Scrapesy is a tool made by red team analysts at Standard Industries. It helps organizations to detect incidents of data breaches. This scrapes both the dark web and the clear web to look for leaked credentials and other information. This was designed for the security workers, threat intelligence, and also by penetration testing professionals. Although, their usage is not limited to them only.
This tool scrapes leaks of credentials which are sometimes known as ‘combolist’. It will also “ingest and parse them against a list of domains and/or explicit email addresses owned by your organization”. As said by Michael Giordano, the red team analyst at Standard Industries.
He also said, “It targets known sources that contain combolists from numerous phishing campaigns typically targeted around well-known services like Spotify, Facebook, and Twitter.”
“Additionally, there are instances of third-party breaches where these credentials could become exposed if an organization happens to conduct business with that third party.”
Scrapesy is not the first tool created for this purpose. There are numerous other such tools that have the capability of scraping the internet and detecting leaks of credentials. Scrapesy can be used for the detection of data breaches. The breaches can have an effect on wider organizations and also the response time for such incidents can be decreased.
Users are free to create and share modules that may help in the process detection of such leaks and feed it to the community.
“As time goes on, we would like to develop a framework for Scrapesy that will make it relatively easy for folks to create their own modules.”