Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/thewhiteh4t/pwnedOrNot
OSINT Tool for Finding Passwords of Compromised Email Addresses
https://github.com/thewhiteh4t/pwnedOrNot
api hacked-emails haveibeenpwned osint passwords pwnedornot
Last synced: 3 months ago
JSON representation
OSINT Tool for Finding Passwords of Compromised Email Addresses
- Host: GitHub
- URL: https://github.com/thewhiteh4t/pwnedOrNot
- Owner: thewhiteh4t
- License: mit
- Created: 2018-05-25T22:18:18.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2023-09-30T04:45:31.000Z (over 1 year ago)
- Last Synced: 2024-07-25T05:37:22.664Z (6 months ago)
- Topics: api, hacked-emails, haveibeenpwned, osint, passwords, pwnedornot
- Language: Python
- Homepage:
- Size: 75.2 KB
- Stars: 2,150
- Watchers: 81
- Forks: 319
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- awesome - thewhiteh4t/pwnedOrNot - OSINT Tool for Finding Passwords of Compromised Email Addresses (Python)
- awesome-hacking-tools - PwnedOrNot - Tool to find passwords for compromised accounts (Asset Discovery / Data Leaks)
- awesome-starz - thewhiteh4t/pwnedOrNot - OSINT Tool for Finding Passwords of Compromised Email Addresses (Python)
- Awesome-Asset-Discovery - PwnedOrNot
- project-awesome - thewhiteh4t/pwnedOrNot - OSINT Tool for Finding Passwords of Compromised Email Addresses (Python)
README
OSINT Tool for Finding Passwords of Compromised Email Accounts
| Available | in | |
|-|-|-|
| [BlackArch Linux](https://blackarch.org/) | [SecBSD](https://secbsd.org/) | [Tsurugi Linux](https://tsurugi-linux.org/) |
| ![](https://i.imgur.com/1wJVDV5.png) | ![](https://i.imgur.com/z36xL8c.png) | ![Tsurugi Linux](https://i.imgur.com/S1ylcp7.jpg) |---
pwnedOrNot works in two phases. In the **first** phase it tests the given email address using [**`HaveIBeenPwned v3 API`**](https://haveibeenpwned.com/API/v3) to find if the account have been breached in the past and in the **second** phase it searches the **password** in available **public dumps**.
**`An API Key is required to use the tool. You can purchase a key from HIBP website linked below`**
https://haveibeenpwned.com/API/v3
---
## Featured
**> OSINT Collection Tools for Pastebin - Jake Creps**
**> eForensics Magazine May 2020**
---
## Changelog
https://github.com/thewhiteh4t/pwnedOrNot/wiki/Changelog
---
## Features
[**haveibeenpwned**](https://haveibeenpwned.com/API/v3) offers a lot of information about the compromised email, pwnedOrNot displays most useful information such as :
* Name of Breach
* Domain Name
* Date of Breach
* Fabrication status
* Verification Status
* Retirement status
* Spam Status### About Passwords
The chances of finding passwords depends upon the following factors :
* If public dumps are available for the email address
* If the public dumps are accessible
* Sometimes the dumps are removed
* If the public dump contains password
* Sometimes a dump contains only email addresses#### Tested on
* **Kali Linux**
* **BlackArch Linux**
* **Kali Nethunter**
* **Termux**> Windows users are suggested to use Kali Linux WSL2 or a VM
## Installation
**Ubuntu / Kali Linux / Nethunter / Termux**```bash
git clone https://github.com/thewhiteh4t/pwnedOrNot.git
cd pwnedOrNot
chmod +x install.sh
./install.sh
```**BlackArch Linux**
```bash
pacman -S pwnedornot
```**Docker**
```bash
git clone https://github.com/thewhiteh4t/pwnedOrNot.git
docker build -t pon .
docker run -it pon
```## Updates
```bash
cd pwnedOrNot
git pull
```## Usage
```bash
python3 pwnedornot.py -husage: pwnedornot.py [-h] [-e EMAIL] [-f FILE] [-d DOMAIN] [-n] [-l]
[-c CHECK]optional arguments:
-h, --help show this help message and exit
-e EMAIL, --email EMAIL Email Address You Want to Test
-f FILE, --file FILE Load a File with Multiple Email Addresses
-d DOMAIN, --domain DOMAIN Filter Results by Domain Name
-n, --nodumps Only Check Breach Info and Skip Password Dumps
-l, --list Get List of all pwned Domains
-c CHECK, --check CHECK Check if your Domain is pwned# Examples
# Check Single Email
python3 pwnedornot.py -e
#OR
python3 pwnedornot.py --email# Check Multiple Emails from File
python3 pwnedornot.py -f
#OR
python3 pwnedornot.py --file# Filter Result for a Domain Name [Ex : adobe.com]
python3 pwnedornot.py -e -d
#OR
python3 pwnedornot.py -f --domain# Get only Breach Info, Skip Password Dumps
python3 pwnedornot.py -e -n
#OR
python3 pwnedornot.py -f --nodumps# Get List of all Breached Domains
python3 pwnedornot.py -l
#OR
python3 pwnedornot.py --list# Check if a Domain is Pwned
python3 pwnedornot.py -c
#OR
python3 pwnedornot.py --check
```## Demo [ YouTube ]
[![Youtube](https://i.imgur.com/aSM6dKc.png)](https://www.youtube.com/watch?v=R_Y_QzVmERA)