Know the dangers of credential reuse attacks.
License: MIT License
In my spare time, I enjoy gaming, cinematography, and reading novels.
Running the tool gives me a false positive for Virustotal, I'm guessing caused by their recent redesign.
I tried twice, with two separate passwords and both times the tool reports a successful login. And I confirmed that neither password is correct, via the website. By the way, I don't think I actually have an account at all (But maybe I do, I can't remember...)
Let me know if you need any more information.
I've tried a lot of emails and they are always "Login successful !" when checking on Instagram & LinkedIn
I've also tried on my own email with a wrong password and it shows a "Login successful !"
Hi just recently i have started experiencing below issue
[+] Checking email in public leaks...
Traceback (most recent call last):
File "Cr3d0v3r.py", line 140, in
main()
File "Cr3d0v3r.py", line 99, in main
if ispwned.check_hackedEmails(email):
File "/home/csirt/tools/Cr3dOv3r/Core/ispwned.py", line 10, in check_hackedEmails
res = req.json()
File "/usr/lib/python3/dist-packages/requests/models.py", line 808, in json
return complexjson.loads(self.text, **kwargs)
File "/usr/lib/python3.5/json/init.py", line 319, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.5/json/decoder.py", line 339, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.5/json/decoder.py", line 357, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
i would suggest you two useful alternatives:
keep on improving this tool, would be nice to have the leaks without popping out a web browser
regards
Just asking for a new feature, if possible to pass email id's in a file
Thanks
used python version: python2.7
error message: [+] Plaintext passwords found!
Traceback (most recent call last):
File "Cr3d0v3r.py", line 123, in
main()
File "Cr3d0v3r.py", line 99, in main
ispwned.parse_data(email,args.np)
File "/root/Cr3d0v3r/Core/ispwned.py", line 41, in parse_data
print(C+" โ"+B+" โโโโโ "+W+pp.split(":")[1])
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 6: ordinal not in range(128)
thanks for help
Using the following credentials you will login to LinkedIn. If you go to the site and login, it says that it's the wrong password:
Email: [email protected]
Password: password1
Test:
baal@baal-Aspire-5733Z:~/bin/python/cred$ python3 Cr3d0v3r.py "[email protected]"
.,:,#&6dHHHb&##o\_
.oHHMMMMMMMMMMMMMMMMMH*\,.
oHMMMMMMMMMMMMMMMMMMMMMMHb:'-.
.dMMMMMMMMMMMMMMMMMMMMMMMMMH|\/' .
,&HMMMMMMMMMMMMMMMMMMMMMMM/"&.,d. -.
dboMMHMMMMMMMMMMMMMMMMMMMMMML `' .
HMHMMM$Z***MMMMMMMMMMMMMMMMMM|.- .
dMM]MMMM#' `9MMMH?"`MMMMR'T' _ :
|MMMbM#'' |MM" ``MMMH. <_ .
dMMMM#& *&. .?`*" .'&: .
MMMMMH- `' -v/H .dD "' ' :
MMMM* `*M: 4MM*::-!v,_ :
MMMM `*?::" "'``"?9Mb::. :
&MMM, `"'"'|"._ "?`| - :
`MMM].H ,#dM[_H ..:
9MMi`M: . .ooHMMMMMMM, ..
9Mb `- 1MMMMMMMMMM| : Cr3d0v3r By @D4Vinci - V0.2
?M |MM#*#MMMM* . Know the dangers of email credentials reuse attacks.
-. ` |#"' ,' Loaded 13 website.
. -" v`
-. .-
- . . `
'-*#d#HHMMMMHH#"-'
[+] Checking email in public leaks...
