Trape V2.0 - People Tracker On The Internet: Osint Analysis In Addition To Inquiry Tool


Trape is a OSINT analysis in addition to query tool, which allows people to rails in addition to execute intelligent social engineering attacks inwards existent time. It was created amongst the aim of teaching the footing how large Internet companies could obtain confidential information such every bit the condition of sessions of their websites or services in addition to command over their users through the browser, without them knowing, but It evolves amongst the aim of helping government organizations, companies in addition to researchers to rails the cybercriminals.

At the commencement of the yr 2018 was presented at BlackHat Arsenal inwards Singapore: https://www.blackhat.com/asia-18/arsenal.html#jose-pino in addition to inwards multiple safety events worldwide.

Some benefits
  • LOCATOR OPTIMIZATION: Trace the path betwixt you lot in addition to the target you're tracking. Each fourth dimension you lot brand a move, the path volition survive updated, past times way of this the location of the target is obtained silently through a bypass made inwards the browsers, allowing you lot non to skip the location asking permit on the victim's side , objective or someone in addition to at the same fourth dimension keep a precision of 99% inwards the locator.

  • APPROACH: When you're to a greater extent than or less the target, Trape volition say you.
  • REST API: Generates an API (random or custom), in addition to through this you lot tin flame command in addition to monitor other Web sites on the Internet remotely, getting the traffic of all visitors.
  • PROCESS HOOKS: Manages social applied scientific discipline attacks or processes inwards the target's browser.
    --- SEVERAL: You tin flame number a phishing gear upwards on of whatsoever domain or service inwards real time every bit good every bit post malicious files to compromise the device of a target.
    --- INJECT JS: You continue the JavaScript code running costless inwards existent time, in addition to thence you lot tin flame handle the execution of a keylogger or your ain custom functions inwards JS which volition survive reflected inwards the target's browser.
    --- SPEECH: Influenza A virus subtype H5N1 procedure of good creation is maintained which is played inwards the browser of the objective, past times way of this you lot tin flame execute personalized messages inwards unlike voices amongst languages inwards Castilian in addition to English.
  • PUBLIC NETWORK TUNNEL: Trape has its ain API that is linked to ngrok.com to allow the automatic management of world network tunnels; By this you lot tin flame release your content of trape server executed locally to the Internet, to handle hooks or world attacks.
  • CLICK ATTACK TO GET CREDENTIALS: Automatically obtains the target credentials, recognizing your connectedness availability on a social network or Internet service.
  • NETWORK: You tin flame larn information most the user's network.
    --- SPEED: Viewing the target's network speed. (Ping, download, upload, type connection)
    --- HOSTS OR DEVICES: Here you lot tin flame larn a scan of all the devices that are connected inwards the target network automatically.
  • PROFILE: Brief summary of the target's deportment in addition to of import additional information most your device.
    --- GPU --- ENERGY

30-session recognition
Session recognition is i of trape most interesting attractions, since you lot every bit a researcher tin flame know remotely what service the target is connected to.

  • USABILITY: You tin flame delete logs in addition to sentiment alerts for each procedure or activeness you lot run against each target.

How to utilization it
First unload the tool.
git clone https://github.com/jofpin/trape.git cd trape python trape.py -h
If it does non work, crusade to install all the libraries that are located inwards the file requirements.txt
pip install -r requirements.txt
Example of execution
Example: python trape.py --url http://example.com --port 8080
HELP AND OPTIONS
user: $ python trape.py --help usage: python trape.py -u <> -p <> [-h] [-v] [-u URL] [-p PORT]                                               [-ak ACCESSKEY] [-l LOCAL]                                               [--update] [-n] [-ic INJC]  optional arguments:   -h, --help            demonstrate this assistance message in addition to larn out   -v, --version         demonstrate program's version number in addition to larn out   -u URL, --url URL     Put the spider web page url to clone   -p PORT, --port PORT  Insert your port   -ak ACCESSKEY, --accesskey ACCESSKEY                         Insert your custom cardinal access   -l LOCAL, --local LOCAL                         Insert your habitation file   -n, --ngrok           Insert your ngrok Authtoken   -ic INJC, --injectcode INJC                         Insert your custom REST API path   -ud UPDATE, --update UPDATE                         Update trape to the latest version
--url In this selection you lot add together the URL you lot utilization to clone Live, which plant every bit a decoy.
--port Here you lot insert the port, where you lot are going to run the trape server.
--accesskey You larn inwards a custom cardinal for the trape panel, if you lot produce non insert it volition generate an automatic key.
--injectcode trape contains a REST API to play anywhere, using this selection you lot tin flame customize the hollo of the file to include, if it does not, generates a random hollo allusive to a token.
--local Using this selection you lot tin flame telephone phone a local HTML file, this is the replacement of the --url selection made to run a local lure inwards trape.
--ngrok In this selection you lot tin flame larn inwards a token, to run at the fourth dimension of a process. This would supersede the token saved inwards configurations.
--version You tin flame run across the version number of trape.
--update Option peculiarly to upgrade to the latest version of trape.
--help It is used to run across all the to a higher house options, from the executable.

Disclaimer
This tool has been published educational purposes inwards lodge to learn people how bad guys could rails them or monitor them or obtain information from their credentials, nosotros are non responsible for the utilization or the compass that may bring the People through this project.
We are totally convinced that if nosotros learn how vulnerable things are, nosotros tin flame brand the Internet a safer place.

Developer
This evolution in addition to others, the participants volition survive mentioned amongst name, Twitter in addition to charge.
  • CREATOR
    --- Jose Pino - @jofpin - (Security Researcher)