Open In App

pwnedOrNot – OSINT Tool to Find Passwords for Compromised Email Addresses

Improve
Improve
Like Article
Like
Save
Share
Report

pwnedOrNot is an OSINT tool written in Python which checks the email account that has been compromised in a data breach and finds the password of the compromised account.

Features

  • Name of Breach
  • Domain Name
  • Date of Breach
  • Fabrication status
  • Verification Status
  • Retirement status
  • Spam Status

Installation

First clone the tool from the GitHub repository.

git clone https://github.com/thewhiteh4t/pwnedOrNot.git

Change directory.

cd pwnedOrNot

Install requests using pip command.

pip3 install requests
pip3 cfscrape

Fig 1: Cloning Tool from GitHub repo.

Usages

Run the tool using the command,

python3 pwnedornot.py
python3 pwnedornot.py -h (To display optional arguments)

Fig 2: pwnedornot tool.

To check if a domain was breached or not.

www.google.com

Fig 3: Domain not breached.

Another example with yahoo.

Fig 4: Domain breached.

Output: Breached on 2012-07-11 (Email address and passwords were compromised in that breach)

To get a list of all pwned domains, use -l flag:

python3 pwnedornot.py -l

Fig 5: List of pwned domains.

Output: pwnedornot found 552 breached domains including big market players like zomato, yahoo.

To check if an email was compromised or not, use -e flag.

python3 pwnedornot.py -e jeyzetaservices@protonmail.com

Fig 6: Email address not breached.


Last Updated : 28 Jul, 2021
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads