{"id":13551905,"url":"https://github.com/martinvigo/ransombile","last_synced_at":"2025-04-15T21:31:59.110Z","repository":{"id":81621641,"uuid":"143342056","full_name":"martinvigo/ransombile","owner":"martinvigo","description":"Ransombile is a tool that can be used in different scenarios to compromise someone’s digital life when having physical access to a locked mobile device","archived":false,"fork":false,"pushed_at":"2022-02-16T22:21:53.000Z","size":33,"stargazers_count":74,"open_issues_count":1,"forks_count":26,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-11-03T22:33:44.019Z","etag":null,"topics":["2fa","hacking","password-reset","sms"],"latest_commit_sha":null,"homepage":"https://www.martinvigo.com/ransombile","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/martinvigo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2018-08-02T20:29:50.000Z","updated_at":"2024-08-18T18:39:56.000Z","dependencies_parsed_at":null,"dependency_job_id":"f7acec46-341a-4efe-a0c4-06adb898dab4","html_url":"https://github.com/martinvigo/ransombile","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/martinvigo%2Fransombile","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/martinvigo%2Fransombile/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/martinvigo%2Fransombile/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/martinvigo%2Fransombile/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/martinvigo","download_url":"https://codeload.github.com/martinvigo/ransombile/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223686002,"owners_count":17185963,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["2fa","hacking","password-reset","sms"],"created_at":"2024-08-01T12:01:55.541Z","updated_at":"2024-11-08T12:33:55.265Z","avatar_url":"https://github.com/martinvigo.png","language":"Ruby","funding_links":[],"categories":["Ruby"],"sub_categories":[],"readme":"# Ransombile\n\nRansombile is a tool that automates the password reset process and allows you to perform the entire flow automatically for multiple sites at the same time. The aim is to automate the three steps that take the longest in our proposed attack vector.\n\nThis tool only serves as a PoC to show that password reset can be automated effectively. Consider it an Alpha version. Things will fail and some sites I added don't work for various reasons (UI in a language different than English, A/B testing, timing issues, etc.).\n\nFor details and demos please check: [https://www.martinvigo.com/ransombile](https://www.martinvigo.com/ransombile)\n\n## Installation\n\nRansombile is a rails app. It should work on any version but I wrote and tested it on Ruby 2.4 and Rails 5.0\n\n## Setup\n\nYou need an email inbox to which you will be sending emails from the Victim's device to retrieve the victim;s email address. Add the credentials information to the *ransombile_controller* file.\n\nYou can change the selenium plugin to use any browser but it comes configured to use Firefox by default to make development and testing easier. In fact, if you would \"deploy\" Ransombile, you probably want to use a headless browsers like PhantomJS.\n\n## Usage\n\nLaunch the server and run the webapp on any browser. It is optimized for mobile device screen sizes.\n\n```rails server```\n\n## Adding websites\n\nI left a template under */controllers/website_templates_controller*. It gives you a skeleton with the basic functions and implementation. Just add the missing code where indicated.\n\nYou can create a new controller using the new website name\n\n```rails generate controller Websitename```\n\nNext, you need to update the UI, file *index.html.erb*. Just copy paste what's already there for any other site. Don't forget to update the function *initiatePasswordReset()*!\n\nLast, update the *routes* file\n\n## Demo video\n[![Ransombile demo video](https://img.youtube.com/vi/-d152pJ_Ua0/0.jpg)](https://www.youtube.com/watch?v=-d152pJ_Ua0)\n\n## Tool presentation at BSides Las Vegas 2018\n[![Ransombile presentation at Bsides Las Vegas 2018](https://img.youtube.com/vi/7MbgFTJrhss/0.jpg)](https://www.youtube.com/watch?v=7MbgFTJrhss)\n\n## Authors\n\nMartin Vigo - @martin_vigo - [martinvigo.com](https://www.martinvigo.com)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmartinvigo%2Fransombile","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmartinvigo%2Fransombile","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmartinvigo%2Fransombile/lists"}