Skip to content
This repository has been archived by the owner on May 28, 2023. It is now read-only.

lapolis/ScavengingTheScavenger

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ScavengingTheScavenger

Lazy way to gather dumped credentials.


Hey everyone!

Recently, I stumbled across an interesting Twitter account called @leak_scavenger. After a bit of research (clicking on all the links I could find) I realised that it is an open-source OSINT bot residing here on GitHub and its name is Scavenger.

So, who the hell coded this amazing bot? @rnd_infosec_guy did!
Why the hell am I telling you this? Well, because I just finished coding "Scavenging The Scavenger".
Wtf is that? Scavenging The Scavenger is a simple Twitter scraper using Twitter API that constantly checks @leak_scavenger tweets for dumps containing credentials.

This is a very basic script, let's just call it... "something that just works" (I apologise to all the real devs out there :P).

Installation

This script has been developed and tested on Arch and Headless Debian Server but you are free to use it anywhere.

pip3 install -r requirements.txt

You will also need to install Firefox and have a copy of geckodriver in your PATH. Why? I am using selenium, even though it is slow af (compared to requests), it was the only (easy) way (I could come up with (for now)) to access ghostbin.

After installing everything, you need to put your Twitter developer keys in the file tweet_API.conf. If you want me to implement a safer way to do this part, just ask.

Run

Use Python >= 3.7 and, if needed, specify the full path of your Firefox binary file (not the bash file redirecting to the binary, nor the symbolic link).

python3 scavengingTheScavenger_1.0.py

or

python3.7 scavengingTheScavenger_1.0.py -f /usr/lib/firefox-esr/firefox-esr

It will create a folder called dumps used to store all the downloaded dumps in txt format. It will also create 2 more files used to log the paste already downloaded and the errors encountered ( pasteList.txt and errors.txt ).

TODO

Well, find a way to store everything nicely on a db. It will take time.