Skip to content

OSINT Tool for Finding Passwords of Compromised Email Addresses

License

Notifications You must be signed in to change notification settings

private-codes/pwnedOrNot

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 

Repository files navigation

OSINT Tool for Finding Passwords of Compromised Email Accounts

Twitter - Telegram - Blog

Available in
BlackArch Linux SecBSD Tsurugi Linux
Tsurugi Linux

pwnedOrNot uses haveibeenpwned v3 api to test email accounts and tries to find the password in Pastebin Dumps.

Featured

OSINT Collection Tools for Pastebin - Jake Creps

Features

haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script:

  • Name of Breach
  • Domain Name
  • Date of Breach
  • Fabrication status
  • Verification Status
  • Retirement status
  • Spam Status

And with all this information pwnedOrNot can easily find passwords for compromised emails if the dump is accessible and it contains the password

Tested on

  • Kali Linux
  • BlackArch Linux
  • Kali Nethunter
  • Termux

Installation

Ubuntu / Kali Linux / Nethunter / Termux

git clone https://github.com/thewhiteh4t/pwnedOrNot.git
cd pwnedOrNot
pip3 install requests

BlackArch Linux

pacman -S pwnedornot

Docker

docker pull thewhiteh4t/pwnedornot
docker create -it --name pon thewhiteh4t/pwnedornot
docker start pon -i

Updates

cd pwnedOrNot
git pull

Usage

python3 pwnedornot.py -h

usage: pwnedornot.py [-h] [-e EMAIL] [-f FILE] [-d DOMAIN] [-n] [-l]
                     [-c CHECK]

optional arguments:
  -h, --help                  show this help message and exit
  -e EMAIL, --email EMAIL     Email Address You Want to Test
  -f FILE, --file FILE        Load a File with Multiple Email Addresses
  -d DOMAIN, --domain DOMAIN  Filter Results by Domain Name
  -n, --nodumps               Only Check Breach Info and Skip Password Dumps
  -l, --list                  Get List of all pwned Domains
  -c CHECK, --check CHECK     Check if your Domain is pwned

# Examples

# Check Single Email
python3 pwnedornot.py -e <email>
#OR
python3 pwnedornot.py --email <email>

# Check Multiple Emails from File
python3 pwnedornot.py -f <file name>
#OR
python3 pwnedornot.py --file <file name>

# Filter Result for a Domain Name [Ex : adobe.com]
python3 pwnedornot.py -e <email> -d <domain name>
#OR
python3 pwnedornot.py -f <file name> --domain <domain name>

# Get only Breach Info, Skip Password Dumps
python3 pwnedornot.py -e <email> -n
#OR
python3 pwnedornot.py -f <file name> --nodumps

# Get List of all Breached Domains
python3 pwnedornot.py -l
#OR
python3 pwnedornot.py --list

# Check if a Domain is Pwned
python3 pwnedornot.py -c <domain name>
#OR
python3 pwnedornot.py --check <domain name>

Demo

Youtube

About

OSINT Tool for Finding Passwords of Compromised Email Addresses

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 97.6%
  • Dockerfile 2.4%