Aniruddh Blog's

pwnedOrNot - Get Passwords for Compromised Email Accounts

Introduction

pwnedOrNot is a python script which checks if the email account has been compromised in a data breach, if the email account is compromised it proceeds to find passwords for the compromised account.

It uses haveibeenpwnd v2 api to test email accounts and searches for the passwords in Pastebin Dumps.

This tool has been tested on :

  • Kali Linux 18.2
  • Kali Nethunter
  • Ubuntu 18.04
  • Termux

Installation

Ubuntu and Kali :

    pip install cfscrape
    apt-get install nodejs
    
Termux :

    pkg install git
    pkg install python2
    pip2 install requests
    pip2 install cfscrape
    git clone https://github.com/thewhiteh4t/pwnedOrNot.git
    python2 pwnedornot.py
    

Other common standard python modules pwnedornot uses :

  • os
  • re
  • time
  • json
  • requests

Usage


    git clone https://github.com/thewhiteh4t/pwnedOrNot.git
    cd pwnedOrNot/
    python pwnedornot.py
    

Features

haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script :

  • Name of Breach
  • Domain Name
  • Date of Breach
  • Fabrication status
  • Verification Status
  • Retirement status
  • Spam Status
  • Source of Dump
  • ID of Dump

And with all this information pwnedOrNot can easily find passwords for compromised emails if the dump is accessible and it contains the password.

Demo