Results found : 21
---------------------------------------
Name of leak => dailymotion.com
Date of leakage => 2017-08-12T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-dailymotioncomemai
---------------------------------------
Name of leak => Unknown Database
Date of leakage => 2017-08-10T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-mixdatabasesuserpl
---------------------------------------
Name of leak => edmodo.com
Date of leakage => 2017-06-04T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-edmodocom77mbcrypt
---------------------------------------
Name of leak => evony.com
Date of leakage => 2017-03-22T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-evonycom178msha1md
---------------------------------------
Name of leak => evony.com
Date of leakage => 2017-03-22T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-evonycom287mplaint
---------------------------------------
Name of leak => heroesofnewerth.com
Date of leakage => 2017-03-21T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-heroesofnewerthcom
---------------------------------------
Name of leak => funimation.com
Date of leakage => 2016-12-24T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-funimationcom20160
---------------------------------------
Name of leak => justdate.com
Date of leakage => 2016-09-29T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-justdateuserdetail
---------------------------------------
Name of leak => dfb.de
Date of leakage => 2016-08-31T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-dfbdemailhashtxt
---------------------------------------
Name of leak => Unknown Subscribers Database
Date of leakage => 2016-08-09T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-unknownsubscribers
---------------------------------------
Name of leak => exploit.in (compilation)
Date of leakage => 2016-07-31T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-exploitin800mcompi
---------------------------------------
Name of leak => leet.cc
Date of leakage => 2016-07-31T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-leetccsha512201602
---------------------------------------
Name of leak => Unknown Subscribers Database
Date of leakage => 2016-07-22T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-unknownsuscribersd
---------------------------------------
Name of leak => Unknown Database FR
Date of leakage => 2016-07-19T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-unknowndumpsemailp
---------------------------------------
Name of leak => wiiuiso.com
Date of leakage => 2016-06-27T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-wiiuisocom250915
---------------------------------------
Name of leak => mate1.com
Date of leakage => 2016-06-14T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-mate1comfeb20162
---------------------------------------
Name of leak => LBSG.net (Lifeboat)
Date of leakage => 2016-01-04T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-lbsgnetmd512mjan
---------------------------------------
Name of leak => R2Games.com
Date of leakage => 2015-11-30T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-r2gamescomvb22md
---------------------------------------
Name of leak => 000webhost.com
Date of leakage => 2015-10-26T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-000webho
---------------------------------------
Name of leak => Adobe Users
Date of leakage => 2013-09-30T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-adobecre
---------------------------------------
Name of leak => Tumblr
Date of leakage => 2013-01-04T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-tumblr2013txt
Please enter the password=>
[+] Testing websites with one form (10)!
-[ Ask.fm ] Login unsuccessful!
-[ Github ] Login unsuccessful!
-[ Reddit ] Login unsuccessful!
-[ StackOF ] Login unsuccessful!
-[ Twitter ] Login unsuccessful!
-[ Ebay.com ] Login unsuccessful!
-[ Facebook ] Login unsuccessful!
-[ FourSquare ] Login unsuccessful!
-[ Linkedin ] Login successful !
-[ Wikipedia ] Login unsuccessful!
[+] Testing websites with two forms (2)!
-[ Google ] Login unsuccessful!
-[ Yahoo ] Email not registered!
[+] Testing websites with post requests (1)!
-[ Mediafire ] Login unsuccessful!
baal@baal-Aspire-5733Z:~/bin/python/cred$
Go ahead and give it a try. (this issue is related to issue #12)
When I download the requirements it downloads beautifulsoup4 instead of mechanicalsoup 0.9.
I'm guessing the import needs to be renamed to account for the update of mechanicalsoup to beautifulsoup.
p.s i tried swapping the names in the import modules and it didn't work, so it's not that straightforward.
so basically the script doesn't load for me at all until this is fixed.
When checking whether an old password still works with the various popular websites listed, the results from the login requests were incorrect.
For instance, I entered Cr3dOv3r as my password, which was incorrect. However, I still received Login successful ! for services such as Vimeo, Dropbox, Bitbucket and Mediafire.
my bad
Their main website still responds with results. So it should still be possible to get to them.
