, it will get the leaked password for the email.
- You can use the email credentials to check the possibility if this user is still using this same password on any websites.
- Testing an email
- Search for targeted email
- Checking old password
- Leaked password
- Haveibeenpwned API
- Hacked-emails site API
- Checking websites for any successful login with leaked password
- Linux, Windows, OS X
- Python 2.x+
Clone the GitHub repo:
$ git clone https://github.com/D4Vinci/Cr3dOv3r.git
Navigate to the working directory and install all requirements:
$ cd Cr3dOv3r $ python3 -m pip install -r requirements.txt $ python3 Cr3d0v3r.py -h
$ git clone https://github.com/D4Vinci/Cr3dOv3r.git $ docker build -t cr3dov3r Cr3dOv3r/ $ docker run -it cr3dov3r "email@example.com"
-h to list all available options:
usage: Cr3d0v3r.py [-h] [-p] [-np] [-q] email positional arguments: email Email/username to check optional arguments: -h, --help show this help message and exit -p Don't check for leaks or plain text passwords. -np Don't check for plain text passwords. -q Quiet mode (no banner).