pwnedOrNot
→ View on GitHubAI Summary: pwnedOrNot is an OSINT tool designed to check if email accounts have been compromised and retrieve associated passwords from public data dumps. It leverages the HaveIBeenPwned v3 API for initial breach verification and subsequently searches for compromised passwords. Key features include detailed breach information, the ability to filter results by domain, and support for batch processing of multiple email addresses.
README
OSINT Tool for Finding Passwords of Compromised Email Accounts
Created by Lohitya Pushkar (thewhiteh4t).
Twitter
- Blog
| Available | in | |
|---|---|---|
| BlackArch Linux | SecBSD | Tsurugi Linux |
 |  |  |
pwnedOrNot works in two phases. In the first phase it tests the given email address using HaveIBeenPwned v3 API to find if the account have been breached in the past and in the second phase it searches the password in available public dumps.
[!IMPORTANT]
An API Key is required to use the tool. You can purchase a key from HIBP website linked below
https://haveibeenpwned.com/API/v3
Featured
OSINT Collection Tools for Pastebin - Jake Creps
Changelog
https://github.com/thewhiteh4t/pwnedOrNot/wiki/Changelog
Features
haveibeenpwned offers a lot of information about the compromised email, pwnedOrNot displays most useful information such as :
- Name of Breach
- Domain Name
- Date of Breach
- Fabrication status
- Verification Status
- Retirement status
- Spam Status
About Passwords
The chances of finding passwords depends upon the following factors :
- If public dumps are available for the email address
- If the public dumps are accessible
- Sometimes the dumps are removed
- If the public dump contains password
- Sometimes a dump contains only email addresses
Tested on
- Kali Linux
- BlackArch Linux
- Kali Nethunter
- Termux
Windows users are suggested to use Kali Linux WSL2 or a VM
Installation
Ubuntu / Kali Linux / Nethunter / Termux
git clone https://github.com/thewhiteh4t/pwnedOrNot.git
cd pwnedOrNot
chmod +x install.sh
./install.sh
BlackArch Linux
pacman -S pwnedornot
Docker
git clone https://github.com/thewhiteh4t/pwnedOrNot.git
docker build -t pon .
docker run -it pon
Updates
cd pwnedOrNot
git pull
Usage
python3 pwnedornot.py -h
usage: pwnedornot.py [-h] [-e EMAIL] [-f FILE] [-s SAVE] [-d DOMAIN] [-b BREACH]
[-n] [-l] [-c CHECK] [-k KEY]
options:
-h, --help show this help message and exit
-e, --email EMAIL Email address
-f, --file FILE input file with multiple email addresses
-s, --save SAVE Output file for pwned email addresses
-d, --domain DOMAIN Filter results by domain name
-b, --breach BREACH Get info about a breach by breach name
-n, --nodumps Only Check Breach Info and Skip Password Dumps
-l, --list Get List of all pwned Domains
-c, --check CHECK Check if your Domain is pwned
-k, --key KEY API Key
Add API key
# Using ENV variable :
export PWNED_API_KEY="<hibp-api-key>"
# Using CLI argument :
python3 pwnedornot.py -e test@example.com -k <hibp-api-key>
# Using config file :
nano ~/.config/pwnedornot/config.json
{
"api_key": "<hibp-api-key>"
}
Examples
# Check Single Email
python3 pwnedornot.py -e <email>
#OR
python3 pwnedornot.py --email <email>
# Check Multiple Emails from File
python3 pwnedornot.py -f <file name>
#OR
python3 pwnedornot.py --file <file name>
# Filter Result for a Domain Name [Ex : adobe.com]
python3 pwnedornot.py -e <email> -d <domain name>
#OR
python3 pwnedornot.py -f <file name> --domain <domain name>
# Get only Breach Info, Skip Password Dumps
python3 pwnedornot.py -e <email> -n
#OR
python3 pwnedornot.py -f <file name> --nodumps
# Get List of all Breached Domains
python3 pwnedornot.py -l
#OR
python3 pwnedornot.py --list
# Check if a Domain is Pwned
python3 pwnedornot.py -c <domain name>
#OR
python3 pwnedornot.py --check <domain name>
Demo
