Credentials Leaks


# "We download, analyze and classify all the pastes that are posted online."

# The tool can be used in order to crawl deleted pastebin files or to recover data like leaks.


# Simple python tool used to check haveIbeenpwned leaks for an e-mail or a list
# The tool will then check if the dump is accessible (using haveibeenpwned/pastebin) to get passwords
python -h
python -e
python -f file.txt

# Tool using onion website http://pwndb2am4tzkvold.onion/ to search leaks and retrieve known passwords
python --target
python --list file
python --target --ouput file

Online tools

h8mail (

# Email OSINT and password finder
# Usefull when targetting specific emails
# It uses different sources to get information (HaveIBeenPwned, Shodan, Public & Free tier, WeLeakInfo Public & Service, Snusbase)

# NodeJS is required to bypass CloudFlare. Docker is available

# Basic
python -t

# Several target and API keys
python -t targets.txt -c config.ini -o pwned_targets.csv

# Queries through local copy of Breachcompilation and API key for Snusbase
python -t targets.txt -bc ../Downloads/BreachCompilation/ -k "snusbase_url:$snusbase_url,snusbase_token:$snusbase_token"

# No API call
python -t targets.txt -bc ../Downloads/BreachCompilation/ --local

# Chasing (using to get new emails)
$ h8mail -t --chase 2 -k "hunterio:abc1234"

Leaked 2.1 (

# Another research tool for email and passwords
# You can search for password hashes, hash leaked or email leaked
# It uses python leakz module