Social Engineering Tools – Information Security Newspaper | Hacking News

How to send phishing or malware to Teams users evading Teams security features

Octavio Mares — Thu, 21 Sep 2023 18:38:06 +0000

TeamsPhisher is a Python3 software that was designed to make it easier for phishing messages and attachments to be sent to users of Microsoft Teams whose companies or organizations permit connection with outside parties. It is not feasible to transfer files to users of Teams who are not part of one’s company in most circumstances. Recently, Max Corbridge (@CorbridgeMax) and Tom Ellson (@tde_sec) from JUMPSEC published a means to circumvent this limitation by modifying HTTP requests made by Teams in order to change who is sent a message with an attached file.

Hacking Microsoft teams by simply using a GIF image

TeamsPhisher utilizes a number of other techniques, including some of Andrea Santese’s (@Medu554) older ones, in addition to this one.For the authentication component of the attack flow as well as other basic utility functions, it relies significantly on TeamsEnum, a brilliant piece of work that was developed by Bastian Kanbach (@bka) of SSE.

TeamsPhisher’s goal is to include the most useful aspects of the aforementioned projects in order to provide a method that is robust, fully adaptable, and highly effective for authorized Red Team operations to use Microsoft Teams for phishing in access-related circumstances.

You will need to provide TeamsPhisher with an attachment, a message, and a list of people to target. After that, it will go over the list of targets while simultaneously uploading the attachment to the sender’s Sharepoint.

First, TeamsPhisher will enumerate the target user and check to see whether that person really exists and is able to receive messages from the outside world. After that, it will initiate a new conversation with the person you choose. Note that this is technically a “group” conversation since TeamsPhisher contains the target’s email address twice; this is a clever hack from @Medu554 that will circumvent the “Someone outside your organization messaged you, are you sure you want to view it” splash screen that might offer our targets a reason to stop and think twice about viewing the message.

The user who was identified will get the message that was sent to them along with a link to the attachment that was stored in Sharepoint after a new thread has been established between our sender and the target.

After this first message has been sent, the newly established thread will be visible in the sender’s Teams GUI and may be engaged with manually, if necessary, on a case-by-case basis. Users of TeamsPhisher are required to have a Microsoft Business account (as opposed to a personal one such as @hotmail, @outlook, etc.) that is licensed for both Teams and Sharepoint in order to utilize the software.

This indicates that you will require an AAD tenant as well as at least one user who has a license that corresponds to it. At the time of publishing, the AAD licensing center does have some free trial licenses available for download that are capable of meeting all of the prerequisites for using this product.

Before you may utilize the account with TeamsPhisher, you will have to ensure that you have at least once successfully logged into the personal Sharepoint site of the user with whom you will be exchanging messages. This should be something along the lines of tenantname-my.sharepoint.com/personal/myusername_mytenantname_onmicrosoft.com or tenantname-my.sharepoint.com/personal/myusername_mytenantname_mycustomdomain_tld. Alternatively, you could also use tenantname-my.sharepoint.com/personal/myusername_mytenantname_onmicrosoft.com.

In terms of the needs of the local community, We strongly advise upgrading to the most recent version of Python3. You will also require the authentication library developed by Microsoft:

To upload the file to a Sharepoint site, you will need to manually give the site’s name. This would most likely be required in the event if the sender’s tenant makes use of a unique domain name (for example, one that does not adhere to the xxx.onmicrosoft.com norm). Just the singular name should be used; for instance, if your SharePoint site is located at mytest.sharepoint.com, you should use the –sharepoint mytest option.

Replace TeamPhisher’s standard greeting (“Hi,”) with a personalized greeting that will be appended to the message that is supplied by the –message option. For instance, “Good afternoon,” or “Sales team,” are examples.

By default, the Sharepoint link that is provided to targets may be accessed by anybody who has the link; to restrict access to the Sharepoint file so that it can only be viewed by the target who got it, use the –securelink option. It’s possible that this will help shield your virus from the blue team.