It appears they now want you to use a particular cookie "test=1".
diff --git a/Core/ispwned.py b/Core/ispwned.py
index 44af319..12ad603 100644
--- a/Core/ispwned.py
+++ b/Core/ispwned.py
@@ -21,7 +21,9 @@ def grab_password(email):
# No docs(Because no API), just found it by analyzing the network and told the admin :D
url = "https://ghostproject.fr/search.php"
data = {"param":email}
- req = requests.post(url,headers=UserAgent,data=data)
+ jar = requests.cookies.RequestsCookieJar()
+ jar.set('test', '1', domain='ghostproject.fr')
+ req = requests.post(url,headers=UserAgent,data=data,cookies=jar)
result = req.text.split("\\n")
if "Error" in req.text or len(result)==2:
return FalseI've noticed that I get a Linkedin successful password return for my personal account however when I try to validate I am unable to login - can you advise?
Please can we incorporate a feature in this tool to accept multiple emails and passwords?
Tried to use this, but I am getting the following error with Python 3.4. on Linux (Gentoo).
[+] Checking email in public leaks...
Traceback (most recent call last):
File "./Cr3d0v3r.py", line 119, in <module>
main()
File "./Cr3d0v3r.py", line 100, in main
to_print = ispwned.parse_data(email)
File "/home/zeno/.software/Cr3dOv3r/ispwned.py", line 18, in parse_data
data = check(email,"His shit :D")
File "/home/zeno/.software/Cr3dOv3r/ispwned.py", line 7, in check
res = json.loads(req.text)
File "/usr/lib64/python3.4/json/__init__.py", line 318, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python3.4/json/decoder.py", line 343, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib64/python3.4/json/decoder.py", line 361, in raw_decode
raise ValueError(errmsg("Expecting value", s, err.value)) from None
ValueError: Expecting value: line 1 column 1 (char 0)
The tool doesn't recognize a valid Yahoo email address, returning "Email not registered!" even if I put the exact password of a personal account. I tried with two different valid Yahoo accounts and I got same results.
I'm using V0.4.1 on ParrotSec
Hello , Master!
Here is a problem.
was fixed by add next lines :
But! Still CAN'T type password
help!
Hello! Seems like the haveibeenpwned code path have a bug, as following:
Traceback (most recent call last):
File "Cr3d0v3r.py", line 139, in <module>
main()
File "Cr3d0v3r.py", line 110, in main
to_print = ispwned.parse_data(email,1)
File "/Users/totheiotragi/Tools/Cr3dOv3r/Core/ispwned.py", line 39, in parse_data
Final_text = "\n(GG)Results from haveibeenpwned website (W): (Y)"+str(len(data))
TypeError: object of type 'bool' has no len()Seems like the data somehow gets a Bool value from check_haveibeenpwned():
def parse_data(email,parse_what=0):
#Colors is (green - yellow - blue - red - white - magenta - cyan)
if parse_what==0:
data = check_hackedEmails(email,"His shit :D")
Final_text = "\n(GG)Results from hacked-emails website (W): (Y)"+str(data["results"])
data = data["data"]
else:
data = check_haveibeenpwned(email,"His shit :D")
Final_text = "\n(GG)Results from haveibeenpwned website (W): (Y)"+str(len(data))Hello,
I've tried your code, and i've run into an error on websites logins:
Traceback (most recent call last):
File "Cr3d0v3r.py", line 119, in <module>
main()
File "Cr3d0v3r.py", line 111, in main
print( login( wd ,dic ,email ,pwd ) )
File "Cr3d0v3r.py", line 43, in login
browser.select_form(form)
File "/home/louis/.local/lib/python3.5/site-packages/mechanicalsoup/stateful_browser.py", line 175, in select_form
raise LinkNotFoundError()
mechanicalsoup.utils.LinkNotFoundError
Here's a screenshot aswell:
Cheers,
On a wrong password, the script says the instagram password is successful.
#Now let's check if it was success by trying to use the same form again and if I could use it then the login not success
try:
browser.select_form(form2)
browser.close()
return "{2} -[{1}{3} {0} {4}{2}] Login unsuccessful!{4}".format(name,R,W,Bold,end)
except:
browser.close()
return "{2} -[{1}{3} {0} {4}{2}] Login successful !{4}".format(name,G,W,Bold,end)
I think this is the part where the issue is.
