Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/thewhiteh4t/pwnedOrNot

OSINT Tool for Finding Passwords of Compromised Email Addresses
https://github.com/thewhiteh4t/pwnedOrNot

api hacked-emails haveibeenpwned osint passwords pwnedornot

Last synced: 3 months ago
JSON representation

OSINT Tool for Finding Passwords of Compromised Email Addresses

Host: GitHub
URL: https://github.com/thewhiteh4t/pwnedOrNot
Owner: thewhiteh4t
License: mit
Created: 2018-05-25T22:18:18.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2023-09-30T04:45:31.000Z (over 1 year ago)
Last Synced: 2024-07-25T05:37:22.664Z (6 months ago)
Topics: api, hacked-emails, haveibeenpwned, osint, passwords, pwnedornot
Language: Python
Homepage:
Size: 75.2 KB
Stars: 2,150
Watchers: 81
Forks: 319
Open Issues: 7
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

awesome - thewhiteh4t/pwnedOrNot - OSINT Tool for Finding Passwords of Compromised Email Addresses (Python)
awesome-hacking-tools - PwnedOrNot - Tool to find passwords for compromised accounts (Asset Discovery / Data Leaks)
awesome-starz - thewhiteh4t/pwnedOrNot - OSINT Tool for Finding Passwords of Compromised Email Addresses (Python)
Awesome-Asset-Discovery - PwnedOrNot
project-awesome - thewhiteh4t/pwnedOrNot - OSINT Tool for Finding Passwords of Compromised Email Addresses (Python)

README

        


OSINT Tool for Finding Passwords of Compromised Email Accounts




  Twitter

   - 

  Telegram

   - 

  Blog



| Available | in | |

|-|-|-|

| [BlackArch Linux](https://blackarch.org/) | [SecBSD](https://secbsd.org/) | [Tsurugi Linux](https://tsurugi-linux.org/) |

| ![](https://i.imgur.com/1wJVDV5.png) | ![](https://i.imgur.com/z36xL8c.png) | ![Tsurugi Linux](https://i.imgur.com/S1ylcp7.jpg) |

---

pwnedOrNot works in two phases. In the **first** phase it tests the given email address using [**`HaveIBeenPwned v3 API`**](https://haveibeenpwned.com/API/v3) to find if the account have been breached in the past and in the **second** phase it searches the **password** in available **public dumps**.

**`An API Key is required to use the tool. You can purchase a key from HIBP website linked below`**

https://haveibeenpwned.com/API/v3

---

## Featured

**> OSINT Collection Tools for Pastebin - Jake Creps**

**> eForensics Magazine May 2020**

---

## Changelog

https://github.com/thewhiteh4t/pwnedOrNot/wiki/Changelog

---

## Features

[**haveibeenpwned**](https://haveibeenpwned.com/API/v3) offers a lot of information about the compromised email, pwnedOrNot displays most useful information such as :

* Name of Breach

* Domain Name

* Date of Breach

* Fabrication status

* Verification Status

* Retirement status

* Spam Status

### About Passwords

The chances of finding passwords depends upon the following factors :

* If public dumps are available for the email address

* If the public dumps are accessible

  * Sometimes the dumps are removed

* If the public dump contains password

  * Sometimes a dump contains only email addresses

#### Tested on

* **Kali Linux**

* **BlackArch Linux**

* **Kali Nethunter**

* **Termux**

> Windows users are suggested to use Kali Linux WSL2 or a VM

## Installation

**Ubuntu / Kali Linux / Nethunter / Termux**

```bash

git clone https://github.com/thewhiteh4t/pwnedOrNot.git

cd pwnedOrNot

chmod +x install.sh

./install.sh

```

**BlackArch Linux**

```bash

pacman -S pwnedornot

```

**Docker**

```bash

git clone https://github.com/thewhiteh4t/pwnedOrNot.git

docker build -t pon .

docker run -it pon

```

## Updates

```bash

cd pwnedOrNot

git pull

```

## Usage

```bash

python3 pwnedornot.py -h

usage: pwnedornot.py [-h] [-e EMAIL] [-f FILE] [-d DOMAIN] [-n] [-l]

                     [-c CHECK]

optional arguments:

  -h, --help                  show this help message and exit

  -e EMAIL, --email EMAIL     Email Address You Want to Test

  -f FILE, --file FILE        Load a File with Multiple Email Addresses

  -d DOMAIN, --domain DOMAIN  Filter Results by Domain Name

  -n, --nodumps               Only Check Breach Info and Skip Password Dumps

  -l, --list                  Get List of all pwned Domains

  -c CHECK, --check CHECK     Check if your Domain is pwned

# Examples

# Check Single Email

python3 pwnedornot.py -e 

#OR

python3 pwnedornot.py --email 

# Check Multiple Emails from File

python3 pwnedornot.py -f 

#OR

python3 pwnedornot.py --file 

# Filter Result for a Domain Name [Ex : adobe.com]

python3 pwnedornot.py -e  -d 

#OR

python3 pwnedornot.py -f  --domain 

# Get only Breach Info, Skip Password Dumps

python3 pwnedornot.py -e  -n

#OR

python3 pwnedornot.py -f  --nodumps

# Get List of all Breached Domains

python3 pwnedornot.py -l

#OR

python3 pwnedornot.py --list

# Check if a Domain is Pwned

python3 pwnedornot.py -c 

#OR

python3 pwnedornot.py --check 

```

## Demo [ YouTube ]

[![Youtube](https://i.imgur.com/aSM6dKc.png)](https://www.youtube.com/watch?v=R_Y_QzVmERA)