{"id":13438607,"url":"https://github.com/thewhiteh4t/pwnedOrNot","last_synced_at":"2025-03-20T06:30:54.819Z","repository":{"id":40827589,"uuid":"134909692","full_name":"thewhiteh4t/pwnedOrNot","owner":"thewhiteh4t","description":"OSINT Tool for Finding Passwords of Compromised Email Addresses","archived":false,"fork":false,"pushed_at":"2023-09-30T04:45:31.000Z","size":77,"stargazers_count":2301,"open_issues_count":8,"forks_count":323,"subscribers_count":79,"default_branch":"master","last_synced_at":"2025-03-17T00:15:12.547Z","etag":null,"topics":["api","hacked-emails","haveibeenpwned","osint","passwords","pwnedornot"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thewhiteh4t.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"thewhiteh4t"}},"created_at":"2018-05-25T22:18:18.000Z","updated_at":"2025-03-16T19:53:46.000Z","dependencies_parsed_at":"2023-01-26T16:31:41.716Z","dependency_job_id":"80926118-5b83-412d-bdb1-840a3e1d6a02","html_url":"https://github.com/thewhiteh4t/pwnedOrNot","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thewhiteh4t%2FpwnedOrNot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thewhiteh4t%2FpwnedOrNot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thewhiteh4t%2FpwnedOrNot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thewhiteh4t%2FpwnedOrNot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thewhiteh4t","download_url":"https://codeload.github.com/thewhiteh4t/pwnedOrNot/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244565073,"owners_count":20473199,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","hacked-emails","haveibeenpwned","osint","passwords","pwnedornot"],"created_at":"2024-07-31T03:01:06.818Z","updated_at":"2025-03-20T06:30:49.811Z","avatar_url":"https://github.com/thewhiteh4t.png","language":"Python","funding_links":["https://github.com/sponsors/thewhiteh4t"],"categories":["Asset Discovery","Python","[↑](#contents)Data Leaks","api","Pentesting"],"sub_categories":["Data Leaks","OSINT - Open Source INTelligence"],"readme":"\u003cp align=\"center\"\u003e\u003cimg src=\"https://i.imgur.com/ojjMbWX.jpg\"\u003e\u003c/p\u003e\r\n\r\n\u003ch4 align=\"center\"\u003eOSINT Tool for Finding Passwords of Compromised Email Accounts\u003c/h4\u003e\r\n\r\n\u003cp align=\"center\"\u003e\r\n  \u003ca href=\"https://twitter.com/thewhiteh4t\"\u003e\u003cb\u003eTwitter\u003c/b\u003e\u003c/a\u003e\r\n  \u003cspan\u003e - \u003c/span\u003e\r\n  \u003ca href=\"https://t.me/thewhiteh4t\"\u003e\u003cb\u003eTelegram\u003c/b\u003e\u003c/a\u003e\r\n  \u003cspan\u003e - \u003c/span\u003e\r\n  \u003ca href=\"https://thewhiteh4t.github.io\"\u003e\u003cb\u003eBlog\u003c/b\u003e\u003c/a\u003e\r\n\u003c/p\u003e\r\n\r\n| Available | in | |\r\n|-|-|-|\r\n| [BlackArch Linux](https://blackarch.org/) | [SecBSD](https://secbsd.org/) | [Tsurugi Linux](https://tsurugi-linux.org/) |\r\n| ![](https://i.imgur.com/1wJVDV5.png) | ![](https://i.imgur.com/z36xL8c.png) | ![Tsurugi Linux](https://i.imgur.com/S1ylcp7.jpg) |\r\n\r\n---\r\n\r\npwnedOrNot works in two phases. In the **first** phase it tests the given email address using [**`HaveIBeenPwned v3 API`**](https://haveibeenpwned.com/API/v3) to find if the account have been breached in the past and in the **second** phase it searches the **password** in available **public dumps**.