Information is power. Information gathering is the most crucial part of penetration testing. Tracking targets ip address, browser, Operating Systems, social media accounts is the primary step.

Their are many tools are available to do this, nut in this tutorial we learn the use of Trape. Trape is written in python, it is a footprinting tool. Trape can help us by getting the ip address, OS, social media accounts by a single click of them.

Screenshot from 2019-04-04 21-56-35.png

It also can perform phishing and browser hooking attacks.

Trape doesn't comes pre-installed with Kali Linux, we need to clone it from github repository.

So open our terminal window and type following command and press enter.
git clone https://github.com/jofpin/trape

The screenshot of the command is following:

Screenshot from 2019-04-04 07-44-38.png

This is not a large tool, trape need few seconds to download. After download is complete we need to go to trape's directory using cd command and then we check the files using ls command. Here we are going to join those commands in a single command using && like this :
cd trape && ls

The screenshot is following:

Screenshot from 2019-04-04 07-50-11.png

First we need to install all the requirements for trape tool to do this we use this simple command.
pip install -r requirements.txt

The screenshot is following:

Screenshot from 2019-04-04 07-53-20.png

Now we can run the python script and check the options by using the simple command as following:
python trape.py -h

The screenshot is following:

Screenshot from 2019-04-04 08-05-03.png

Here we must need to use Ngrok token.The older tutorials on internet will not work here. In the older versions of trape we can use it without ngrok(offline mode) but we can add ngrok, in this new version ngrok is must. Here comes a question.
What is this Ngrok?
Ngrok is a tool that makes a tunnel that we can access our localhost in the internet.

So we need to go ngrok.com and sign up .

Screenshot from 2019-04-04 08-18-29.png

After sign up we get the API key in the auth sidebar,screenshot is following.

Screenshot from 2019-04-04 09-10-46.png

Now copy the API token and come back to terminal and paste the token. Now this will ask for Google Maps API token, to get follow this guide and paste the API key of Google map, this will help to get the location. Sorry, I cant show my Google map's API token for security reason so no screenshot for this one. This API tokens are needed for first time configuration only.

After pasting Google map's API this will ask for a url. Target will see this url's website after clicking our link, like the following screenshot.

Screenshot from 2019-04-04 09-33-46.png

We are using https://www.google.com for an example or we can use any other link.
Then Trape will ask for the port here type 80 (port for http) and press enter.

After doing this Trape will open like the screenshot below:

Screenshot from 2019-04-04 21-41-23.png

We can choose the lure urls to catch targets in our local network or public internet. We can see the information of target in the control panel link.
Screenshot of control panel is following:

Screenshot from 2019-04-04 22-19-08.png

Control panel can be accessible with the access key. For better result in public internet we can use url shortener to hide the ngrok url. All done now wait for targets click, whenever target clicks on the link we got the information of target.

Any questions or review ? Please leave a comment. If you like this Trape tutorial then please share with friends.