Skip to content
Related Articles
Open in App
Not now

Related Articles

pwnedOrNot – OSINT Tool to Find Passwords for Compromised Email Addresses

Improve Article
Save Article
  • Last Updated : 28 Jul, 2021
Improve Article
Save Article

pwnedOrNot is an OSINT tool written in Python which checks the email account that has been compromised in a data breach and finds the password of the compromised account.


  • Name of Breach
  • Domain Name
  • Date of Breach
  • Fabrication status
  • Verification Status
  • Retirement status
  • Spam Status


First clone the tool from the GitHub repository.

git clone

Change directory.

cd pwnedOrNot

Install requests using pip command.

pip3 install requests
pip3 cfscrape

Fig 1: Cloning Tool from GitHub repo.


Run the tool using the command,

python3 -h (To display optional arguments)

Fig 2: pwnedornot tool.

To check if a domain was breached or not.

Fig 3: Domain not breached.

Another example with yahoo.

Fig 4: Domain breached.

Output: Breached on 2012-07-11 (Email address and passwords were compromised in that breach)

To get a list of all pwned domains, use -l flag:

python3 -l

Fig 5: List of pwned domains.

Output: pwnedornot found 552 breached domains including big market players like zomato, yahoo.

To check if an email was compromised or not, use -e flag.

python3 -e

Fig 6: Email address not breached.

My Personal Notes arrow_drop_up
Related Articles

Start Your Coding Journey Now!