\r\n\r\n**`An API Key is required to use the tool. You can purchase a key from HIBP website linked below`**\r\n\r\nhttps://haveibeenpwned.com/API/v3\r\n\r\n---\r\n\r\n## Featured\r\n\r\n\u003ca href=\"https://jakecreps.com/2019/05/08/osint-collection-tools-for-pastebin/\"\u003e**\u003e OSINT Collection Tools for Pastebin - Jake Creps**\u003c/a\u003e\r\n\r\n\u003ca href=\"https://eforensicsmag.com/download/open-source-forensic-tools/\"\u003e**\u003e eForensics Magazine May 2020**\u003c/a\u003e\r\n\r\n---\r\n\r\n## Changelog\r\n\r\nhttps://github.com/thewhiteh4t/pwnedOrNot/wiki/Changelog\r\n\r\n---\r\n\r\n## Features\r\n\r\n[**haveibeenpwned**](https://haveibeenpwned.com/API/v3) offers a lot of information about the compromised email, pwnedOrNot displays most useful information such as :\r\n\r\n* Name of Breach\r\n* Domain Name\r\n* Date of Breach\r\n* Fabrication status\r\n* Verification Status\r\n* Retirement status\r\n* Spam Status\r\n\r\n### About Passwords\r\n\r\nThe chances of finding passwords depends upon the following factors :\r\n\r\n* If public dumps are available for the email address\r\n* If the public dumps are accessible\r\n  * Sometimes the dumps are removed\r\n* If the public dump contains password\r\n  * Sometimes a dump contains only email addresses\r\n\r\n#### Tested on\r\n* **Kali Linux**\r\n* **BlackArch Linux**\r\n* **Kali Nethunter**\r\n* **Termux**\r\n\r\n\u003e Windows users are suggested to use Kali Linux WSL2 or a VM\r\n\r\n## Installation\r\n**Ubuntu / Kali Linux / Nethunter / Termux**\r\n\r\n```bash\r\ngit clone https://github.com/thewhiteh4t/pwnedOrNot.git\r\ncd pwnedOrNot\r\nchmod +x install.sh\r\n./install.sh\r\n```\r\n\r\n**BlackArch Linux**\r\n\r\n```bash\r\npacman -S pwnedornot\r\n```\r\n\r\n**Docker**\r\n\r\n```bash\r\ngit clone https://github.com/thewhiteh4t/pwnedOrNot.git\r\ndocker build -t pon .\r\ndocker run -it pon\r\n```\r\n\r\n## Updates\r\n```bash\r\ncd pwnedOrNot\r\ngit pull\r\n```\r\n\r\n## Usage\r\n```bash\r\npython3 pwnedornot.py -h\r\n\r\nusage: pwnedornot.py [-h] [-e EMAIL] [-f FILE] [-d DOMAIN] [-n] [-l]\r\n                     [-c CHECK]\r\n\r\noptional arguments:\r\n  -h, --help                  show this help message and exit\r\n  -e EMAIL, --email EMAIL     Email Address You Want to Test\r\n  -f FILE, --file FILE        Load a File with Multiple Email Addresses\r\n  -d DOMAIN, --domain DOMAIN  Filter Results by Domain Name\r\n  -n, --nodumps               Only Check Breach Info and Skip Password Dumps\r\n  -l, --list                  Get List of all pwned Domains\r\n  -c CHECK, --check CHECK     Check if your Domain is pwned\r\n\r\n# Examples\r\n\r\n# Check Single Email\r\npython3 pwnedornot.py -e \u003cemail\u003e\r\n#OR\r\npython3 pwnedornot.py --email \u003cemail\u003e\r\n\r\n# Check Multiple Emails from File\r\npython3 pwnedornot.py -f \u003cfile name\u003e\r\n#OR\r\npython3 pwnedornot.py --file \u003cfile name\u003e\r\n\r\n# Filter Result for a Domain Name [Ex : adobe.com]\r\npython3 pwnedornot.py -e \u003cemail\u003e -d \u003cdomain name\u003e\r\n#OR\r\npython3 pwnedornot.py -f \u003cfile name\u003e --domain \u003cdomain name\u003e\r\n\r\n# Get only Breach Info, Skip Password Dumps\r\npython3 pwnedornot.py -e \u003cemail\u003e -n\r\n#OR\r\npython3 pwnedornot.py -f \u003cfile name\u003e --nodumps\r\n\r\n# Get List of all Breached Domains\r\npython3 pwnedornot.py -l\r\n#OR\r\npython3 pwnedornot.py --list\r\n\r\n# Check if a Domain is Pwned\r\npython3 pwnedornot.py -c \u003cdomain name\u003e\r\n#OR\r\npython3 pwnedornot.py --check \u003cdomain name\u003e\r\n```\r\n\r\n## Demo [ YouTube ]\r\n[![Youtube](https://i.imgur.com/aSM6dKc.png)](https://www.youtube.com/watch?v=R_Y_QzVmERA)\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthewhiteh4t%2FpwnedOrNot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthewhiteh4t%2FpwnedOrNot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthewhiteh4t%2FpwnedOrNot/lists"}