I have Python 3.6.4 (v3.6.4:d48eceb, Dec 19 2017, 06:04:45) [MSC v.1900 32 bit (Intel)] but I get the following error whenever I run the program. Image attached.
Now you give it this email's old or leaked password then it checks this credentials against 16 websites (ex: facebook, twitter, google...) then it tells you if login successful in any website!
Thanks for doing this, but have a quick question for you.
As you said to provide the old password, but hacked-email API only provides the email is leaked or not, not the password, so how we can get the password to submit for check-ups with other services?
Version:0.3.1
Cloned- pip3 installed and run with python3
[+] Checking email in public leaks...
Traceback (most recent call last):
File "Cr3d0v3r.py", line 139, in <module>
main()
File "Cr3d0v3r.py", line 99, in main
if ispwned.check_hackedEmails(email):
File "/Users/kaic/Cr3dOv3r/Core/ispwned.py", line 9, in check_hackedEmails
res = req.json()
File "/usr/local/lib/python3.6/site-packages/requests/models.py", line 892, in json
return complexjson.loads(self.text, **kwargs)
File "/usr/local/Cellar/python3/3.6.4_2/Frameworks/Python.framework/Versions/3.6/lib/python3.6/json/__init__.py", line 354, in loads
return _default_decoder.decode(s)
File "/usr/local/Cellar/python3/3.6.4_2/Frameworks/Python.framework/Versions/3.6/lib/python3.6/json/decoder.py", line 339, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/local/Cellar/python3/3.6.4_2/Frameworks/Python.framework/Versions/3.6/lib/python3.6/json/decoder.py", line 357, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
[+] Testing websites with one form (14)!
-[ Vimeo ] Login successful ! <- no
-[ Ask.fm ] Login unsuccessful!
- Dropbox form data is invalid! please report to us!
-[ Github ] Login unsuccessful!
-[ Reddit ] Login unsuccessful!
-[ StackOF ] Login unsuccessful!
-[ Twitter ] Login unsuccessful!
-[ Bitbucket ] Login successful ! <- no
-[ Ebay.com ] Login unsuccessful!
-[ Facebook ] Login unsuccessful!
-[ FourSquare ] Login unsuccessful!
-[ Linkedin ] Login successful ! <- no
-[ Mediafire ] Login successful ! <- no
-[ Wikipedia ] Login unsuccessful!
[+] Testing websites with two forms (2)!
-[ Google ] Email not registered!
-[ Yahoo ] Email not registered!
Did two tests on two different accounts, neither had to be true anywhere.
Either in Python 2.7 nether in Python 3.6 has the problem.
The Logs:
////////////////////////////////////////////////////////////////////////////////////////////////////////
[+] Checking email in public leaks...
Name of leak => Dropbox
Date of leakage => 2012-07-14T00:00:00+00:00
Details => https://hacked-emails.com/leak/anon-dropbox68m2012txt
C:\Python27amd64\lib\getpass.py:92: GetPassWarning: Can not control echo on the terminal.
return fallback_getpass(prompt, stream)
Warning: Password input may be echoed.
Please enter the password=>
////////////////////////////////////////////////////////////////////////////////////////////////////////
For future releases maybe expand with more leakreporting sources like haveibeenpwned.com for example.
rgrds
Davelicious
MacOS 10.12.6
Python 2.7.12
Traceback (most recent call last):
File "Cr3d0v3r.py", line 119, in <module>
main()
File "Cr3d0v3r.py", line 111, in main
print( login( wd ,dic ,email ,pwd ) )
File "Cr3d0v3r.py", line 49, in login
browser.select_form(form)
File "/usr/local/lib/python2.7/site-packages/mechanicalsoup/stateful_browser.py", line 170, in select_form
found_forms = self.__current_page.select(selector, limit=nr + 1)
AttributeError: 'NoneType' object has no attribute 'select'
Could you add Office365 Email in there to check the creds against?
outlook.office365.com
Also allow option to use ALL passwords found
When getting password input, after submiting it (pressing ENTER) Python itself crashes. This is due to a conflict with the win_unicode_console library.
I was able to run win_unicode_console.disable() before the input which prevented the crash but I don't notice a difference with this lib disabled (is it really needed).
