Trape is a OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time.
It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control over their users through the browser, without them knowing, but It evolves with the aim of helping government organizations, companies and researchers to track the cyber criminals.
- One of its most enticing functions is the remote recognition of sessions. You can know where a person has logged in, remotely. This occurs through a Bypass made to the Same Origin Policy (SOP)
- Currently you can try everything from a web interface. (The console, becomes a preview of the logs and actions)
- Registration of victims, requests among other data are obtained in real time.
- If you get more information from a person behind a computer, you can generate a more direct and sophisticated attack. Trape was used at some point to track down criminals and know their behavior.
- You can do real time phishing attacks
- Simple hooking attacks
- Important details of the objective
- Capturing credentials
- Open Source Intelligence (OSINT)
Recognizes the sessions of the following services
- Foursquare (new)
- Airbnb (new)
- Hackernews (new)
- Slack (new)
How to use it
First unload the tool.
git clone https://github.com/boxug/trape.git cd trape python trape.py -h
If it does not work, try to install all the libraries that are located in the file requirements.txt
pip install -r requirements.txt
Example of execution
Example: python trape.py --url http://example.com --port 8080
- In the option –url you must put the lure, can be a news page, an article something that serves as a presentation page.
- In the –port option you just put the port where you want it to run
- Do you like to monitor your people? Everything is possible with Trape
- Do you want to perform phishing attacks? Everything is possible with Trape
- In the Files directory, located on the path: /static/files here you add the files with .exe extension or download files sent to the victim.