TeamsPhisher will make an effort to determine the first name of each person it is targeting and will use that name in the welcome it sends to them. For instance, tom.jones@targettenant.onmicrosoft.com would get an email with the greeting “Hi Tom, ” as the first line of the message. This is not ideal and is dependant on the format of the emails that are being targeted; use the –preview option to see whether or not this is a suitable match for the list of emails that you are targeting.

The preview version of TeamsPhisher will be executed. This will NOT send any messages to the target users; instead, the “friendly” name that would be used by the –personalize option will be shown. In addition, a sample message that is indicative of what targets would receive with the current settings will be delivered to the sender’s Teams. You may log in to check how your message appears and make any required adjustments to it.

You may choose to have a delay of x seconds between each message sent to targets. Can be of assistance with rate-limiting concerns that may arise.

TeamsPhisher will determine which accounts are unable to receive messages from third-party organizations, which accounts do not exist, and which accounts have subscription plans that are incompatible with the attack vectors.

TeamsPhisher now enables login with sender accounts using multifactor authentication (MFA), thanks to code contributed by the TeamsEnum project.

If you use the –securelink flag, the recipients of the message will see a popup asking them to verify themselves before they can view the attachment in Sharepoint. You have the ability to determine if this adds an excessive number of additional steps or whether it adds ‘legitimacy’ by sending them via the actual Microsoft login feature.

Mitigation
By changing the choices associated with external access, which can be found in the Microsoft Teams admin center under Users > External access, companies may reduce the risk that is provided by the vulnerability that has been discovered.

Organizations are provided with the freedom to pick the optimal rights to match their requirements by Microsoft, including the ability to whitelist just particular external tenants for communications and a global block that prevents any communications from occurring.

The post How to send phishing or malware to Teams users evading Teams security features appeared first on Information Security Newspaper | Hacking News.

How AitM attack was used to breach 10000 Organizations

Mike Stevens — Thu, 21 Jul 2022 00:28:13 +0000

Microsoft revealed on Tuesday that a large-scale phishing campaign targeted more than 10,000 organizations since September 2021 by attacking the Office 365 authentication process even on accounts secured with multi-factor authentication (MFA).

The attackers then used the stolen credentials and session cookies to access the affected users’ mailboxes and carry out e-mail “spoofing” campaigns on their targets.

The intrusions involved the creation of adversary-in-the-middle(AitM) phishing sites, in which the attacker deploys a proxy server between a potential victim and the target website so that recipients of a phishing email are redirected to similar pages designed to capture credentials and MFA information.In AiTM phishing, an attacker attempts to obtain a target user’s session cookie so they can skip the whole authentication process and act on the latter’s behalf.

To do this, the attacker deploys a webserver that proxies HTTP packets from the user that visits the phishing site to the target server the attacker wishes to impersonate and the other way around. This way, the phishing site is visually identical to the original website (as every HTTP is proxied to and from the original website). The attacker also doesn’t need to craft their own phishing site like how it’s done in conventional phishing campaigns. The URL is the only visible difference between the phishing site and the actual one.

The phishing page has two different Transport Layer Security (TLS) sessions: one with the target and one with the actual website the target wants to access.

These sessions mean that the phishing page works almost like an AitM agent, intercepting the entire authentication process and extracting valuable data from HTTP requests, such as passwords and, more importantly, session cookies.

The phishing campaign detected by Microsoft was organized to identify Office 365 users by spoofing the Office online authentication page. The AiTM phishing process can currently be automated using open-source phishing toolkits and other online resources. Among the widely-used kits include Evilginx2, Modlishka, and Muraena. The actors used the Evilginx2 phishing kit to carry out the attacks.

The attacks did not end there, as the attackers abused their mailbox access for payment fraud using a technique called “email thread hijacking” to trick parties on the other end of the conversation into illicitly transferring funds to accounts under your control.

