pepe:從Pastebin收集郵件地址的資訊
pepe是一個基於python的用於從Pastebin收集有關洩露電子郵件地址資訊的指令碼工具。
它會解析Pastebin email:password轉儲並收集有關每個電子郵件地址的資訊。pepe目前支援Google,Trumail,Pipl,FullContact和HaveIBeenPwned。此外,它還允許你向人傳送有關其洩露密碼的資訊郵件,最後每個資訊都會在Elasticsearch中進行進一步的探索。
它只支援一種格式 – email:password。
目前,通知(notification)僅在FullContact上找到匹配時才會工作,然後會向你傳送電子郵件地址和關聯的社交媒體帳戶。
安裝條件
Python 3
FullContact API https://www.fullcontact.com/developer/
Pipl API https://pipl.com/api/
HaveIBeenPwned
SafePush (通知 – 可選 – 正在進行中) https://www.pushsafer.com/
Trumail https://trumail.io/
Gmail account (傳送電子郵件)
Elasticsearch (可選)
pip install -r requirements
Config
{"domains": { #domains to whitelist or blacklist "whitelist": [""], "blacklist": ["yahoo.com"] }, "keys": { #API KEYS "pushsafer": "API_KEY", "fullcontact": "API_KEY", "pipl": "API_KEY" }, "gmail": { #GMAIL credentials and informational message that will be send "username": "[email protected]", "password": "password", "message": "Hey,\n\nI am a security researcher and I want to inform you that your password !PASSWORD! has been leaked and you should change it immediately.\nThis email is part of the research, you can find more about it on https://medium.com/@wojciech\n\nStay safe!"}, "elasticsearch": { #ElasticSearch connection info "host": "127.0.0.1", "port": 9200} }
使用
root@kali:~/PycharmProjects/pepe# python pepe.py -h usage: pepe.py [-h] [--file FILE] [--stream] [--interactive] [--modules MODULES [MODULES ...]] [--elasticsearch] [--whitelist] [--blacklist] ,=. ,=''''==.__.="o".___ ,=.=="___/ ,==.,",, \,==="" <,==)"'"=._.==)`==''`"` clover/snark^ http://ascii.co.uk/art/platypus Post Exploitation Pastebin Emails github.com/woj-ciech medium.com/@woj_ciech Example: python pepe.py --file <dump.txt> --interactive --whitelist python pepe.py --file <dump.txt> --modules hibp google trumail --elasticsearch --blacklist optional arguments: -h, --help顯示幫助資訊並退出 --file FILE載入檔案 --streamStream Pastebin --interactive互動模式 --modules MODULES [MODULES ...] 用於檢查非互動模式的模組 --elasticsearch輸出到ElasticSearch --whitelist白名單列表 --blacklist黑名單列表
示例
互動模式,單獨檢查每個電子郵件並執行特定模組。
root@kali:~/PycharmProjects/pepe# python pepe.py --file paste.txt --interactive --blacklist -----------------------Found email [REDACTED]@hotmail.com with password [REDACTED]----------------------- [A] Add domain hotmail.com to blacklist [T] Test [G] Google search [H] HaveIBeenPwned [P] Pipl [F] FullContact [I] Inform [N] Next > G ---Google Search--- http://[REDACTED] http://[REDACTED] http://[REDACTED] [A] Add domain gmail.com to blacklist [T] Test [G] Google search [H] HaveIBeenPwned [P] Pipl [F] FullContact [I] Inform [N] Next > N -----------------------Found email [REDACTED].[REDACTED]@gmail.com with password [REDACTED]----------------------- [A] Add domain gmail.com to blacklist [T] Test [G] Google search [H] HaveIBeenPwned [P] Pipl [F] FullContact [I] Inform [N] Next > F ---FullContact--- [REDACTED] [REDACTED] https://twitter.com/[REDACTED] https://facebook.com/[REDACTED] https:/linkedin.com/[REDACTED] [A] Add domain gmail.com to blacklist [T] Test [G] Google search [H] HaveIBeenPwned [P] Pipl [F] FullContact [I] Inform [N] Next > P ---Pipl--- Name: [REDACTED] [REDACTED] years old Jobs: Quality Control [REDACTED] (since 2018) [REDACTED] Review [REDACTED] (2017-2018) [REDACTED] Attorney [REDACTED] (2017-2018) [REDACTED] Attorney at [REDACTED] (2017-2017) ... [REDACTED] (2012-2012) [REDACTED] Assistant at [REDACTED] (2012-2012) Author/Founder at [REDACTED] (2009-2011) https://www.linkedin.com/in/[REDACTED] http://www.facebook.com/people/[REDACTED] http://twitter.com/[REDACTED] http://pinterest.com/[REDACTED] https://plus.google.com/[REDACTED] ... [REDACTED]
非互動模式,僅針對電子郵件地址執行所選模組。
root@kali:~/PycharmProjects/# python pepe.py --file pastetest.txt --blacklist --modules hibp google fullcontact trumail --elasticsearch -----------------------Found email [REDACTED]@hotmail.com with password [REDACTED]----------------------- ---Google Search--- https://pastebin.com/[REDACTED] ---Have I Been Pwned--- LinkedIn ---FullContact--- No results ---Trumail--- Email test passed -----------------------Found email charlie.[REDACTED]@live.com with password [REDACTED]----------------------- ---Google Search--- https://justpaste.it/[REDACTED] https://pastebin.com/[REDACTED] ---Have I Been Pwned--- MyHeritage RiverCityMedia Tumblr YouveBeenScraped ---FullContact--- Charlie [REDACTED] https://twitter.com/[REDACTED] [REDACTED] ---Trumail--- Email test passed -----------------------Found email [REDACTED].[REDACTED]@gmail.com with password [REDACTED]----------------------- ---Google Search--- http://[REDACTED] http://[REDACTED] http://[REDACTED] https://pastebin.com/[REDACTED] ---Have I Been Pwned--- BTSec Exactis HauteLook Houzz LinkedIn ---FullContact--- [REDACTED] [REDACTED] https://www.facebook.com/[REDACTED] [REDACTED] ---Trumail--- Email test passed -----------------------Found email [REDACTED].[REDACTED]@gmail.com with password [REDACTED]----------------------- ---Google Search--- https://[REDACTED] https://[REDACTED] https://[REDACTED] https://pastebin.com/[REDACTED] ---Have I Been Pwned--- Lastfm LinkedIn MySpace Trillian Tumblr ---FullContact--- [REDACTED] [REDACTED] [REDACTED]. https://www.facebook.com/[REDACTED] https://plus.google.com/[REDACTED] https://www.linkedin.com/in/[REDACTED] http://www.pinterest.com/[REDACTED] https://twitter.com/[REDACTED] https://youtube.com/user/[REDACTED] [REDACTED]
相關截圖