(Also created a PR to fix banner encoding issue for Windows users)
Environment: Windows 10, Python 3.7
When I run " python2.7 Cr3d0v3r.py [email protected]" I get
bash: syntax error near unexpected token `newline'
Any suggestion?
$ pip install -r requirements.txt
Requirement already satisfied: mechanicalsoup>=0.9 in /Library/Python/2.7/site-packages (from -r requirements.txt (line 1))
Requirement already satisfied: requests in /Library/Python/2.7/site-packages (from -r requirements.txt (line 2))
Collecting pyOpenSSL>=16.2.0 (from -r requirements.txt (line 3))
Using cached pyOpenSSL-17.4.0-py2.py3-none-any.whl
Requirement already satisfied: lxml in /Library/Python/2.7/site-packages (from mechanicalsoup>=0.9->-r requirements.txt (line 1))
Requirement already satisfied: beautifulsoup4 in /Library/Python/2.7/site-packages (from mechanicalsoup>=0.9->-r requirements.txt (line 1))
Requirement already satisfied: six>=1.4 in /Library/Python/2.7/site-packages (from mechanicalsoup>=0.9->-r requirements.txt (line 1))
Requirement already satisfied: idna<2.7,>=2.5 in /Library/Python/2.7/site-packages (from requests->-r requirements.txt (line 2))
Requirement already satisfied: urllib3<1.23,>=1.21.1 in /Library/Python/2.7/site-packages (from requests->-r requirements.txt (line 2))
Requirement already satisfied: certifi>=2017.4.17 in /Library/Python/2.7/site-packages (from requests->-r requirements.txt (line 2))
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /Library/Python/2.7/site-packages (from requests->-r requirements.txt (line 2))
Requirement already satisfied: cryptography>=1.9 in /Library/Python/2.7/site-packages (from pyOpenSSL>=16.2.0->-r requirements.txt (line 3))
Requirement already satisfied: cffi>=1.7; platform_python_implementation != "PyPy" in /Library/Python/2.7/site-packages (from cryptography>=1.9->pyOpenSSL>=16.2.0->-r requirements.txt (line 3))
Requirement already satisfied: enum34; python_version < "3" in /Library/Python/2.7/site-packages (from cryptography>=1.9->pyOpenSSL>=16.2.0->-r requirements.txt (line 3))
Requirement already satisfied: asn1crypto>=0.21.0 in /Library/Python/2.7/site-packages (from cryptography>=1.9->pyOpenSSL>=16.2.0->-r requirements.txt (line 3))
Requirement already satisfied: ipaddress; python_version < "3" in /Library/Python/2.7/site-packages (from cryptography>=1.9->pyOpenSSL>=16.2.0->-r requirements.txt (line 3))
Requirement already satisfied: pycparser in /Library/Python/2.7/site-packages (from cffi>=1.7; platform_python_implementation != "PyPy"->cryptography>=1.9->pyOpenSSL>=16.2.0->-r requirements.txt (line 3))
Installing collected packages: pyOpenSSL
Found existing installation: pyOpenSSL 0.13.1
DEPRECATION: Uninstalling a distutils installed project (pyOpenSSL) has been deprecated and will be removed in a future version. This is due to the fact that uninstalling a distutils project will only partially uninstall the project.