While AiTM phishing attempts to circumvent MFA, it’s important to underscore that MFA implementation remains an essential pillar in identity security. Defenders can also complement MFA with the following solutions and best practices to further protect their organizations from such types of attacks:

Enable conditional access policies.
Invest in advanced anti-phishing solutions
Continuously monitor for suspicious or anomalous activities:

The post How AitM attack was used to breach 10000 Organizations appeared first on Information Security Newspaper | Hacking News.

Are you getting spams? fast check for email address on online platforms

Jim Gill — Fri, 31 Jan 2020 14:15:03 +0000

Email addresses, spammer loves these. Emails is the main source of authentication for most social media platforms. On daily basis, fake social media accounts are used by various cyber criminal. Now days, social media crimes are increasing, because of the Social media popularity. Many users uses bots or automation scripts to become popular in short period of time. According to ethical hacking researcher of International Institute of Cyber Security you can find list of many leaked email address on pastebin and underground links.

There are many cases on cyber bulling, stalking which shows that fake accounts are used. After the investigation, its normally found that fake accounts are the main reason for spreading rumors on any person or public figure to create an chaos among users. Most of the time Twitter becomes the main source for spreading fake news. Every news or chaos are found to be connected with any account. We will show you socialscan which is used to validate email addresses on social media accounts. Users can search by typing email addresses or using any bulk list of email addresses. Socialscan uses various social media platforms, api’s, svc-api’s. Below you can checkout the python script written by socialscan developer which clearly shows instagram, twitter, tumblr or emails, usernames are used to check the availability of email addresses.

For testing we will use Kali Linux 2018.4 amd64.
Before installing socialscan, make sure python3 is installed.
Type open terminal, type sudo apt-get update and then type sudo apt-get install python3, then type sudo apt-get install python3-pip
Type pip3 –version, If you found error while running pip3, Type sudo apt-get purge python3, then type sudo apt-get install python3-pip

root@kali:/home/iicybersecurity/Downloads/socialscan# pip3 --version
pip 18.1 from /usr/lib/python3/dist-packages/pip (python 3.7)

You can install Socialscan from github or from pip. For installing through github. Type git clone https://github.com/iojw/socialscan.git
OR type pip3 install socialscan

root@kali:/home/iicybersecurity/Downloads/socialscan# pip3 install socialscan
Requirement already satisfied: socialscan in /usr/local/lib/python3.7/dist-packages/socialscan-1.1.5-py3.7.egg (1.1.5)
Requirement already satisfied: aiohttp>=3.5.0 in /usr/local/lib/python3.7/dist-packages/aiohttp-4.0.0a1-py3.7-linux-x86_64.egg (from socialscan) (4.0.0a1)
Requirement already satisfied: colorama in /usr/lib/python3/dist-packages (from socialscan) (0.3.7)
Requirement already satisfied: tqdm>=4.31.0 in /usr/local/lib/python3.7/dist-packages (from socialscan) (4.31.1)
Requirement already satisfied: async-timeout<4.0,>=3.0 in /usr/local/lib/python3.7/dist-packages/async_timeout-3.0.1-py3.7.egg (from aiohttp>=3.5.0->socialscan) (3.0.1)
Requirement already satisfied: attrs>=17.3.0 in /usr/local/lib/python3.7/dist-packages (from aiohttp>=3.5.0->socialscan) (19.1.0)
Requirement already satisfied: chardet<4.0,>=2.0 in /usr/lib/python3/dist-packages (from aiohttp>=3.5.0->socialscan) (3.0.4)
Requirement already satisfied: multidict<5.0,>=4.5 in /usr/local/lib/python3.7/dist-packages (from aiohttp>=3.5.0->socialscan) (4.5.2)
Requirement already satisfied: typing-extensions>=3.6.5 in /usr/local/lib/python3.7/dist-packages/typing_extensions-3.7.4.1-py3.7.egg (from aiohttp>=3.5.0->socialscan) (3.7.4.1)
Requirement already satisfied: yarl<2.0,>=1.0 in /usr/local/lib/python3.7/dist-packages (from aiohttp>=3.5.0->socialscan) (1.3.0)
Requirement already satisfied: idna>=2.0 in /usr/lib/python3/dist-packages (from yarl<2.0,>=1.0->aiohttp>=3.5.0->socialscan) (2.6)

