发布于2022年11月4日3年前 如何使用SocialPwned收集各种凭证、邮件和Google账号信息 关于SocialPwnedSocialPwned是一款功能强大的OSINT公开资源情报收集工具,该工具可以帮助广大研究人员从Instagram、Linkedin和Twitter等社交网络上收集目标用户相关的电子邮件信息,然后再从PwnDB或Dehashed中查找可能存在的凭证泄漏,最后再通过GHunt来获取目标用户相关的Google账号信息。该工具的目的不仅是为了保护用户的个人数据及隐私安全,而且也是在保护企业的安全。因为,公司员工在社交网络上发布电子邮件地址或相关信息是很常见的。因此,如果这些电子邮件的凭据被泄露的话,那么泄漏的密码可能已经被网络犯罪分子在目标环境中重新使用了。如果泄漏的凭证没有被不法分子所利用的话,SocialPwned的扫描发现也可以帮助你及时修改账号凭证的密码或创建密码的模式,以保护账号的安全。使用的APIInstagram APILinkedin APITwintPwnDBGHunt工具安装自动化安装$ service docker start $ docker pull mrtuxx/socialpwned $ docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --help注意:这种方法需要我们在本地设备上安装并配置好Docker服务。手动安装首先,我们需要在本地系统上安装并配置好Tor依赖组件,下面的命令可以在Debian上完成上述任务:$ sudo apt-get install tor $ /etc/init.d/tor start接下来,使用Git命令将该项目源码克隆至本地,并安装相关的依赖组件:$ git clone https://github.com/MrTuxx/SocialPwned.git $ cd SocialPwned $ sudo pip3 install --user --upgrade git+https://github.com/twintproject/twint.git@origin/master#egg=twint $ sudo pip3 install -r requirements.txt $ sudo python3 socialpwned.py --credentials credentials.json --help工具使用如需使用Instagram和Linkedin的功能,你则需要在每个社交网络上创建一个帐户。此时,必须在JSON文件中提供对应平台的账号凭据:{ "instagram":{ "username":"username", "password":"password" }, "linkedin":{ "email":"email", "password":"password" }, "ghunt":{ "SID":"SID", "SSID":"SSID", "APISID":"APISID", "SAPISID":"SAPISID", "HSID":"HSID" }, "dehashed":{ "email":"email", "apikey":"apikey" } }工具使用帮助usage: socialpwned.py [-h] --credentials CREDENTIALS [--pwndb] [--tor-proxy PROXY] [--instagram] [--info QUERY] [--location LOCATION_ID] [--hashtag-ig QUERY] [--target-ig USERNAME] [--search-users-ig QUERY] [--my-followers] [--my-followings] [--followers-ig] [--followings-ig] [--linkedin] [--company COMPANY_ID] [--search-companies QUERY] [--employees] [--my-contacts] [--user-contacts USER_ID] [--search-users-in QUERY] [--target-in USERNAME] [--add-contacts] [--add-a-contact USER_ID] [--twitter] [--limit LIMIT] [--year YEAR] [--since DATE] [--until DATE] [--profile-full] [--all-tw] [--target-tw USERNAME] [--hashtag-tw USERNAME] [--followers-tw] [--followings-tw] [--ghunt] [--email-gh [email protected]] [--dehashed] [--email-dh [email protected]]如果你想拉取Docker镜像的话,可以使用下列命令:docker run -v $(pwd)/<YOUR CREDENTIALS JSON FILE>:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json <COMMANDS>工具输出格式SocialPwned的每一次执行,都会生成如下所示的目录文档结构:output └── session_year_month_day_time ├── dehashed │ ├── raw_dehashed.txt │ └── socialpwned_dehashed.txt ├── emails │ └── socialpwned_emails.txt ├── instagram │ └── socialpwned_instagram.txt ├── linkedin_userames │ ├── first.last.txt │ ├── firstl.txt │ ├── first.txt │ ├── f.last.txt │ ├── flast.txt │ ├── lastf.txt │ └── rawnames.txt ├── pwndb │ ├── passwords_pwndb.txt │ ├── pwndb.txt │ └── socialpwned_pwndb.txt ├── socialpwned.json └── twitter └── socialpwned_twitter.txt工具使用演示Instagram操作命令:docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --instagram --info España docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --instagram --location 832578276 docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --instagram --hashtag-ig someHashtag --pwndb docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --instagram --target-ig username --pwndb docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --instagram --target-ig username --followers-ig --followings-ig --pwndbLinkedIn操作命令:docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --linkedin --search-companies "My Target" docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --linkedin --search-companies "My Target" --employees --pwndb docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --linkedin --company 123456789 --employees --pwndb docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --linkedin --company 123456789 --employees --add-contacts docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --linkedin --user-contacts user-id --pwndb docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --linkedin --user-contacts user-id --add-contactsTwitter操作命令:docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --twitter --hashtag-tw someHashtag --pwndb --limit 200 --dehashed docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --twitter --target-tw username --all-tw --pwndb --dehashed --ghunt docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --twitter --target-tw username --all-tw --followers-tw --followings-tw --pwndb邮件数据收集(GHunt)操作命令:docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --ghunt --email-gh "[email protected]"凭证数据收集(哈希)操作命令:docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --dehashed --email-dh "[email protected]"联合查询docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --instagram --target-ig username --followers-ig --followings-ig --linkedin --company 123456789 --employees --twitter --target-tw username --all-tw --pwndb --ghunt --dehashed docker run -v $(pwd)/credentials.json:/socialpwned/credentials.json -v $(pwd)/output:/socialpwned/output -it mrtuxx/socialpwned socialpwned.py --credentials credentials.json --instagram --target-ig username --linkedin --target-in username --twitter --target-tw username --all-tw --pwndb --ghunt --dehashed工具演示视频视频地址:https://www.you*tube.com/watch?v=ErHzZN5QFHo项目地址SocialPwned:【GitHub传送门】参考资料https://github.com/mxrch/GHunt#manual-installationhttps://github.com/mxrch/GHunt#where-i-find-these-5-cookies-https://github.com/LevPasha/Instagram-API-pythonhttps://github.com/tomquirk/linkedin-apihttps://github.com/twintproject/twinthttps://github.com/davidtavarez/pwndbhttps://github.com/mxrch/GHunt本文作者:Alpha_h4ck
创建帐户或登录后发表意见