Convert Figma logo to code with AI

jofpin logotrape

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

8,049
1,292
8,049
243

Top Related Projects

The Rogue Access Point Framework

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

11,278

An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !

This is Advance Phishing Tool ! OTP PHISHING

Phishing Tool & Information Collector

Quick Overview

Trape is an OSINT (Open Source Intelligence) analysis and research tool designed for tracking and investigating people through the internet. It allows users to generate persuasive links that, when clicked, provide detailed information about the target's device, location, and online activities. Trape is intended for educational and research purposes only.

Pros

  • Provides comprehensive information about targets, including geolocation, device details, and network data
  • Offers a user-friendly web interface for easy monitoring and data visualization
  • Supports multiple platforms and browsers for wide compatibility
  • Includes features like custom templates and real-time notifications

Cons

  • Potential for misuse in unethical or illegal activities
  • May raise privacy concerns and legal issues if used without consent
  • Requires careful handling of sensitive information collected from targets
  • Limited documentation and support for troubleshooting

Getting Started

To set up and use Trape:

  1. Clone the repository:

    git clone https://github.com/jofpin/trape.git
    cd trape
    
  2. Install dependencies:

    python3 -m pip install -r requirements.txt
    
  3. Run Trape:

    python3 trape.py -h
    
  4. Generate a tracking URL:

    python3 trape.py --url https://example.com
    
  5. Access the control panel using the provided credentials and URL.

Note: Always use Trape responsibly and in compliance with applicable laws and regulations. Obtain proper authorization before tracking or collecting information about individuals.

Competitor Comparisons

The Rogue Access Point Framework

Pros of Wifiphisher

  • Focuses specifically on WiFi security testing and attacks
  • Includes multiple attack scenarios and templates
  • More actively maintained with frequent updates

Cons of Wifiphisher

  • Limited to WiFi-based attacks only
  • Requires more technical knowledge to set up and use effectively
  • Less comprehensive tracking and data collection capabilities

Code Comparison

Trape (JavaScript):

app.get('/get_info', function(req, res) {
  var vId = req.query.vId;
  var info = victim.getVictimByVictimId(vId);
  res.json(info);
});

Wifiphisher (Python):

def get_internet_interface():
    """Get an internet connected interface."""
    try:
        return netifaces.gateways()['default'][netifaces.AF_INET][1]
    except (KeyError, IndexError):
        return None

The code snippets show different focuses - Trape handles victim data retrieval via a web API, while Wifiphisher deals with network interface management for WiFi attacks. This reflects their distinct purposes and implementation approaches.

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

Pros of Social-Engineer-Toolkit

  • More comprehensive toolset for various social engineering attacks
  • Actively maintained with regular updates and contributions
  • Extensive documentation and community support

Cons of Social-Engineer-Toolkit

  • Steeper learning curve due to its broader scope
  • Requires more setup and dependencies
  • May be overkill for simple tracking or reconnaissance tasks

Code Comparison

Social-Engineer-Toolkit (Python):

# Example of a phishing attack setup
choice = raw_input(setprompt(["1"], "SET vector [phishing]"))
if choice == 'exit':
    exit_set()

Trape (Python):

# Example of geolocation tracking
@app.route("/get_position", methods=["POST"])
def get_position():
    return geo_controller.get_position(request.form)

Summary

Social-Engineer-Toolkit offers a more comprehensive suite of tools for various social engineering attacks, with active maintenance and extensive documentation. However, it has a steeper learning curve and requires more setup. Trape, on the other hand, focuses specifically on geolocation tracking and reconnaissance, making it simpler to use for those specific tasks but less versatile overall. The code examples highlight the different focuses of each tool, with Social-Engineer-Toolkit demonstrating attack vector selection and Trape showing geolocation functionality.

11,278

An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !

