pwnedOrNot – OSINT Tool to Find Passwords for Compromised Email Addresses
pwnedOrNot is an OSINT tool written in Python which checks the email account that has been compromised in a data breach and finds the password of the compromised account.
- Name of Breach
- Domain Name
- Date of Breach
- Fabrication status
- Verification Status
- Retirement status
- Spam Status
First clone the tool from the GitHub repository.
git clone https://github.com/thewhiteh4t/pwnedOrNot.git
Install requests using pip command.
pip3 install requests pip3 cfscrape
Run the tool using the command,
python3 pwnedornot.py python3 pwnedornot.py -h (To display optional arguments)
To check if a domain was breached or not.
Another example with yahoo.
Output: Breached on 2012-07-11 (Email address and passwords were compromised in that breach)
To get a list of all pwned domains, use -l flag:
python3 pwnedornot.py -l
Output: pwnedornot found 552 breached domains including big market players like zomato, yahoo.
To check if an email was compromised or not, use -e flag.
python3 pwnedornot.py -e email@example.com