/pwnedOrNot

OSINT Tool to Find Passwords for Compromised Email Addresses

Primary LanguagePythonMIT LicenseMIT

OSINT Tool to Find Passwords for Compromised Email Accounts

pwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps.


Available in

Featured on : Jake Creps Blog

Features

haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script:

  • Name of Breach
  • Domain Name
  • Date of Breach
  • Fabrication status
  • Verification Status
  • Retirement status
  • Spam Status

And with all this information pwnedOrNot can easily find passwords for compromised emails if the dump is accessible and it contains the password

Tested on

  • Kali Linux 2019.1
  • BlackArch Linux
  • Ubuntu 18.04
  • Kali Nethunter
  • Termux

Installation

Ubuntu / Kali Linux / Nethunter / Termux

git clone https://github.com/thewhiteh4t/pwnedOrNot.git
cd pwnedOrNot
pip3 install requests

BlackArch Linux

pacman -S pwnedornot

Updates

cd pwnedOrNot
git pull

Usage

python3 pwnedornot.py -h

usage: pwnedornot.py [-h] [-e EMAIL] [-f FILE] [-d DOMAIN] [-n] [-l]
                     [-c CHECK]

optional arguments:
  -h, --help                  show this help message and exit
  -e EMAIL, --email EMAIL     Email Address You Want to Test
  -f FILE, --file FILE        Load a File with Multiple Email Addresses
  -d DOMAIN, --domain DOMAIN  Filter Results by Domain Name
  -n, --nodumps               Only Check Breach Info and Skip Password Dumps
  -l, --list                  Get List of all pwned Domains
  -c CHECK, --check CHECK     Check if your Domain is pwned

# Examples

# Check Single Email
python3 pwnedornot.py -e <email>
#OR
python3 pwnedornot.py --email <email>

# Check Multiple Emails from File
python3 pwnedornot.py -f <file name>
#OR
python3 pwnedornot.py --file <file name>

# Filter Result for a Domain Name [Ex : adobe.com]
python3 pwnedornot.py -e <email> -d <domain name>
#OR
python3 pwnedornot.py -f <file name> --domain <domain name>

# Get only Breach Info, Skip Password Dumps
python3 pwnedornot.py -e <email> -n
#OR
python3 pwnedornot.py -f <file name> --nodumps

# Get List of all Breached Domains
python3 pwnedornot.py -l
#OR
python3 pwnedornot.py --list

# Check if a Domain is Pwned
python3 pwnedornot.py -c <domain name>
#OR
python3 pwnedornot.py --check <domain name>

Demo

Youtube