Pros of Zphisher

  • More focused on phishing attacks, with a wider variety of pre-built templates
  • Easier to set up and use, with a simpler command-line interface
  • More actively maintained, with frequent updates and bug fixes

Cons of Zphisher

  • Less comprehensive tracking capabilities compared to Trape
  • Limited to phishing attacks, while Trape offers broader information gathering features
  • Lacks the advanced geolocation and device information collection of Trape

Code Comparison

Trape (Python):

@app.route("/" + GEO_PATH)
def geo():
    return render_template("geo.html")

@app.route("/get_coords", methods=["POST"])
def coords():
    user_id = request.form['user_id']
    lat = request.form['lat']
    lon = request.form['lon']
    # Process and store coordinates

Zphisher (Bash):

tunnel_menu() {
    echo -e "\n${RED}[${WHITE}-${RED}]${GREEN} Select a tunneling option:"
    echo -e "${CYAN}[${WHITE}1${CYAN}]${ORANGE} Localhost"
    echo -e "${CYAN}[${WHITE}2${CYAN}]${ORANGE} Ngrok"
    echo -e "${CYAN}[${WHITE}3${CYAN}]${ORANGE} Cloudflared"
    read -p "${RED}[${WHITE}-${RED}]${GREEN} Select an option: ${BLUE}"
    # Handle user selection
}

The code snippets highlight the different approaches: Trape uses Python for web-based tracking, while Zphisher employs Bash scripting for phishing setup and tunneling options.

This is Advance Phishing Tool ! OTP PHISHING

Pros of AdvPhishing

  • Focuses specifically on phishing attacks with multiple templates
  • Includes Ngrok integration for easier remote hosting
  • Provides a user-friendly interface for managing campaigns

Cons of AdvPhishing

  • More limited in scope compared to Trape's broader tracking capabilities
  • Less actively maintained with fewer recent updates
  • Lacks some of the advanced geolocation features found in Trape

Code Comparison

AdvPhishing (PHP):

<?php
file_put_contents("usernames.txt", "Account: " . $_POST['username'] . " Pass: " . $_POST['password'] . "\n", FILE_APPEND);
header('Location: https://facebook.com/');
exit();
?>

Trape (Python):

@app.route("/register", methods=["POST"])
def register():
    victim_id = request.form['vId']
    url_to_clone = request.form['url']
    # ... (additional logic)
    return jsonify({'status' : 'OK', 'vId' : victim_id})

Both projects handle user data collection, but Trape's approach is more sophisticated, using a Flask-based API for data handling and victim tracking.

Phishing Tool & Information Collector

Pros of SocialFish

  • More focused on social engineering and phishing attacks
  • Includes pre-built templates for popular websites
  • Easier to set up and use for beginners

Cons of SocialFish

  • Less comprehensive tracking capabilities
  • Limited to phishing scenarios, less versatile
  • Fewer customization options for advanced users

Code Comparison

SocialFish:

def runPhishing(social, custom):
    system('rm -Rf base/Server/www/*.* && touch base/Server/www/index.html')
    if custom:
        shutil.copyfile('base/custom/index.html', 'base/Server/www/index.html')
    else:
        shutil.copyfile('base/WebPages/' + social + '/index.html', 'base/Server/www/index.html')

Trape:

def getInfoDevice(request):
    return {
        'cpu': request.user_agent.cpu,
        'browser': request.user_agent.browser,
        'device': request.user_agent.device,
        'engine': request.user_agent.engine,
        'os': request.user_agent.os,
        'ip': request.remote_addr,
    }

Summary

SocialFish is more specialized for phishing attacks with pre-built templates, making it easier for beginners. However, it lacks the advanced tracking and customization options found in Trape. Trape offers more comprehensive information gathering capabilities and is more versatile for various scenarios beyond phishing. The code comparison shows SocialFish's focus on setting up phishing pages, while Trape emphasizes detailed device information collection.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

trape (stable) v2.0

People tracker on the Internet: Learn to track the world, to avoid being traced.


Trape is an OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control their users through their browser, without their knowledge, but It evolves with the aim of helping government organizations, companies and researchers to track the cybercriminals.

--trape header

At the beginning of the year 2018 was presented at BlackHat Arsenal in Singapore: https://www.blackhat.com/asia-18/arsenal.html#jose-pino and in multiple security events worldwide.

Some benefits

  • LOCATOR OPTIMIZATION: Trace the path between you and the target you're tracking. Each time you make a move, the path will be updated, the location of the target is obtained silently through a bypass made in the browsers, allowing you to skip the location request on the victim's side, and at the same time maintain a precision of 99% in the locator.

  • APPROACH: When you're close to the target, Trape will tell you.

  • REST API: Generates an API (random or custom), and through this you can control and monitor other Web sites on the Internet remotely, getting the traffic of all visitors.

