Posted on

pwnedOrNot – Tool To Find Passwords For Compromised Email Accounts Using HaveIBeenPwned API

pwnedOrNot is a python script which checks if the email account has been compromised in a data breach, if the email account is compromised it proceeds to find passwords for the compromised account.
It uses haveibeenpwned v2 api to test email accounts and searches for the password in Pastebin Dumps
This script has been tested on Kali Linux 18.2 and Ubuntu 18.04.


Installation
It’s a pure python script and relies on common python modules and does not need installation :

  • os
  • re
  • time
  • json
  • requests

Usage

git clone https://github.com/thewhiteh4t/pwnedOrNot.git
cd pwnedOrNot/
python pwnedornot.py

Features
haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script:

  • Name of Breach
  • Domain Name
  • Date of Breach
  • Fabrication status
  • Verification Status
  • Retirement status
  • Spam Status
  • Source of Dump
  • ID of Dump

And with all this information pwnedOrNot can easily find passwords for compromised emails if the dump is accessible and it contains the password

Screenshots


Source: FeedBurner

Leave a Reply

Specify Instagram Client ID in Super Socializer > Social Login section in admin panel for Instagram Login to work

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.