Name already in use
Work fast with our official CLI. Learn more about the CLI.
Sign In Required
Please sign in to use Codespaces.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching Xcode
If nothing happens, download Xcode and try again.
Launching Visual Studio Code
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
Latest commit
Git stats
Files
Failed to load latest commit information.
README.md
trape (stable) v2.0
People tracker on the Internet: Learn to track the world, to avoid being traced.
Trape is an OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control their users through their browser, without their knowledge, but It evolves with the aim of helping government organizations, companies and researchers to track the cybercriminals.
At the beginning of the year 2018 was presented at BlackHat Arsenal in Singapore: https://www.blackhat.com/asia-18/arsenal.html#jose-pino and in multiple security events worldwide.
- LOCATOR OPTIMIZATION: Trace the path between you and the target you’re tracking. Each time you make a move, the path will be updated, the location of the target is obtained silently through a bypass made in the browsers, allowing you to skip the location request on the victim’s side, and at the same time maintain a precision of 99% in the locator.
- APPROACH: When you’re close to the target, Trape will tell you.
- REST API: Generates an API (random or custom), and through this you can control and monitor other Web sites on the Internet remotely, getting the traffic of all visitors.
PROCESS HOOKS: Manages social engineering attacks or processes in the target’s browser.
— SEVERAL: You can issue a phishing attack of any domain or service in real time as well as send malicious files to compromise the device of a target.
— INJECT JS: You keep the JavaScript code running free in real time, so you can manage the execution of a keylogger or your own custom functions in JS which will be reflected in the target’s browser.
— SPEECH: A process of audio creation is maintained which is played in the browser of the target, by means of this you can execute personalized messages in different voices with languages in Spanish and English.
PUBLIC NETWORK TUNNEL: Trape has its own API that is linked to ngrok.com to allow the automatic management of public network tunnels; So you can publish the content of your trape server which is executed locally to the Internet, to manage hooks or public attacks.
- CLICK ATTACK TO GET CREDENTIALS: Automatically obtains the target credentials, recognizing your connection availability on a social network or Internet service.
NETWORK: You can get information about the user’s network.
— SPEED: Viewing the target’s network speed. (Ping, download, upload, type connection)
— HOSTS OR DEVICES: Here you can get a scan of all the devices that are connected in the target network automatically.
PROFILE: Brief summary of the target’s behavior and important additional information about your device.
— GPU — ENERGY
Session recognition is one of trape most interesting attractions, since you as a researcher can know remotely what service the target is connected to.
- USABILITY: You can delete logs and view alerts for each process or action you run against each target.
First unload the tool.
If it does not work, try to install all the libraries that are located in the file requirements.txt
Example of execution
If you face some problems installing the tool, it is probably due to Python versions conflicts, you should run a Python 2.7 environment :
HELP AND OPTIONS
—url In this option you add the URL you want to clone, which works as a decoy.
—port Here you insert the port, where you are going to run the trape server.
—accesskey You enter a custom key for the trape panel, if you do not insert it will generate an automatic key.
—injectcode trape contains a REST API to play anywhere, using this option you can customize the name of the file to include, if it does not, generates a random name allusive to a token.
—local Using this option you can call a local HTML file, this is the replacement of the —url option made to run a local lure in trape.
—ngrok In this option you can enter a token, to run at the time of a process. This would replace the token saved in configurations.
—version You can see the version number of trape.
—update Option used to upgrade to the latest version of trape.
—help It is used to see all the above options, from the executable.
This tool has been published educational purposes. It is intended to teach people how bad guys could track them, monitor them or obtain information from their credentials, we are not responsible for the use or the scope that someone may have through this project.
We are totally convinced that if we teach how vulnerable things really are, we can make the Internet a safer place.
This development and others, the participants will be mentioned with name, Twitter and charge.
CREATOR
— Jose Pino — @jofpin — (Security Researcher)
I invite you, if you use this tool helps to share, collaborate. Let’s make the Internet a safer place, let’s report.
The content of this project itself is licensed under the Creative Commons Attribution 3.0 license, and the underlying source code used to format and display that content is licensed under the MIT license.
Copyright, 2018 by Jose Pino
About
People tracker on the Internet: OSINT analysis and research tool by Jose Pino
Trape — People Tracker On Internet
Information is power. Information gathering is the most crucial part of penetration testing. Tracking targets ip address, browser, Operating Systems, social media accounts is the primary step.
Their are many tools are available to do this, nut in this tutorial we learn the use of Trape. Trape is written in python, it is a footprinting tool. Trape can help us by getting the ip address, OS, social media accounts by a single click of them.
