Scythe Framework is an amazing tool that you can use to find out which sites are a person using. It is definitely a great tool for Social Engineering. This tool is designed to make it simple to perform account enumeration as part of security testing. The framework offers the ability to easily create new modules (XML files) and speed up the testing process.
Note: Download link is at the end of this article.
This tool was created with 2 main use cases in mind:
- The ability to test a range of email addresses across a range of sites (e.g. social media, blogging platforms, etc...) to find where those targets have active accounts. This can be useful in a social engineering test where you have email accounts for a company and want to list where these users have used their work email for 3rd party web based services.
- The ability to quickly create a custom test case module and use it to enumerate for a list of active accounts. Using either a list of known usernames, email addresses, or a dictionary of common account names.
Usage
- List available modules
./scythe.py -l
- Check account list against facebook
- Check account list against facebook (using threads, w/ summary output)
- Check account list against all modules in the social and blogs categories (w/ summary output)
- Check specific accounts against facebook
- Check account list against facebook (output to logfile)
- Check accounts on the command line against Wordpress.com (3 retries, 60-second retry wait)
You might also like:
Scythe Framework - An Account Enumeration Tool
Reviewed by AC10 Tech
on
Sunday, March 26, 2017
Rating:
Reviewed by AC10 Tech
on
Sunday, March 26, 2017
Rating:
No comments: