UNDERCODE COMMUNITY

🦑 Social Engineering

Trape is a powerful OSINT and research tool for tracking and executing advanced social engineering techniques. It demonstrates how large corporations might exploit user data and browser vulnerabilities. Initially designed to educate about privacy risks, Trape has evolved into a tool for cybersecurity professionals and researchers to combat cybercrime.

### Key Features

#### Locator Optimization
- Tracks the target's location with 99% precision.
- Updates the path dynamically and bypasses location prompts on the target's browser.

#### REST API
- Generates customizable APIs for remote monitoring of website traffic.
- Facilitates the management of browser interactions.

#### Process Hooks
- Enables real-time phishing attacks.
- Sends malicious files to compromise targets.
- Executes custom JavaScript functions, such as keyloggers.
- Plays custom audio messages in multiple languages.

#### Public Network Tunnel
- Integrates with Ngrok to create public tunnels for managing remote attacks.

#### Credential Harvesting
- Captures target credentials during social engineering attempts.

#### Network Analysis
- Provides details on:
- Network speed (ping, upload, download).
- Connected devices and hosts.

#### Session Recognition
- Identifies active sessions and the services targets are connected to.

#### Target Profiling
- Summarizes target behavior and device information, including GPU and battery status.

---

### Usage Instructions

#### Installation
1. Clone the repository:

   git clone https://github.com/jofpin/trape.git
   cd trape

2. Install dependencies:

   pip3 install -r requirements.txt

#### Execution
- Example command:

  python3 trape.py --url http://example.com --port 8080

- For compatibility issues, use a Python 2.7 virtual environment:

  pip3 install virtualenv
  virtualenv -p /usr/bin/python3 trape_env
  source trape_env/bin/activate
  pip3 install -r requirements.txt

#### Options
| Option | Description |
|------------------|-----------------------------------------------------------|
| --url | URL to clone for the decoy site. |
| --port | Port for running the Trape server. |
| --accesskey | Custom key for panel access. |
| --injectcode | Custom name for REST API paths. |
| --local | Use a local HTML file as a decoy. |
| --ngrok | Token for Ngrok integration. |
| --update | Updates Trape to the latest version. |
| --help | Displays available options. |

---

### Ethical Use
Trape is a tool intended for education, research, and authorized cybersecurity activities. Misusing this tool for unauthorized attacks violates ethical standards and legal regulations. Always obtain explicit consent before conducting any tests.

GitHub

GitHub - jofpin/trape: People tracker on the Internet: OSINT analysis and research tool by Jose Pino

People tracker on the Internet: OSINT analysis and research tool by Jose Pino - jofpin/trape

11 viewsUNDERCODER, 04:44

UNDERCODE COMMUNITY

Forwarded from Exploiting Crew (Pr1vAt3)

🦑Possible Signs of DDoS
Common indicators of DDoS attacks include:

● Sudden influx of requests to a specific endpoint or webpage

● Sudden spike of traffic that occurs at regular intervals or at unusual time frames
from a single IP address or multiple IP addresses

● Unusually slow network or Wi-Fi performance

● Sluggish application performance

● Prolonged inability to access websites or system files

● High processor and memory usage

● Frequent disconnection from wireless or wired internet connection

● Increased volume of spam emails

11 viewsUNDERCODER, 05:07

UNDERCODE COMMUNITY

Forwarded from Exploiting Crew (Pr1vAt3)

🦑How does DDoS Work?

While the goal of a DDoS attack is to overwhelm a target system, the tools, tactics and procedures (TTPs) employed could differ.

There are three broad categories of DDoS :

Volumetric DDoS Attacks
This category of attacks attempts to overwhelm the target system and create congestion by generating large volumes of traffic and consuming all available
bandwidth of the target.

Volumetric attacks can be achieved through simple flooding techniques, such as User Datagram Protocol (UDP) or Internet Control Message Protocol (ICMP) flooding, where the attacker sends a large number of network requests to the target system

10 viewsUNDERCODER, 05:07

UNDERCODE COMMUNITY

Forwarded from Exploiting Crew (Pr1vAt3)

1⃣ The most common example of a volumetric attack is called a Domain Name System

(DNS) Amplification attack. As shown in Figure 1, an attacker substantially amplifies
the DNS response to the target by sending specially crafted DNS requests to a public

》DNS server using a spoofed IP address. When done at a larger scale with the help of botnets, the influx of DNS responses can significantly impact the performance or shut
down the target server

10 viewsUNDERCODER, 05:07

UNDERCODE COMMUNITY

Forwarded from Exploiting Crew (Pr1vAt3)

2⃣ Protocol-based DDoS Attacks
This category of attacks attempts to render a target inaccessible by exploiting specific weaknesses in the targeted system's Layer 3 (Network Layer) or Layer 4 (Transport Layer) network protocol stack. These attacks aim to disrupt the normal function of the
targeted system by exploiting vulnerabilities in the way the system handles incoming requests

9 viewsUNDERCODER, 05:07

UNDERCODE COMMUNITY

Forwarded from Exploiting Crew (Pr1vAt3)

3⃣ Application Layer DDoS Attacks:

This category of attack targets specific vulnerabilities in the targeted system's Layer 7
(Application Layer) network protocol stack, such as a web server or a database.

》This type of attack aims to disrupt the normal function of the targeted system by sending a high volume of requests to specific application functions or features. Application Layer attacks are sophisticated and challenging to identify and mitigate, as they often appear
as legitimate requests, and security measures such as firewalls may not be able to
help distinguish them from genuine traffic

10 viewsUNDERCODER, 05:07

About

Blog

Apps

Platform