It also can perform phishing and browser hooking attacks.
Trape doesn’t comes pre-installed with Kali Linux, we need to clone it from github repository.
So open our terminal window and type following command and press enter.
The screenshot of the command is following:
This is not a large tool, trape need few seconds to download. After download is complete we need to go to trape’s directory using cd command and then we check the files using ls command. Here we are going to join those commands in a single command using && like this :
The screenshot is following:
First we need to install all the requirements for trape tool to do this we use this simple command.
The screenshot is following:
Now we can run the python script and check the options by using the simple command as following:
The screenshot is following:
Here we must need to use Ngrok token.The older tutorials on internet will not work here. In the older versions of trape we can use it without ngrok(offline mode) but we can add ngrok, in this new version ngrok is must. Here comes a question.
What is this Ngrok?
Ngrok is a tool that makes a tunnel that we can access our localhost in the internet.
So we need to go ngrok.com and sign up .
Now copy the API token and come back to terminal and paste the token. Now this will ask for Google Maps API token, to get follow this guide and paste the API key of Google map, this will help to get the location. Sorry, I cant show my Google map’s API token for security reason so no screenshot for this one. This API tokens are needed for first time configuration only.
After pasting Google map’s API this will ask for a url. Target will see this url’s website after clicking our link, like the following screenshot.
We are using https://www.google.com for an example or we can use any other link.
Then Trape will ask for the port here type 80 (port for http) and press enter.
After doing this Trape will open like the screenshot below:
We can choose the lure urls to catch targets in our local network or public internet. We can see the information of target in the control panel link.
Screenshot of control panel is following:
Control panel can be accessible with the access key. For better result in public internet we can use url shortener to hide the ngrok url. All done now wait for targets click, whenever target clicks on the link we got the information of target.
We have another Kali Linux tool which makes location tracking kids play, this is super easy read it by clicking here.
Any questions or review ? Please leave a comment. If you like this Trape tutorial then please share with friends.
How to track peoples device using trape
So, Today in this blog i will going to show you How to track peoples device using trap then you can attack it from your kali linux operating system and through the termux application of your Android phone. This method is used by me and i will do this attack on my personal device so, i will not harm anyone.so, first of all we know what is kali linux and github ? what is trape in hacking ? Requirements ? Installing and Run ?
Kali linux hacking tool
What is Kali linux ?
What is github ?
GitHub is an American company that provides hosting for software development version control using Git. It is a subsidiary of Microsoft, which acquired the company in 2018 for $7.5 billion. It offers all of the distributed version control and source code management (SCM) functionality of Git as well as adding its own features. It provides access control and several collaboration features such as bug tracking, feature requests, task management, and wikis for every project.Trap peoples
GitHub offers plans for free, professional, and enterprise accounts. Free GitHub accounts are commonly used to host open source projects. As of January 2019, GitHub offers unlimited private repositories to all plans, including free accounts. As of May 2019, GitHub reports having over 37 million users and more than 100 million repositories[10] (including at least 28 million public hacking tutorials repositories), making it the largest host of source code in the world.
what is Trape in Hacking ?
Trape is an OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control their users through their browser, without their knowlege, but It evolves with the aim of helping government organizations, companies and researchers to track the cybercriminals. How to track peoples device using trape
Requirements
Before executing to script, we first have to install some specific requirements.
To install them, simply type :
pip install -r requirements.txt
If you don’t have the requirements, then it will automatically get the requirements, and if you already have them installed like me, then there is nothing to worry about.
Install and Run
- cd trape
Step 2 :- Installing the requirements
Before executing to script, we first have to install some specific requirements.
To install them, simply type :
- pip install -r requirements.txt
Unlike the other scripts like Metasploit, Trape is controllable on the web.
(It’s beginner friendly!)
But first, execute the script.
You can execute the script by :
- python trape.py -u URL -p PORT
Step 4 :- setup a Ngrok token
NGROK TOKEN
In the next section you must enter your Ngrok token, if you do not have
one register at (https://ngrok.com), this data is necessary for the generation of public network tunnels
Put the Ngrok Token and Hit Enter.
Step 5 :- GOOGLE API
You must register with the Google Console, and get an API for maps and another for shortening.
By having these data you complete the settings
Step 6 :- Login in google console and get a Google Map API key https://console.cloud.google.com/apis/credentials
Step 7 :- Enter your google shortener API key, lets visit this link and get a google shortener API key https://developers.google.com/url-shortener/v1/getting_started
Step 8 :- Enter your Ip geolocation API key, lets visit this link and get a IP geolocation API key https://app.ipgeolocation.io/
Step 8 :- python trape.py -u www.google.com -p 8080 and click hit ente.
it will show 3 things
The link to lure the victims, The control panel link, and the access key to it.