After then type python3 setyp.py install

root@kali:/home/iicybersecurity/Downloads/socialscan# python3 setup.py install
running install
running bdist_egg
running egg_info
writing socialscan.egg-info/PKG-INFO
writing dependency_links to socialscan.egg-info/dependency_links.txt
writing entry points to socialscan.egg-info/entry_points.txt
writing requirements to socialscan.egg-info/requires.txt
writing top-level names to socialscan.egg-info/top_level.txt
reading manifest file 'socialscan.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'socialscan.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_py
creating build/bdist.linux-x86_64/egg
creating build/bdist.linux-x86_64/egg/socialscan
copying build/lib/socialscan/__init__.py -> build/bdist.linux-x86_64/egg/socialscan
copying build/lib/socialscan/util.py -> build/bdist.linux-x86_64/egg/socialscan
copying build/lib/socialscan/platforms.py -> build/bdist.linux-x86_64/egg/socialscan
copying build/lib/socialscan/__main__.py -> build/bdist.linux-x86_64/egg/socialscan
copying build/lib/socialscan/cli.py -> build/bdist.linux-x86_64/egg/socialscan
byte-compiling build/bdist.linux-x86_64/egg/socialscan/__init__.py to __init__.cpython-37.pyc
byte-compiling build/bdist.linux-x86_64/egg/socialscan/util.py to util.cpython-37.pyc
byte-compiling build/bdist.linux-x86_64/egg/socialscan/platforms.py to platforms.cpython-37.pyc
byte-compiling build/bdist.linux-x86_64/egg/socialscan/__main__.py to __main__.cpython-37.pyc
byte-compiling build/bdist.linux-x86_64/egg/socialscan/cli.py to cli.cpython-37.pyc
creating build/bdist.linux-x86_64/egg/EGG-INFO
copying socialscan.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying socialscan.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying socialscan.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying socialscan.egg-info/entry_points.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying socialscan.egg-info/requires.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying socialscan.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
zip_safe flag not set; analyzing archive contents...
creating 'dist/socialscan-1.1.5-py3.7.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing socialscan-1.1.5-py3.7.egg
Removing /usr/local/lib/python3.7/dist-packages/socialscan-1.1.5-py3.7.egg
Copying socialscan-1.1.5-py3.7.egg to /usr/local/lib/python3.7/dist-packages
socialscan 1.1.5 is already the active version in easy-install.pth
Installing socialscan script to /usr/local/bin

Installed /usr/local/lib/python3.7/dist-packages/socialscan-1.1.5-py3.7.egg
Processing dependencies for socialscan==1.1.5
Searching for tqdm==4.31.1
Best match: tqdm 4.31.1
Adding tqdm 4.31.1 to easy-install.pth file
Installing tqdm script to /usr/local/bin

Using /usr/local/lib/python3.7/dist-packages
Searching for colorama==0.3.7
Best match: colorama 0.3.7
Adding colorama 0.3.7 to easy-install.pth file

Using /usr/lib/python3/dist-packages
Searching for aiohttp==4.0.0a1
Best match: aiohttp 4.0.0a1
Processing aiohttp-4.0.0a1-py3.7-linux-x86_64.egg
aiohttp 4.0.0a1 is already the active version in easy-install.pth

Using /usr/local/lib/python3.7/dist-packages/aiohttp-4.0.0a1-py3.7-linux-x86_64.egg
Searching for yarl==1.3.0
Best match: yarl 1.3.0
Adding yarl 1.3.0 to easy-install.pth file

Using /usr/local/lib/python3.7/dist-packages
Searching for typing-extensions==3.7.4.1
Best match: typing-extensions 3.7.4.1
Processing typing_extensions-3.7.4.1-py3.7.egg
typing-extensions 3.7.4.1 is already the active version in easy-install.pth

