Credentials Leaks

PwnedOrNot

https://github.com/thewhiteh4t/pwnedOrNot.git

# Simple python tool used to check haveIbeenpwned leaks for an e-mail or a list
# The tool will then check if the dump is accessible (using haveibeenpwned/pastebin) to get passwords
python pwnedornot.py -h
python pwnedornot.py -e email@test.com
python pwnedornot.py -f file.txt


Pwndb.py

# Tool using onion website http://pwndb2am4tzkvold.onion/ to search leaks and retrieve known passwords
python pwndb.py --target email@test.fr
python pwndb.py --list file
python pwndb.py --target email@test.fr --ouput file


Online tools

https://dehashed.com
https://leaks.bzh
https://haveibeenpwned.com


h8mail (https://github.com/khast3x/h8mail)

# Email OSINT and password finder
# Usefull when targetting specific emails
# It uses different sources to get information (HaveIBeenPwned, Shodan, Hunter.io Public & Free tier, WeLeakInfo Public & Service, Snusbase)

# NodeJS is required to bypass CloudFlare. Docker is available

# Basic
python h8mail.py -t target@example.com

# Several target and API keys
python h8mail.py -t targets.txt -c config.ini -o pwned_targets.csv

# Queries through local copy of Breachcompilation and API key for Snusbase
python h8mail.py -t targets.txt -bc ../Downloads/BreachCompilation/ -k "snusbase_url:$snusbase_url,snusbase_token:$snusbase_token"

# No API call
python h8mail.py -t targets.txt -bc ../Downloads/BreachCompilation/ --local

# Chasing (using hunter.io to get new emails)
$ h8mail -t john.smith@fcorp.com --chase 2 -k "hunterio:abc1234"


Leaked 2.1 (https://github.com/GitHackTools/Leaked)

# Another research tool for email and passwords
# You can search for password hashes, hash leaked or email leaked
# It uses python leakz module
python leaked.py