pwnedOrNot

OSINT Tool for Finding Passwords of Compromised Email Addresses

thewhiteh4t
1462
280
Python

OSINT Tool for Finding Passwords of Compromised Email Accounts

Twitter - Telegram - Blog

Available in
BlackArch Linux SecBSD Tsurugi Linux
Tsurugi Linux

pwnedOrNot works in two phases. In the first phase it tests the given email address using HaveIBeenPwned v3 API to find if the account have been breached in the past and in the second phase it searches the password in available public dumps.

An API Key is required to use the tool. You can purchase a key from HIBP website linked below

https://haveibeenpwned.com/API/v3

Featured

> OSINT Collection Tools for Pastebin - Jake Creps

> eForensics Magazine May 2020

Changelog

https://github.com/thewhiteh4t/pwnedOrNot/wiki/Changelog

Features

haveibeenpwned offers a lot of information about the compromised email, pwnedOrNot displays most useful information such as :

  • Name of Breach
  • Domain Name
  • Date of Breach
  • Fabrication status
  • Verification Status
  • Retirement status
  • Spam Status

About Passwords

The chances of finding passwords depends upon the following factors :

  • If public dumps are available for the email address
  • If the public dumps are accessible
    • Sometimes the dumps are removed
  • If the public dump contains password
    • Sometimes a dump contains only email addresses

Tested on

  • Kali Linux
  • BlackArch Linux
  • Kali Nethunter
  • Termux

Windows users are suggested to use Kali Linux WSL2 or a VM

Installation

Ubuntu / Kali Linux / Nethunter / Termux

git clone https://github.com/thewhiteh4t/pwnedOrNot.git
cd pwnedOrNot
chmod +x install.sh
./install.sh

BlackArch Linux

pacman -S pwnedornot

Docker

git clone https://github.com/thewhiteh4t/pwnedOrNot.git
docker build -t pon .
docker run -it pon

Updates

cd pwnedOrNot
git pull

Usage

python3 pwnedornot.py -h

usage: pwnedornot.py [-h] [-e EMAIL] [-f FILE] [-d DOMAIN] [-n] [-l]
                     [-c CHECK]

optional arguments:
  -h, --help                  show this help message and exit
  -e EMAIL, --email EMAIL     Email Address You Want to Test
  -f FILE, --file FILE        Load a File with Multiple Email Addresses
  -d DOMAIN, --domain DOMAIN  Filter Results by Domain Name
  -n, --nodumps               Only Check Breach Info and Skip Password Dumps
  -l, --list                  Get List of all pwned Domains
  -c CHECK, --check CHECK     Check if your Domain is pwned

# Examples

# Check Single Email
python3 pwnedornot.py -e <email>
#OR
python3 pwnedornot.py --email <email>

# Check Multiple Emails from File
python3 pwnedornot.py -f <file name>
#OR
python3 pwnedornot.py --file <file name>

# Filter Result for a Domain Name [Ex : adobe.com]
python3 pwnedornot.py -e <email> -d <domain name>
#OR
python3 pwnedornot.py -f <file name> --domain <domain name>

# Get only Breach Info, Skip Password Dumps
python3 pwnedornot.py -e <email> -n
#OR
python3 pwnedornot.py -f <file name> --nodumps

# Get List of all Breached Domains
python3 pwnedornot.py -l
#OR
python3 pwnedornot.py --list

# Check if a Domain is Pwned
python3 pwnedornot.py -c <domain name>
#OR
python3 pwnedornot.py --check <domain name>

Demo [ YouTube ]

Youtube