Sinisterly
Credmap ~ Credential Reuse tool - Printable Version

+- Sinisterly (https://sinister.ly)
+-- Forum: Computers (https://sinister.ly/Forum-Computers)
+--- Forum: Antivirus & Protection (https://sinister.ly/Forum-Antivirus-Protection)
+--- Thread: Credmap ~ Credential Reuse tool (/Thread-Credmap-Credential-Reuse-tool)



Credmap ~ Credential Reuse tool - S3xySmurf - 01-04-2018

Credmap is an open source tool that was created to bring awareness to the dangers of credential reuse. It is capable of testing supplied user credentials on several known websites to test if the password has been reused on any of these.

https://github.com/lightos/credmap

https://github.com/lightos/credmap/wiki


RE: Credmap ~ Credential Reuse tool - Synthx - 01-04-2018

This looks like a very nice and useful tool! I might use it sometime soon, thanks for the awesome tool!

Edit: for the share of the tool, lol.


RE: Credmap ~ Credential Reuse tool - mothered - 01-04-2018

Generally speaking, It's a commonality for users to use the same login credentials on most (If not all) of their online accounts.

In terms of the website per se, disallowing credential reuse and Implementing password complexity requirements should be a mandatory security measure In all (major) corporations. Unfortunately, It's not. During my exploitations, I've come across Fortune 500 companies who've neglected to Implement both, with some (In their back-end) failing to even prompt for the currently-used password when making changes to the account.

Appreciate the contribution, I'll certainly check this out.


RE: Credmap ~ Credential Reuse tool - LeZ1Cbd - 04-03-2019

(01-04-2018, 10:12 AM)mothered Wrote: Generally speaking, It's a commonality for users to use the same login credentials on most (If not all) of their online accounts.

In terms of the website per se, disallowing credential reuse and Implementing password complexity requirements should be a mandatory security measure In all (major) corporations. Unfortunately, It's not. During my exploitations, I've come across Fortune 500 companies who've neglected to Implement both, with some (In their back-end) failing to even prompt for the currently-used password when making changes to the account.

Appreciate the contribution, I'll certainly check this out.

Exactly,
I'll definitely check this out as well