Using /usr/local/lib/python3.7/dist-packages/typing_extensions-3.7.4.1-py3.7.egg
Searching for multidict==4.5.2
Best match: multidict 4.5.2
Adding multidict 4.5.2 to easy-install.pth file

Using /usr/local/lib/python3.7/dist-packages
Searching for chardet==3.0.4
Best match: chardet 3.0.4
Adding chardet 3.0.4 to easy-install.pth file
Installing chardetect script to /usr/local/bin

Using /usr/lib/python3/dist-packages
Searching for attrs==19.1.0
Best match: attrs 19.1.0
Adding attrs 19.1.0 to easy-install.pth file

Using /usr/local/lib/python3.7/dist-packages
Searching for async-timeout==3.0.1
Best match: async-timeout 3.0.1
Processing async_timeout-3.0.1-py3.7.egg
async-timeout 3.0.1 is already the active version in easy-install.pth

Using /usr/local/lib/python3.7/dist-packages/async_timeout-3.0.1-py3.7.egg
Searching for idna==2.6
Best match: idna 2.6
Adding idna 2.6 to easy-install.pth file

Using /usr/lib/python3/dist-packages
Finished processing dependencies for socialscan==1.1.5

Type socialscan –help

root@kali:/home/iicybersecurity/Downloads/socialscan# socialscan --help
usage: socialscan [-h] [--platforms [platform [platform ...]]]
                  [--view-by {platform,query}] [--available-only]
                  [--cache-tokens] [--input input.txt]
                  [--proxy-list proxy_list.txt] [--verbose] [--version]
                  [query [query ...]]

Command-line interface for checking email address and username usage on online
platforms: GitHub, GitLab, Instagram, Lastfm, Pastebin, Pinterest, Reddit,
Snapchat, Spotify, Twitter, Tumblr, Yahoo

positional arguments:
  query                 one or more usernames/email addresses to query (email
                        addresses are automatically be queried if they match
                        the format)

optional arguments:
  -h, --help            show this help message and exit
  --platforms [platform [platform ...]], -p [platform [platform ...]]
                        list of platforms to query (default: all platforms)
  --view-by {platform,query}
                        view results sorted by platform or by query (default:
                        query)
  --available-only, -a  only print usernames/email addresses that are
                        available and not in use
  --cache-tokens, -c    cache tokens for platforms requiring more than one
                        HTTP request (Snapchat, GitHub, Instagram. Lastfm,
                        Tumblr & Yahoo), reducing total number of requests
                        sent
  --input input.txt, -i input.txt
                        file containg list of queries to execute
  --proxy-list proxy_list.txt
                        file containing list of HTTP proxy servers to execute
                        queries with
  --verbose, -v         show query responses as they are received
  --version             show program's version number and exit

Type socialscan #######a######@gmail.com, for security purposes the email address is masked.
socialscan will find accounts with given email addresses.

