An intelligence tool for Venmo
An intelligence tool for Venmo. Presented at conINT2020, Bsides Charleston 2019, Avengercon 2019, and Layer8 2019. Use wisely/be an infosec hero - not responsible for any misuse.
It's been awhile since I've updated this and things have changed over at Venmo. This is great, actually from privacy and security perspectives. They've taken steps (albeit minor) to improve the security of their API and provided more transparency on user settings for making things private. Most of the API endpoints now require authentication. However, anyone with an account can get an API token and gain access to their API endpoints where they can gather all the things. I've updated this repo to account for the new oAuth process and accessing the updated API endpoints. Changes:
The authenticated module allows for much more data to be collected. This module requires an API token (available to all accounts, no additional signups). In order to set this up, perform the following:
--auth
flag to invoke this process. You'll be prompted for a OTP and should receive a text message to your phone. Enter the code and press enter. You'll be issued an API key.python venemy.py --user username
python venemy.py --friends username
python venemy.py --trans username
python venemy.py --all username
python venemy.py --crawl username
python venemy_auth.py --friends username --pic
If wanting to avoid creating an account, there's an option to use some HTML scraping. This can also help you do some initial recon without having to login.
python venemy.py --noauth UserName
python venemy.py --brute-force Person's name