-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathextract_real_credentials.py
More file actions
224 lines (179 loc) · 8.06 KB
/
extract_real_credentials.py
File metadata and controls
224 lines (179 loc) · 8.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
"""
Extract only real, actionable credentials from the scan results.
This script focuses on finding actual username/password pairs and credit card numbers,
filtering out programming code, constants, and other false positives.
"""
import re
import os
def extract_real_credentials():
"""Extract only real credentials from the scan results."""
# Read the recent scan results
results_file = "results.txt"
if not os.path.exists(results_file):
print("❌ Results file not found. Please run the scanner first.")
return
with open(results_file, 'r', encoding='utf-8') as f:
content = f.read()
real_credentials = []
real_credit_cards = []
current_file = None
lines = content.splitlines()
i = 0
while i < len(lines):
line = lines[i].strip()
# Track current file
if line.startswith("File: "):
current_file = line[6:]
i += 1
continue
# Process credential matches
if "[CREDENTIALS]" in line:
# Get the match line
match_line = ""
context_line = ""
# Look for Match: and Context: in the next few lines
j = i + 1
while j < len(lines) and j < i + 5:
if lines[j].strip().startswith("Match: "):
match_line = lines[j].strip()[7:] # Remove "Match: "
elif lines[j].strip().startswith("Context: "):
context_line = lines[j].strip()[9:] # Remove "Context: "
j += 1
# Analyze if this is a real credential
if is_real_credential(match_line, context_line, current_file):
real_credentials.append({
'file': current_file,
'match': match_line,
'context': context_line[:100] + "..." if len(context_line) > 100 else context_line
})
# Process credit card matches
elif "[CREDIT_CARDS]" in line:
# Get the match line
match_line = ""
context_line = ""
# Look for Match: and Context: in the next few lines
j = i + 1
while j < len(lines) and j < i + 5:
if lines[j].strip().startswith("Match: "):
match_line = lines[j].strip()[7:] # Remove "Match: "
elif lines[j].strip().startswith("Context: "):
context_line = lines[j].strip()[9:] # Remove "Context: "
j += 1
# Analyze if this is a real credit card
if is_real_credit_card(match_line, context_line, current_file):
real_credit_cards.append({
'file': current_file,
'match': match_line,
'context': context_line[:100] + "..." if len(context_line) > 100 else context_line
})
i += 1
# Output results
output_file = "ultra_focused_results.txt"
with open(output_file, 'w', encoding='utf-8') as f:
f.write("=" * 70 + "\n")
f.write("ABSCANNER - REAL CREDENTIALS FOUND\n")
f.write("=" * 70 + "\n\n")
if real_credentials:
f.write(f"CREDENTIALS FOUND ({len(real_credentials)}):\n")
f.write("-" * 40 + "\n")
for i, cred in enumerate(real_credentials, 1):
f.write(f"{i}. File: {cred['file']}\n")
f.write(f" Match: {cred['match']}\n")
f.write(f" Context: {cred['context']}\n\n")
else:
f.write("NO REAL CREDENTIALS FOUND\n\n")
if real_credit_cards:
f.write(f"CREDIT CARDS FOUND ({len(real_credit_cards)}):\n")
f.write("-" * 40 + "\n")
for i, cc in enumerate(real_credit_cards, 1):
f.write(f"{i}. File: {cc['file']}\n")
f.write(f" Match: {cc['match']}\n")
f.write(f" Context: {cc['context']}\n\n")
else:
f.write("NO REAL CREDIT CARDS FOUND\n\n")
print(f"✅ Real credentials extracted to: {output_file}")
print(f"📊 Found {len(real_credentials)} unique credentials")
print(f"💳 Found {len(real_credit_cards)} unique credit cards")
# Show summary
if real_credentials:
print("\n🔑 Real Credentials Found:")
for i, cred in enumerate(real_credentials[:5], 1): # Show first 5
print(f" {i}. {cred['match']} (in {os.path.basename(cred['file'])})")
if len(real_credentials) > 5:
print(f" ... and {len(real_credentials) - 5} more")
if real_credit_cards:
print("\n💳 Credit Cards Found:")
for i, cc in enumerate(real_credit_cards, 1):
print(f" {i}. {cc['match']} (in {os.path.basename(cc['file'])})")
def is_real_credential(match, context, filename):
"""Determine if a credential match is likely real."""
if not match or not context:
return False
match_lower = match.lower()
context_lower = context.lower()
# Skip obvious false positives
false_positives = [
# System constants and hex values
'= 0x', 'status_', 'error_', 'mk_e_', 'ns_e_',
'user_all_', 'domain_create_', 'scard_w_',
'sec_e_', 'trust_e_', 'cert_e_', 'crypt_e_',
# Programming constructs
'def ', 'class ', 'import ', 'from ', 'self.',
'unittest', 'testcase', 'test_', 'logging.',
'print(', 'return ', 'args.', 'options.',
'getpass(', 'sys.argv', 'os.getenv', 'config.',
# Variables and placeholders
'entry[', 'session[', 'your_', '_password',
'null', 'none', 'unknown', 'example', 'default',
'placeholder', 'dummy', 'sample',
# Context indicators of code
'entry.', '.value', '.get(', '.entries:', 'connection.',
'if "', 'else:', 'for entry in', 'account_',
# File extensions and paths that indicate code files
'.py', '.js', '.java', '.cs', '.cpp'
]
if any(fp in match_lower or fp in context_lower for fp in false_positives):
return False
# Look for patterns that suggest real credentials
real_patterns = [
# Actual string assignments with quoted values
r'username\s*=\s*["\']([^"\'@]+@[^"\']+|[A-Za-z][A-Za-z0-9_]{3,})["\']',
r'password\s*=\s*["\']([^"\'{]{6,})["\']',
# Configuration file patterns
r'RAPID7_USERNAME\s*=\s*["\']([^"\']+)["\']',
r'RAPID7_PASSWORD\s*=\s*["\']([^"\']+)["\']',
# Connection string patterns
r'(username|user)\s*=\s*[^;,\s]+[;,].*password\s*=\s*[^;,\s]+'
]
# Check if it matches any real credential pattern
full_text = f"{match} {context}"
for pattern in real_patterns:
if re.search(pattern, full_text, re.IGNORECASE):
return True
# Additional checks for likely real credentials
if ('"' in match or "'" in match) and len(match) > 6:
# Quoted strings that are not obvious variables
if not any(var in match_lower for var in ['entry.', 'account_', 'user_', 'session.']):
return True
return False
def is_real_credit_card(match, context, filename):
"""Determine if a credit card match is likely real."""
if not match:
return False
# Skip obvious test numbers
test_patterns = ['1234', '0000', '1111', '2222', '9999']
if any(test in match for test in test_patterns):
return False
# Skip if it's in a code context
if context and any(fp in context.lower() for fp in [
'test_', 'example', 'dummy', 'sample', 'placeholder',
'def ', 'class ', '.py', 'unittest'
]):
return False
# Check if it's a valid credit card pattern
cc_pattern = r'\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|3[0-9]{13}|6(?:011|5[0-9]{2})[0-9]{12})\b'
if re.match(cc_pattern, match.replace(' ', '').replace('-', '')):
return True
return False
if __name__ == "__main__":
extract_real_credentials()