Uninstalling pyOpenSSL-0.13.1:
Exception:
Traceback (most recent call last):
File "/Library/Python/2.7/site-packages/pip-9.0.1-py2.7.egg/pip/basecommand.py", line 215, in main
status = self.run(options, args)
File "/Library/Python/2.7/site-packages/pip-9.0.1-py2.7.egg/pip/commands/install.py", line 342, in run
prefix=options.prefix_path,
File "/Library/Python/2.7/site-packages/pip-9.0.1-py2.7.egg/pip/req/req_set.py", line 778, in install
requirement.uninstall(auto_confirm=True)
File "/Library/Python/2.7/site-packages/pip-9.0.1-py2.7.egg/pip/req/req_install.py", line 754, in uninstall
paths_to_remove.remove(auto_confirm)
File "/Library/Python/2.7/site-packages/pip-9.0.1-py2.7.egg/pip/req/req_uninstall.py", line 115, in remove
renames(path, new_path)
File "/Library/Python/2.7/site-packages/pip-9.0.1-py2.7.egg/pip/utils/init.py", line 267, in renames
shutil.move(old, new)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 302, in move
copy2(src, real_dst)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 131, in copy2
copystat(src, dst)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 103, in copystat
os.chflags(dst, st.st_flags)
OSError: [Errno 1] Operation not permitted: '/var/folders/6d/xdknsm5d50gdnnd8zp7771xh0000gn/T/pip-XxIxGh-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pyOpenSSL-0.13.1-py2.7.egg-info'
Results for Linkedin are also showing a sign of false positive as well. Instagram has been addressed on issue #33 . Password used for this particular test is foobar along with my personal email address.
Hi all,
i am facing this json error
i got the same error on linux, windows & docker.
please assist.
Currently the font is set grey after you abort the script on the password prompt.
Even with a bogus email, and the error of "Email not found" it's still able to "login" to sites. A found address and a bogus password also does the same.
ghostproject.fr has cloudflare protections so whenever you test for passwords, it will provide a 503 Response page and report no passwords found
The python codes checks and give login successful to bitbucket and dropbox even user never created and account on bitbucket and the password is not same on the dropbox as give while running the script but it still shows that the login is successful.
I tried the tool and Linkedin everytime gives me a green record,
you can try any non associated email with a password like this 1236547890papa.
Plaintext password was found for
Name : neopets
Traceback (most recent call last):
File "Cr3d0v3r.py", line 123, in <module>
main()
File "Cr3d0v3r.py", line 99, in main
ispwned.parse_data(email,args.np)
File "/root/Cr3dov3r/Core/ispwned.py", line 41, in parse_data
print(C+" โ"+B+" โโโโโ "+W+pp.split(":")[1])
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 6: ordinal not in range(128)
python3.6 Cr3d0v3r.py [email protected]
(I've tried using different emails, but see the same error)
[+] Checking email in public leaks...
Traceback (most recent call last):
File "Cr3d0v3r.py", line 119, in <module>
main()
File "Cr3d0v3r.py", line 99, in main
if ispwned.check(email):
File "/Users/puzanov/src/Cr3dOv3r/ispwned.py", line 7, in check
res = json.loads(req.text)
File "/usr/local/Cellar/python3/3.6.3/Frameworks/Python.framework/Versions/3.6/lib/python3.6/json/__init__.py", line 354, in loads
return _default_decoder.decode(s)
File "/usr/local/Cellar/python3/3.6.3/Frameworks/Python.framework/Versions/3.6/lib/python3.6/json/decoder.py", line 339, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/local/Cellar/python3/3.6.3/Frameworks/Python.framework/Versions/3.6/lib/python3.6/json/decoder.py", line 357, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
In instalation part for linux and windows, the "O" in the filename Cr3dOv3r.py should be a zero "0".
I'm a perfectionist ๐ก๏ธ
Thumbs up for this tiny useful app ๐
When it write out [+] [ StackOF ] Login successful! I tested mannually the site is ask for google captcha
successfully coplete it and go back to StackOF login page. I type credentials again mannually the site says: The email or password is incorrect. (second time don't alert)
Deliberately using the wrong password and getting a false positive with it:
[+] Testing websites with one form (14)!
-[ Vimeo ] Login successful ! #<- No
-[ Ask.fm ] Login unsuccessful!
- Dropbox form data is invalid! please report to us!
-[ Github ] Login successful ! #< Yes
-[ Reddit ] Login unsuccessful!
-[ StackOF ] Login unsuccessful!
-[ Twitter ] Login successful ! #<- No
-[ Bitbucket ] Login successful !
-[ Ebay.com ] Login unsuccessful!
-[ Facebook ] Login unsuccessful!
-[ FourSquare ] Login unsuccessful!
-[ Linkedin ] Login unsuccessful!
-[ Mediafire ] Login successful ! #<- No
-[ Wikipedia ] Login unsuccessful!