If you think that the victims will think suspicious, then you can shorten the link using bit.ly, ad.fly, all those things.
Now, copy and paste the Control Panel link on the web.
LOCAL INFORMATION
——————-
>-=[ Link for the users: http://192.168.42.199:8080/www.google.com
>-=[ Your REST API path: http://192.168.42.199:8080/3a8c1bc3471c.js
>-=[ Control Panel Link: http://127.0.0.1:8080/69dae1c
>-=[ Your Access key: 706957988271371afd9c50f3
Control Panel Link: http://127.0.0.1:8080/69dae1c
And put the access key it gave you in the terminal.
Let me just copy and paste that.
And send the link to the victim.
Takes a bit of social engineering, I sent it to my brother
Link for the users: http://192.168.42.199:8080/www.google.com
and then,
Got him!
You could have just sent a real meme site to make it look real, but I just said that I trolled him.
And haha his profile pic is the skeleton from TrackURL(We have the same icloud account so. )
He went in, so we can see everything.
I have changed my location because for some privacy reason
In the Attacks Hook button next to the Information, you can download files and send messages and do stuff!
If you want to hack the victim’s device perfectly, you can make a website and make the victim redirect to your website, you can just let the victim download a payload made by Metasploit and take control completely!(There is a button for these)
Sorry, I can’t show you those because I forgot to take snaps of those attacks (and I am lazy)
Did It Work?
Please comment down below for where to improve, and some suggestions to what I can do next!
If you need help, comment, I will try my best to help you!
Disclaimer
All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. how to install shellphish in termux
All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.
[Kali Linux]Trape
В этой статье поговорим о фишинговых атаках и одном из способов их простого проведения. Так как, о самом термине фишинг написано достаточно в сети, то остановим свой взгляд сразу на методах. Предлагаю ознакомиться с Trape, этот инструмент и является ключевым в этой статье 
Trape — отличный инструмент, который позволяет следить за людьми, получая при этом довольно обширный объём информации .
Преимущества:
1.) Одной из наиболее привлекательных функций является дистанционное распознавание сеансов. Вы можете знать, где человек был зарегистрирован, удаленно. Это осуществляется в соответствии с политикой происхождения (SOP)
2.) В настоящее время вы можете попробовать все, начиная с веб-интерфейса. (Консоль, становится предварительным просмотром журналов и действий)
3.) Регистрация жертв, запросы среди других данных проходят в режиме реального времени.
4.) При наличии большого количества информации, можно модифицировать векторы атаки, создавая свои более продуманные и изощренные
Проведение фишинг-атак в реальном времени
1.) Простые атаки
2.) Картографирование
Получение важных конфиденциальных данных
1. ) Захват учетных данных
2.) Интеграция с открытым исходным кодом (OSINT)
Захват учетных данных, перечень сервисов:
1.) Facebook
2.) Twitter
3.) VK
4.) Reddit
5.) Gmail
6.) tumblr
7.) Instagram
8.) Github
9.) Bitbucket
10.) Dropbox
11.) Spotify
12.) PayPal
12.) Amazon
Запуск :
python trape.py —url http://example.com —port 8080
В опции —url вы должны поместить приманку: страницу новостей, статью, которая служит в качестве страницы презентации.
В опции -port указываем порт, на котором хотите его запустить.
В каталог Files, расположенном по пути: / static/files — вы можете добавить файлы, для дальнейшей отправки их на целевой хост. 
Дальше, все просто. Первая ссылка используется для подключения нашим целевым хостом к Trape, по второй, мы можем найти веб-интерфейс для управления Trape. Ниже, ключ для авторизации. Переходим по ссылке, вводим данные и попадаем в панель управления: 
Соответственно, после того, как наша цель перешла по ссылке, которую мы ей предоставили, в панели управления, мы видим информацию о подключении к нам целевого устройства. За кнопкой Details, хранится более подробная информация: 
Теперь о фишинге, попробуем получить учетные данные с формы аутентификации, какого ни будь сайта. Для этого во вкладке – Attacks Hook, введем адрес сайта, который мы хотим подменить и нажмем кнопку атаки. 
В браузере целевого хоста, открывается довольно таки правдоподобная копия twitter, если на адрес не смотреть, конечно. Вводим в форму авторизации логин и пароль.Trape,может загрузить файл на целевой хост, возьмем, к примеру, созданную в SET полезную нагрузку в .exe формате 
Файл успешно загружается на целевой хост, но блокируется защитником Windows 
Ну вот как-то так.Всем удачи и пока!