HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

SocialPwned v2.0 - get the emails, from a target, published in social networks

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,623
Solutions
2
Reputation
32
Reaction score
100,456
Points
2,313
Credits
32,750
‎6 Years of Service‎
 
76%
1-1.png


SocialPwned

SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks like Instagram, Linkedin, and Twitter to find the possible credential leaks in PwnDB.

The purpose of this tool is to facilitate the search for vulnerable targets during the phase of Footprinting in Ethical Hacking. It is common for employees of a company to publish their emails in social networks, either professional or personal, so if these emails have their credentials leaked, it is possible that the passwords found have been reused in the environment to be audited. If it’s not the case, at least you would have an idea of the patterns that follow this target to create the passwords and be able to perform other attacks with a higher level of effectiveness.

SocialPwned uses different modules:

    Instagram: Making use of the unofficial Instagram API from @LevPasha, different methods were developed to obtain the emails published by users. An Instagram account is required.
    Linkedin: Using @tomquirk’s unofficial Linkedin API, different methods were developed to obtain a company’s employees and their contact information (email, twitter or phone). In addition, it is possible to add the employees found to your contacts, so that you can later have access to their network of contacts and information. A Linkedin account is required.
    Twint: Using Twint from @twintproject you can track all the Tweets published by a user looking for some email. A Twitter account is not necessary.
    PwnDB: Inspired by the tool PwnDB created by @davidtavarez a module has been developed that searches for all credential leaks from the emails found. In addition, for each email, a POST request is made to HaveIBeenPwned to find out the source of the leak.

Changelog v2.0

    Docker Implementation
    GHunt Module
    Dehashed Module
    Output Enhancement
    Web Scraping Fix in HaveIBeenPwned
    Fixed several bugs

To see this hidden content, you must like this content.
 
Status
Not open for further replies.
Back
Top