root@kali:/home/iicybersecurity/Downloads/socialscan# socialscan  #######a######@gmail.com
  0%|                               | 0/12 [0.00s]/usr/local/lib/python3.7/dist-packages/aiohttp-4.0.0a1-py3.7-linux-x86_64.egg/aiohttp/client.py:977: RuntimeWarning: coroutine 'noop' was never awaited
  self._resp.release()
RuntimeWarning: Enable tracemalloc to get the object allocation traceback
 50%|███████████████▌               | 6/12 [0.88s]/usr/local/lib/python3.7/dist-packages/aiohttp-4.0.0a1-py3.7-linux-x86_64.egg/aiohttp/client.py:518: RuntimeWarning: coroutine 'noop' was never awaited
  resp.release()
RuntimeWarning: Enable tracemalloc to get the object allocation traceback
/usr/local/lib/python3.7/dist-packages/aiohttp-4.0.0a1-py3.7-linux-x86_64.egg/aiohttp/client.py:541: RuntimeWarning: coroutine 'noop' was never awaited
  resp.release()
RuntimeWarning: Enable tracemalloc to get the object allocation traceback
 75%|███████████████████████▎       | 9/12 [1.22s]Future exception was never retrieved
future: 
Traceback (most recent call last):
  File "/usr/lib/python3.7/asyncio/sslproto.py", line 530, in data_received
    ssldata, appdata = self._sslpipe.feed_ssldata(data)
  File "/usr/lib/python3.7/asyncio/sslproto.py", line 207, in feed_ssldata
    self._sslobj.unwrap()
  File "/usr/lib/python3.7/ssl.py", line 778, in unwrap
    return self._sslobj.shutdown()
ssl.SSLError: [SSL: KRB5_S_INIT] application data after close notify (_ssl.c:2629)
Future exception was never retrieved
future: 
Traceback (most recent call last):
  File "/usr/lib/python3.7/asyncio/sslproto.py", line 530, in data_received
    ssldata, appdata = self._sslpipe.feed_ssldata(data)
  File "/usr/lib/python3.7/asyncio/sslproto.py", line 207, in feed_ssldata
    self._sslobj.unwrap()
  File "/usr/lib/python3.7/ssl.py", line 778, in unwrap
    return self._sslobj.shutdown()
ssl.SSLError: [SSL: KRB5_S_INIT] application data after close notify (_ssl.c:2629)
----------------------------------------
        #######a######@gmail.com
----------------------------------------
Instagram
Lastfm
Pastebin
Twitter
GitHub
Pinterest
Spotify
Tumblr

Above shows listed of social media platforms that have accounts associated with this searched email address. Below in output social media accounts are mentioned in different colors.
Socialscan uses two different colors to indicate the presence of email address on social media platform.

Socialscan_result

In Yellow Color, it shows email address tested is used in creating accounts on different social media platforms.
In Green Color, this email address is not used in creating accounts on these platforms.
Let’s try some other email addresses. For testing, you can found different email addresses on pastr.io.
Type socialscan ja#####ep#####ki@gmail.com
As per ethical hacking researcher of International Institute of Cyber Security, socialscan checks the availability of email address by trying to create account or trying to use username suggestion functionality available on social media platforms.

root@kali:/home/iicybersecurity/Downloads/socialscan# socialscan   ja#####ep#####ki@gmail.com
  0%|                               | 0/12 [0.00s]/usr/local/lib/python3.7/dist-packages/aiohttp-4.0.0a1-py3.7-linux-x86_64.egg/aiohttp/client.py:977: RuntimeWarning: coroutine 'noop' was never awaited
  self._resp.release()
RuntimeWarning: Enable tracemalloc to get the object allocation traceback
 58%|██████████████████             | 7/12 [0.69s]Future exception was never retrieved
future: 
Traceback (most recent call last):
  File "/usr/lib/python3.7/asyncio/sslproto.py", line 530, in data_received
    ssldata, appdata = self._sslpipe.feed_ssldata(data)
  File "/usr/lib/python3.7/asyncio/sslproto.py", line 207, in feed_ssldata
    self._sslobj.unwrap()
  File "/usr/lib/python3.7/ssl.py", line 778, in unwrap
    return self._sslobj.shutdown()
ssl.SSLError: [SSL: KRB5_S_INIT] application data after close notify (_ssl.c:2629)
 75%|███████████████████████▎       | 9/12 [0.83s]/usr/local/lib/python3.7/dist-packages/aiohttp-4.0.0a1-py3.7-linux-x86_64.egg/aiohttp/client.py:518: RuntimeWarning: coroutine 'noop' was never awaited
  resp.release()
RuntimeWarning: Enable tracemalloc to get the object allocation traceback
/usr/local/lib/python3.7/dist-packages/aiohttp-4.0.0a1-py3.7-linux-x86_64.egg/aiohttp/client.py:541: RuntimeWarning: coroutine 'noop' was never awaited
  resp.release()
RuntimeWarning: Enable tracemalloc to get the object allocation traceback
 83%|█████████████████████████     | 10/12 [1.43s]Future exception was never retrieved
future: 
Traceback (most recent call last):
  File "/usr/lib/python3.7/asyncio/sslproto.py", line 530, in data_received
    ssldata, appdata = self._sslpipe.feed_ssldata(data)
  File "/usr/lib/python3.7/asyncio/sslproto.py", line 207, in feed_ssldata
    self._sslobj.unwrap()
  File "/usr/lib/python3.7/ssl.py", line 778, in unwrap
    return self._sslobj.shutdown()
ssl.SSLError: [SSL: KRB5_S_INIT] application data after close notify (_ssl.c:2629)
----------------------------------------
       ja#####ep#####ki@gmail.com
----------------------------------------
GitHub
Lastfm
Pastebin
Instagram
Pinterest
Spotify
Tumblr
Twitter

