Published on July 15th, 2016 📆 | 7034 Views ⚑0
shard – A Command Line Tool To Detect Shared Passwords
Text to Voice
A command line tool to detect shared passwords
$ java -jar shard-1.2.jar --help Shard 1.2 Usage: java -jar shard-1.2.jar [options] -u, --username <value> Username to test -p, --password <value> Password to test -f, --file <value> File containing a set of credentials --format <value> The format of the credentials. Must be a regular expression with 2 capture groups. The first capture group for the username and the second capture group for the password. Defaults to a regex that will match: "username":"password" -l, --list List available modules -v, --version <value> Print the version --help prints java -jar shard-1.2.jar -u username-here -p password-herethis usage text
List available modules:
$ java -jar shard-1.2.jar -l Available modules: Facebook LinkedIn Reddit Twitter Instagram
The master branch has modules for GitHub, BitBucket, and Kijiji as well.
Given a username and password shard will attempt to authenticate with multiple sites:
$ java -jar shard-1.2.jar -u username-here -p password-here 21:16:25.950 [+] Running in single credential mode 21:16:30.302 [+] username-here:password-here - Reddit, Instagram
To test multiple credentials supply a filename. By default this expects one credential per line in the format
"username":"password" . Custom formats can be supplied with the
$ java -jar shard-1.2.jar -f /tmp/creds.txt 21:16:39.501 [+] Running in multi-credential mode 21:16:39.516 [+] Parsed 2 credentials 21:16:42.794 [+] username1:password1 - Reddit, Instagram 21:16:45.189 [+] username2:password2 - Facebook, LinkedIn, Twitter
Grab the latest release from the release tab , which was built as a fat jar using sbt assembly.
Build it yourself using sbt,
Developing a new module
Adding a new module is easy. Create a new class that inherits from
AbstractModule in the module package and add the module to the
The AbstractModule has one abstract method:
def tryLogin(creds: Credentials): Boolean
This method takes a Credentials object and returns a boolean indicating a successful login. I recommend using the TwitterModule as an template.
- JSoup is used for HTTP communication and HTML parsing
- spray-json is used for handling json