Git Product home page Git Product logo

tl-fraud's Introduction

TL-FRAUD

Welcome to the TL-FRAUD repo. This collection contains fraud related tools. There are various credential stuffing tools, configuration files, and custom scripts to attempt fraud against services and organizations.

Files in this collection have been gathered via distributed trawling of the internet, and deduplicated where applicable.

Disclaimer

The files contained in this repo are for research purposes only. They are provided as-is and have no guarantee of functionality.

What is Credential Stuffing?

Credential stuffing is a fraud technique that leverages database dumps to brute force logins on a given service. The more fresh and/or relevant a given database dump is, the higher the chance of success.

Combolists are combinations of usernames and passwords, stored line by line in a text file. They are the most common way of storing credentials for an attack.

Mitigations

There are numerous mitigations that can assist in preventing the success of a credential stuffing attack. These include WAFs, CAPCHAs, Rate Limiting, and a defense in depth approach to protecting your application.

Navigating the Repo

The repo is divided into several folders, containing specific categories of activity.

Zip files may have the same or similar names, so each filename contains an identifier based on the first 6 characters of the SHA1 hash of the file. The formula is:

FILENAME.SHA1.EXTENSION

Non Zip files may contain this naming pattern as well.

Collection Highlights

There is a large number of configuration files for popular credential stuffing tools, SentryMBA, BlackBullet, AIOC, Woxy and Storm.

There is also a large number of YouTube view bots and various ad fraud tools for YouTube.

Contributing

Contributions to this repo are welcome. Simply fork this repo, open a pull request and consult with the repo maintainers about it.

Guidelines

  • Please submit larger files (> 5 MB) as a zip file in order to make cloning this a reasonable exercise.
  • Please try and follow our naming convention for zip files in order to deduplicate and identify hashes.

Files are subject to rejection if they do not meet our guidelines.

We will NOT accept the following

  • Combolists
  • Database dumps
  • Any credentials for active sites, user, admin or otherwise

tl-fraud's People

Contributors

netspooky avatar plazmaz avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.