[+] Testing websites with two forms (2)!
-[ Google ] Login unsuccessful!
-[ Yahoo ] Email not registered!
always saying Instagram is successful. false positive.
hi ineed to check mall list is Possible
I used the following command:
python Cr3d0v3r.py [email protected]
The script can't be executed because of this:
Traceback (most recent call last):
File "Cr3d0v3r.py", line 123, in
main()
File "Cr3d0v3r.py", line 96, in main
banner()
File "C:\Users\Tony\Desktop\DB\TOOL_Cr3dOv3r-master\Core\utils.py", line 22, in banner
banner = open(os.path.join("Data","banners.txt")).read()
File "C:\Users\Tony\AppData\Local\Programs\Python\Python36\lib\encodings\cp1252.py", line 23, in decode
return codecs.charmap_decode(input,self.errors,decoding_table)[0]
UnicodeDecodeError: 'charmap' codec can't decode byte 0x90 in position 972: character maps to
I've used the Windows, Kali, Ubuntu 16.04, and Docker setup methods and using Python 2 and 3. I always get the same error:
[+] Checking email in public leaks... Traceback (most recent call last): File "Cr3d0v3r.py", line 139, in <module> main() File "Cr3d0v3r.py", line 99, in main if ispwned.check_hackedEmails(email): File "/Cr3dOv3r/Core/ispwned.py", line 9, in check_hackedEmails res = req.json() File "/usr/local/lib/python3.6/site-packages/requests/models.py", line 892, in json return complexjson.loads(self.text, **kwargs) File "/usr/local/lib/python3.6/json/__init__.py", line 354, in loads return _default_decoder.decode(s) File "/usr/local/lib/python3.6/json/decoder.py", line 339, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "/usr/local/lib/python3.6/json/decoder.py", line 357, in raw_decode raise JSONDecodeError("Expecting value", s, err.value) from None json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
Am I missing something?
[+] Testing websites with one form (14)!
-[ Vimeo ] Login successful !
-[ Ask.fm ] Login unsuccessful!
Traceback (most recent call last):
File "Cr3d0v3r.py", line 120, in <module>
main()
File "Cr3d0v3r.py", line 112, in main
print( login( wd ,dic ,email ,pwd ) )
File "Cr3d0v3r.py", line 44, in login
browser.select_form(form)
File "/usr/local/lib/python3.5/dist-packages/mechanicalsoup/stateful_browser.py", line 175, in select_form
raise LinkNotFoundError()
mechanicalsoup.utils.LinkNotFoundError
[+] Checking email in public leaks...
Traceback (most recent call last):
File "Cr3d0v3r.py", line 164, in
main()
File "Cr3d0v3r.py", line 138, in main
if ispwned.check(email):
File "/root/Downloads/Cr3dOv3r/ispwned.py", line 8, in check
res = req.json()
File "/usr/local/lib/python2.7/dist-packages/requests/models.py", line 892, in json
return complexjson.loads(self.text, **kwargs)
File "/usr/lib/python2.7/dist-packages/simplejson/init.py", line 518, in loads
return _default_decoder.decode(s)
File "/usr/lib/python2.7/dist-packages/simplejson/decoder.py", line 370, in decode
obj, end = self.raw_decode(s)
File "/usr/lib/python2.7/dist-packages/simplejson/decoder.py", line 400, in raw_decode
return self.scan_once(s, idx=_w(s, idx).end())
simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
When I execture the following command:
python Cr3d0v3r.pyThe following error appears:
Traceback (most recent call last):
File "Cr3d0v3r.py", line 6, in <module>
from Core import ispwned
File "/GitHub/D4Vinci/Cr3dOv3r/Core/ispwned.py", line 40
SyntaxError: Non-ASCII character '\xe2' in file /GitHub/D4Vinci/Cr3dOv3r/Core/ispwned.py on line 40, but no encoding declared; see http://python.org/dev/peps/pep-0263/ for detailsPls, add the following in the second line of Core/ispwned.py:
# -*- encoding: utf-8 -*-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.