pwnedOrNot是一个python脚本,用于检查电子邮件帐户是否在数据泄露事件中已被盗用

pwnedOrNot是一个python脚本,用于检查电子邮件帐户是否在数据泄露事件中已被盗用,如果电子邮件帐户已经被盗用,则会继续查找受感染帐户的密码。

Python 安全相关

访问GitHub主页

共747Star

详细介绍

OSINT Tool for Finding Passwords of Compromised Email Accounts

Twitter - Telegram - Blog

Available in
BlackArch Linux SecBSD Tsurugi Linux
Tsurugi Linux

pwnedOrNot uses haveibeenpwned v3 api to test email accounts and tries to find the password in Pastebin Dumps.

Featured

OSINT Collection Tools for Pastebin - Jake Creps

Changelog

Features

haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script:

  • Name of Breach
  • Domain Name
  • Date of Breach
  • Fabrication status
  • Verification Status
  • Retirement status
  • Spam Status

And with all this information pwnedOrNot can easily find passwords for compromised emails if the dump is accessible and it contains the password

Tested on

  • Kali Linux
  • BlackArch Linux
  • Kali Nethunter
  • Termux

Installation

Ubuntu / Kali Linux / Nethunter / Termux

git clone https://github.com/thewhiteh4t/pwnedOrNot.git
cd pwnedOrNot
pip3 install requests

BlackArch Linux

pacman -S pwnedornot

Docker

docker pull thewhiteh4t/pwnedornot
docker create -it --name pon thewhiteh4t/pwnedornot
docker start pon -i

Updates

cd pwnedOrNot
git pull

Usage

python3 pwnedornot.py -h

usage: pwnedornot.py [-h] [-e EMAIL] [-f FILE] [-d DOMAIN] [-n] [-l]
                     [-c CHECK]

optional arguments:
  -h, --help                  show this help message and exit
  -e EMAIL, --email EMAIL     Email Address You Want to Test
  -f FILE, --file FILE        Load a File with Multiple Email Addresses
  -d DOMAIN, --domain DOMAIN  Filter Results by Domain Name
  -n, --nodumps               Only Check Breach Info and Skip Password Dumps
  -l, --list                  Get List of all pwned Domains
  -c CHECK, --check CHECK     Check if your Domain is pwned

# Examples

# Check Single Email
python3 pwnedornot.py -e <email>
#OR
python3 pwnedornot.py --email <email>

# Check Multiple Emails from File
python3 pwnedornot.py -f <file name>
#OR
python3 pwnedornot.py --file <file name>

# Filter Result for a Domain Name [Ex : adobe.com]
python3 pwnedornot.py -e <email> -d <domain name>
#OR
python3 pwnedornot.py -f <file name> --domain <domain name>

# Get only Breach Info, Skip Password Dumps
python3 pwnedornot.py -e <email> -n
#OR
python3 pwnedornot.py -f <file name> --nodumps

# Get List of all Breached Domains
python3 pwnedornot.py -l
#OR
python3 pwnedornot.py --list

# Check if a Domain is Pwned
python3 pwnedornot.py -c <domain name>
#OR
python3 pwnedornot.py --check <domain name>

Demo

Youtube

推荐源码