Above shows social media accounts which are connected with the given email addresses. Socialscan uses two different colors to indicate on which social media platform.

Socialscan_Bulk-Email

In Yellow Color, it shows above email address is used in creating accounts on different social media platforms.
In Green Color, this email address is not used in creating accounts on these platforms.

In Social media crimes, Digital forensics investigator can use Socialscan for verifying the email addresses. Or if any user received some spamming emails from any email ID. User can check the social media behavior of that account by finding social media accounts using Socialscan.
In some common email addresses, it might shows false positives but still according to its developer it provides 100% accuracy.
While searching accounts on social media, we do found account with particular email address on social media platforms. For further verification, you can manually search for the email ID on social media logins. For verification we have used above first email ID for verifying on twitter.com For security reasons, we have masked the email id.

Twitter_Login

Above shows that “we could not identify you by the email address. Please enter your username to first your account” which means that twitter does not have any account using above email. For security purposes, we have hidden the email id.

Scanning List of Email Addresses

Type socialscan –platform instagram –input list2.txt
–platform to write any particular platform. We have searched for Instagram.
–input is used to enter list of email addresses.

root@kali:/home/iicybersecurity/Downloads/socialscan# socialscan --platform instagram --input list2.txt
  0%|                               | 0/37 [0.00s]/usr/local/lib/python3.7/dist-packages/aiohttp-4.0.0a1-py3.7-linux-x86_64.egg/aiohttp/client.py:518: RuntimeWarning: coroutine 'noop' was never awaited
  resp.release()
RuntimeWarning: Enable tracemalloc to get the object allocation traceback
/usr/local/lib/python3.7/dist-packages/aiohttp-4.0.0a1-py3.7-linux-x86_64.egg/aiohttp/client.py:541: RuntimeWarning: coroutine 'noop' was never awaited
----------------------------------------
          kkne########3@gmail.com
----------------------------------------
Instagram
----------------------------------------
         slo#######en@gmail.com
----------------------------------------
Instagram
----------------------------------------
       jame##########ki@yahoo.com
----------------------------------------
Instagram
----------------------------------------
        Ky#########ps@hotmail.com
----------------------------------------
Instagram
----------------------------------------
       gia#########ris@gmail.com
----------------------------------------
Instagram
----------------------------------------
          big##########@gmail.com
----------------------------------------
Instagram
----------------------------------------
       th##########erjwo@yahoo.com
----------------------------------------
Instagram
----------------------------------------
        chu##############her@yahoo.com
----------------------------------------
Instagram
----------------------------------------
         kin#########94@gmail.com
----------------------------------------
Instagram
----------------------------------------
        con#########17@gmail.com
----------------------------------------
Instagram
----------------------------------------
          car########g@gmail.com
----------------------------------------

----------------------------------------
       sir#########lker@gmail.com
----------------------------------------
Instagram

Available, Taken/Reserved, Invalid, Error
Completed 12 queries in 4.38s

Above shows list of email addresses which are taken or they are available.

The post Are you getting spams? fast check for email address on online platforms appeared first on Information Security Newspaper | Hacking News.