credcheck: Credentials Checking Framework
CredCheck - A credential Pentesting framework
I had a lot of keys while testing multiple targets, testing them is a tedious task. There are three steps to test if a key is working.
You need to first find out the right documentation for respective keys.
Then you go and test if those docs are working on the key.
Then you need to find out whats the response need to be for valid credentials.
During this exercise, you’ll face the following problem
Finding correct service and documentation for the key.
Method and param setting for simple curl requests to test the key.
response checking — working key response vs invalid key response.
This thing can take from 5 Minutes to 30 minutes for a single service. Every security researcher doing the same thing this would waste everyone’s time. Hence decided to automate that process. I started searching if any such project exists open-source, found out Keyhacks It’s an awesome collection of one-liners curl requests for key validation. I dropped the idea at first and started using Keyhacks for my workflow but I needed something to automate the process so I decided to create a framework where anyone can add new API key service without needing to write code, also framework should be extendable for other Credential checking such as private key over SSH protocol or cryptocurrency Address over Blockchain.
- Check the credentials of a given target.
- Check credentials passivly(using regex).
- CMD-line script.
- Use as library
Copyright (c) 2019 github.com/secxena Credcheck