Skip to content
Related Articles

Related Articles

Improve Article
Save Article
Like Article

pwnedOrNot – OSINT Tool to Find Passwords for Compromised Email Addresses

  • Last Updated : 28 Jul, 2021

pwnedOrNot is an OSINT tool written in Python which checks the email account that has been compromised in a data breach and finds the password of the compromised account.

Features

  • Name of Breach
  • Domain Name
  • Date of Breach
  • Fabrication status
  • Verification Status
  • Retirement status
  • Spam Status

Installation

First clone the tool from the GitHub repository.

git clone https://github.com/thewhiteh4t/pwnedOrNot.git

Change directory.

cd pwnedOrNot

Install requests using pip command.

pip3 install requests
pip3 cfscrape

Fig 1: Cloning Tool from GitHub repo.

Usages

Run the tool using the command,



python3 pwnedornot.py
python3 pwnedornot.py -h (To display optional arguments)

Fig 2: pwnedornot tool.

To check if a domain was breached or not.

www.google.com

Fig 3: Domain not breached.

Another example with yahoo.

Fig 4: Domain breached.

Output: Breached on 2012-07-11 (Email address and passwords were compromised in that breach)

To get a list of all pwned domains, use -l flag:

python3 pwnedornot.py -l

Fig 5: List of pwned domains.

Output: pwnedornot found 552 breached domains including big market players like zomato, yahoo.

To check if an email was compromised or not, use -e flag.

python3 pwnedornot.py -e jeyzetaservices@protonmail.com

Fig 6: Email address not breached.

My Personal Notes arrow_drop_up
Recommended Articles
Page :