  • PROCESS HOOKS: Manages social engineering attacks or processes in the target's browser.

    --- SEVERAL: You can issue a phishing attack of any domain or service in real time as well as send malicious files to compromise the device of a target.

    --- INJECT JS: You keep the JavaScript code running free in real time, so you can manage the execution of a keylogger or your own custom functions in JS which will be reflected in the target's browser.

    --- SPEECH: A process of audio creation is maintained which is played in the browser of the target, by means of this you can execute personalized messages in different voices with languages in Spanish and English.

  • PUBLIC NETWORK TUNNEL: Trape has its own API that is linked to ngrok.com to allow the automatic management of public network tunnels; So you can publish the content of your trape server which is executed locally to the Internet, to manage hooks or public attacks.

  • CLICK ATTACK TO GET CREDENTIALS: Automatically obtains the target credentials, recognizing your connection availability on a social network or Internet service.

  • NETWORK: You can get information about the user's network.

    --- SPEED: Viewing the target's network speed. (Ping, download, upload, type connection)

    --- HOSTS OR DEVICES: Here you can get a scan of all the devices that are connected in the target network automatically.

  • PROFILE: Brief summary of the target's behavior and important additional information about your device.

    --- GPU --- ENERGY

30-session recognition

Session recognition is one of trape most interesting attractions, since you as a researcher can know remotely what service the target is connected to.

  • USABILITY: You can delete logs and view alerts for each process or action you run against each target.

How to use it

First unload the tool.

git clone https://github.com/jofpin/trape.git
cd trape
python3 trape.py -h

If it does not work, try to install all the libraries that are located in the file requirements.txt

pip3 install -r requirements.txt

Example of execution

Example: python3 trape.py --url http://example.com --port 8080

If you face some problems installing the tool, it is probably due to Python versions conflicts, you should run a Python 2.7 environment :

pip3 install virtualenv
virtualenv -p /usr/bin/python3 trape_env
source trape_env/bin/activate
pip3 install -r requirements.txt
python3 trape.py -h

HELP AND OPTIONS

user:~$ python3 trape.py --help
usage: python3 trape.py -u <> -p <> [-h] [-v] [-u URL] [-p PORT]
                                              [-ak ACCESSKEY] [-l LOCAL]
                                              [--update] [-n] [-ic INJC]

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         show program's version number and exit
  -u URL, --url URL     Put the web page url to clone
  -p PORT, --port PORT  Insert your port
  -ak ACCESSKEY, --accesskey ACCESSKEY
                        Insert your custom key access
  -l LOCAL, --local LOCAL
                        Insert your home file
  -n, --ngrok           Insert your ngrok Authtoken
  -ic INJC, --injectcode INJC
                        Insert your custom REST API path
  -ud UPDATE, --update UPDATE
                        Update trape to the latest version

--url In this option you add the URL you want to clone, which works as a decoy.

--port Here you insert the port, where you are going to run the trape server.

--accesskey You enter a custom key for the trape panel, if you do not insert it will generate an automatic key.

--injectcode trape contains a REST API to play anywhere, using this option you can customize the name of the file to include, if it does not, generates a random name allusive to a token.

--local Using this option you can call a local HTML file, this is the replacement of the --url option made to run a local lure in trape.

--ngrok In this option you can enter a token, to run at the time of a process. This would replace the token saved in configurations.

--version You can see the version number of trape.

--update Option used to upgrade to the latest version of trape.

--help It is used to see all the above options, from the executable.

Disclaimer

This tool has been published educational purposes. It is intended to teach people how bad guys could track them, monitor them or obtain information from their credentials, we are not responsible for the use or the scope that someone may have through this project.

We are totally convinced that if we teach how vulnerable things really are, we can make the Internet a safer place.

Developer

This development and others, the participants will be mentioned with name, Twitter and charge.

  • CREATOR

    --- Jose Pino - @jofpin - (Security Researcher)

Happy hacking!

I invite you, if you use this tool helps to share, collaborate. Let's make the Internet a safer place, let's report.

License

The content of this project itself is licensed under the Creative Commons Attribution 3.0 license, and the underlying source code used to format and display that content is licensed under the MIT license.

Copyright, 2018 by Jose Pino