{"id":17026935,"url":"https://github.com/wirzka/pwnfier","last_synced_at":"2025-03-22T19:17:54.682Z","repository":{"id":193590350,"uuid":"279418150","full_name":"wirzka/pwnfier","owner":"wirzka","description":"Python command line tool to use HIPB services.","archived":false,"fork":false,"pushed_at":"2020-07-28T15:50:10.000Z","size":37,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-27T23:19:38.245Z","etag":null,"topics":["bec","bluteam","cybersecurity","haveibeenpwned","hibp","infosec","mailsecurity","python"],"latest_commit_sha":null,"homepage":"https://github.com/wirzka/pwnfier","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wirzka.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2020-07-13T21:44:45.000Z","updated_at":"2020-07-28T16:07:21.000Z","dependencies_parsed_at":"2023-09-08T23:03:06.248Z","dependency_job_id":"cb6f5755-5069-4b4f-a74b-93d3cb172946","html_url":"https://github.com/wirzka/pwnfier","commit_stats":null,"previous_names":["wirzka/pwnfier"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wirzka%2Fpwnfier","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wirzka%2Fpwnfier/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wirzka%2Fpwnfier/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wirzka%2Fpwnfier/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wirzka","download_url":"https://codeload.github.com/wirzka/pwnfier/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245007240,"owners_count":20546144,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bec","bluteam","cybersecurity","haveibeenpwned","hibp","infosec","mailsecurity","python"],"created_at":"2024-10-14T07:45:18.443Z","updated_at":"2025-03-22T19:17:54.651Z","avatar_url":"https://github.com/wirzka.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"```\n                           _____ .__\n______  __  _  __  ____  _/ ____\\|__|  ____  _______ \n\\____ \\ \\ \\/ \\/ / /    \\ \\   __\\ |  |_/ __ \\ \\_  __ \\\n|  |_\u003e \u003e \\     / |   |  \\ |  |   |  |\\  ___/  |  | \\/\n|   __/   \\/\\_/  |___|  / |__|   |__| \\___  \u003e |__|   \n|__|                  \\/                  \\/\n```\n# PwnFier\n\nPython command line tool to look for:\n* All breaches for an account\n* All breached sites on HIBP | All breaches for a given domain (e.g. adobe.com)\n* All breaches for a given site | All breaches for a given name (e.g. Adobe)\n* All pastes for an account\n* Pwned passwords\n\n\n*For more detail, please go to [HIBP API overview](https://haveibeenpwned.com/API/v3)*\n### How it works\nThis is how the script gears run:\n1. The script takes the args parsed from the command line\n2. Checks if the user has provided an authenticated request or not\n3. Checks if the user has provided the argument or a file as input \u0026 check if the file is good\n4. Sends the query to HIBP with the API\n5. Shows the result | Saves result to file\n\n### Prerequisites \u0026 dependecies\n\n* Python version: `3.7`\n* [HIBP](https://haveibeenpwned.com) API KEY for authenticated requests\n* [Docopt](http://docopt.org/) as command-line interface description language\n* [Art](https://github.com/sepandhaghighi/art) for the ASCII art\n\n### How to use it\n```\nUsage:\n  pwnfier.py  (-a) (([-A MAIL] | [-P MAIL]) [-f FILEPATH] [-S])\n  pwnfier.py  (-n) (([-b NAME] | [-B] [--filter DOMAIN]) [-f FILEPATH] [-S])\n  pwnfier.py  (-n) (-p PASSWORD [-f FILEPATH] [-H] [-S])\n  pwnfier.py  -h | --help\n\nOptions:\n  \n  User input:\n  -a --auth          Use authenticated mode, MUST provide API key\n  -n --notauth       Use non authenticated mode, do not provide API key\n  -f --file          Insert the file name or absolute path\n  -F --filter        Insert the domain to filter e.g. adobe.com\n  \n  Type of query:\n  -b --breach        Give a domain, look for its specific breaches\n  -B --breaches      Retrieve all breaches from HIBP (filter with -F)\n  -p --passwd        Check for password's leak\n  -P --Pasted        Check if the given mail is on Pasted websites\n  -A --AllBreach     Check all the given mail's breaches\n  -H --hash          If you want to give only directly the password's hash\n\n  Misc:\n  -S --save          Save the output to standard file\n  -h --help          Show this screen\n\n  Some examples:\n  pwnfier.py -aAf mailFile.txt\n  pwnfier.py -nBF yahoo.com\n  pwnfier.py -nb  Adobe\n```\n### File's format\nThe file that the user wants to pass must be formatted as the following:\n| Data        | File extension   | Format  |\n| ------------- |:-------------:| ------:|\n| API          | .txt  | 1 LINE |\n| Domains          | .txt  | OEPL |\n| Names | .txt  | OEPL  |\n| Passwords | .txt  | OEPL |\n| E-Mails | .txt      | AYW |\n\n*OEPL: One Entry Per Line*\n\n*AYW: As You Want, the script will grab every regex matching e-mail*\n### Standard ouput file\nAt the beginning of the code, you can find the variables to set to choose the output file's name and path.\nThe extension is JSON.\nThe default path is the current working directory.\n\nDefault names are:\n| Type of query        | File extension |\n| ------------- |:-------------:| \n| All breaches          | pwnfier_account.json |\n| Pastes          | pwnfier_pasted.json |\n| Single breach | pwnfier_breach_res.json |\n| All breaches | pwnfier_breaches_res.json |\n| Pwned passwords | pwnfier_pwd_res.json |\n\n#### The *all breaches* query if not filtered will automatically save the output to file.\n\n## Purpose of this tool\nMonitoring the confidentiality of any account.\nI've created it just for educational purpose and I am not a professional dev.\n\nFeel free to show me better ways to do it.\n\n## Authors\n\n* **Andrea Grigoletto** - [Wirzka](https://github.com/wirzka)\n\n## Acknowledgments\n\n* Thanks to [HIBP](https://haveibeenpwned.com) for the service offered\n* Thanks to [Vsecades](https://github.com/vsecades) as he inspired me for the API module\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwirzka%2Fpwnfier","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwirzka%2Fpwnfier","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwirzka%2Fpwnfier/lists"}