pwnedOrNot – OSINT Tool to Find Passwords for Compromised Email Addresses

pwnedOrNot is an OSINT tool written in Python which checks the email account that has been compromised in a data breach and finds the password of the compromised account.

Features

• Name of Breach
• Domain Name
• Date of Breach
• Fabrication status
• Verification Status
• Retirement status
• Spam Status

Installation

First clone the tool from the GitHub repository.

git clone https://github.com/thewhiteh4t/pwnedOrNot.git

Change directory.

cd pwnedOrNot

Install requests using pip command.

pip3 install requests
pip3 cfscrape

Fig 1: Cloning Tool from GitHub repo.

Usages

Run the tool using the command,

python3 pwnedornot.py
python3 pwnedornot.py -h (To display optional arguments)

Fig 2: pwnedornot tool.

To check if a domain was breached or not.

www.google.com

Fig 3: Domain not breached.

Another example with yahoo.

Fig 4: Domain breached.

Output: Breached on 2012-07-11 (Email address and passwords were compromised in that breach)

To get a list of all pwned domains, use -l flag:

python3 pwnedornot.py -l

Fig 5: List of pwned domains.

Output: pwnedornot found 552 breached domains including big market players like zomato, yahoo.

To check if an email was compromised or not, use -e flag.

python3 pwnedornot.py -e jeyzetaservices@protonmail.com

Fig 6: Email address not breached.