Home

Awesome

trape (stable) v2.0

People tracker on the Internet: Learn to track the world, to avoid being traced.


Trape is an OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control their users through their browser, without their knowledge, but It evolves with the aim of helping government organizations, companies and researchers to track the cybercriminals.

--trape header

At the beginning of the year 2018 was presented at BlackHat Arsenal in Singapore: https://www.blackhat.com/asia-18/arsenal.html#jose-pino and in multiple security events worldwide.

Some benefits

30-session recognition

Session recognition is one of trape most interesting attractions, since you as a researcher can know remotely what service the target is connected to.

How to use it

First unload the tool.

git clone https://github.com/jofpin/trape.git
cd trape
python3 trape.py -h

If it does not work, try to install all the libraries that are located in the file requirements.txt

pip3 install -r requirements.txt

Example of execution

Example: python3 trape.py --url http://example.com --port 8080

If you face some problems installing the tool, it is probably due to Python versions conflicts, you should run a Python 2.7 environment :

pip3 install virtualenv
virtualenv -p /usr/bin/python3 trape_env
source trape_env/bin/activate
pip3 install -r requirements.txt
python3 trape.py -h

HELP AND OPTIONS

user:~$ python3 trape.py --help
usage: python3 trape.py -u <> -p <> [-h] [-v] [-u URL] [-p PORT]
                                              [-ak ACCESSKEY] [-l LOCAL]
                                              [--update] [-n] [-ic INJC]

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         show program's version number and exit
  -u URL, --url URL     Put the web page url to clone
  -p PORT, --port PORT  Insert your port
  -ak ACCESSKEY, --accesskey ACCESSKEY
                        Insert your custom key access
  -l LOCAL, --local LOCAL
                        Insert your home file
  -n, --ngrok           Insert your ngrok Authtoken
  -ic INJC, --injectcode INJC
                        Insert your custom REST API path
  -ud UPDATE, --update UPDATE
                        Update trape to the latest version

--url In this option you add the URL you want to clone, which works as a decoy.

--port Here you insert the port, where you are going to run the trape server.

--accesskey You enter a custom key for the trape panel, if you do not insert it will generate an automatic key.

--injectcode trape contains a REST API to play anywhere, using this option you can customize the name of the file to include, if it does not, generates a random name allusive to a token.

--local Using this option you can call a local HTML file, this is the replacement of the --url option made to run a local lure in trape.

--ngrok In this option you can enter a token, to run at the time of a process. This would replace the token saved in configurations.

--version You can see the version number of trape.

--update Option used to upgrade to the latest version of trape.

--help It is used to see all the above options, from the executable.

Disclaimer

This tool has been published educational purposes. It is intended to teach people how bad guys could track them, monitor them or obtain information from their credentials, we are not responsible for the use or the scope that someone may have through this project.

We are totally convinced that if we teach how vulnerable things really are, we can make the Internet a safer place.

Developer

This development and others, the participants will be mentioned with name, Twitter and charge.

Happy hacking!

I invite you, if you use this tool helps to share, collaborate. Let's make the Internet a safer place, let's report.

License

The content of this project itself is licensed under the Creative Commons Attribution 3.0 license, and the underlying source code used to format and display that content is licensed under the MIT license.

Copyright, 2018 by Jose Pino