Home / Audit Passwords / Capture / Facebook Password / java / Linux / Mac / shard / Shared Passwords / Twitter Password / Windows / shard - A Command Line Tool To Detect Shared Passwords

shard - A Command Line Tool To Detect Shared Passwords

| Post sponsored by FaradaySEC | Multiuser Pentest Environment

A command line tool to detect shared passwords

Usage
List options: 
$ java -jar shard-1.2.jar --help
Shard 1.2
Usage: java -jar shard-1.2.jar [options]

  -u, --username <value>  Username to test
  -p, --password <value>  Password to test
  -f, --file <value>      File containing a set of credentials
  --format <value>        The format of the credentials. Must be a regular expression with 2 capture groups. The first capture group for the username and the second capture group for the password. Defaults to a regex that will match:
    "username":"password"
  -l, --list              List available modules
  -v, --version <value>   Print the version
  --help                  prints java -jar shard-1.2.jar -u username-here -p password-herethis usage text
List available modules: 
$ java -jar shard-1.2.jar -l
Available modules:
        Facebook
        LinkedIn
        Reddit
        Twitter
        Instagram
The master branch has modules for GitHub, BitBucket, and Kijiji as well.

Examples
Given a username and password shard will attempt to authenticate with multiple sites: 
$ java -jar shard-1.2.jar -u username-here -p password-here
21:16:25.950 [+] Running in single credential mode
21:16:30.302 [+] username-here:password-here - Reddit, Instagram
To test multiple credentials supply a filename. By default this expects one credential per line in the format "username":"password" . Custom formats can be supplied with the --format option 
$ java -jar shard-1.2.jar -f /tmp/creds.txt
21:16:39.501 [+] Running in multi-credential mode
21:16:39.516 [+] Parsed 2 credentials
21:16:42.794 [+] username1:password1 - Reddit, Instagram
21:16:45.189 [+] username2:password2 - Facebook, LinkedIn, Twitter

Installation
Grab the latest release from the release tab , which was built as a fat jar using sbt assembly.
or
Build it yourself using sbt, sbt assembly

Developing a new module
Adding a new module is easy. Create a new class that inherits from AbstractModule in the module package and add the module to the ModuleFactory .
The AbstractModule has one abstract method: 
  def tryLogin(creds: Credentials): Boolean
This method takes a Credentials object and returns a boolean indicating a successful login. I recommend using the TwitterModule as an template.
Dependencies:
  • JSoup is used for HTTP communication and HTML parsing
  • spray-json is used for handling json


shard - A Command Line Tool To Detect Shared Passwords shard - A Command Line Tool To Detect Shared Passwords Reviewed by Zion3R on 7:11 PM Rating: 5