WhatBreach – OSINT Tool To Find Breached Emails And Databases

WhatBreach is a tool to search for breached emails and their corresponding database. It takes either a single email or a list of emails and searches them leveraging haveibeenpwned.com’s API, from there (if there are any breaches) it will search for the query link on Dehashed pertaining to the database, and output all breaches along with all pastes that this email is included in (if any). If you are trying to find the database, passing a certain flag will also attempt to download available freely public databases from databases.today. If the query is found within the publicly listed it will download the database for you and save it into the projects home folder which will be located under ~/.whatbre ach_home/downloads.ExamplesAs an example we will use user@gmail.com as the example search:(venv) admin@Hades:~/whatbreach$ python whatbreach.py -e “user@gmail.com"[ i ] starting search on single email address: user@gmail.com[ i ] searching breached accounts on HIBP related to: user@gmail.com[ i ] searching for paste dumps on HIBP related to: user@gmail.com[ i ] found a total of 67 database breach(es) and a total of 59 paste(s) pertaining to: user@gmail.com————————————————————————————Breached Site: | Database Link:Paste#26 | https://pastebin.com/b0zdYUzc Paste#27 | https://pastebin.com/C6YUMUxk Paste#24 | https://pastebin.com/JFvBG4HW Paste#25 | https://pastebin.com/hi5yXRCn Paste#22 | https://pastebin.com/mVrrDb9d Paste#23 | https://pastebin.com/jBCPwT1e Paste#20 | https://pastebin.com/uyG5ggf8 Paste#21 | https://pastebin.com/QrudBvXf Paste#28 | https://pastebin.com/6fZtANAb Paste#29 | https://pastebin.com/gffDmJ5X … | … # truncated to save spacePaste#13 | https://pastebin.com/RLVk8j3E Paste#12 | https://pastebin.com/zaN47ZZJ Paste#11 | https://pastebin.com/k193QzRG Paste#10 | https://pastebin.com/Qhaf51b6 Paste#17 | http://siph0n.in/exploits.php?id=4440Paste#16 | https://pastebin.com/j7YX2sJm Paste#15 | https://pastebin.com/Sin9fR7f Paste#14 | https://pastebin.com/jvSgnZkK Paste#19 | https://pastebin.com/2rVemphh VK | https://www.dehashed.com/search?query=VKArmyForceOnline | https://www.dehashed.com/search?query=ArmyForceOnlineGawker | https://www.dehashed.com/search?query=GawkerPaste#9 | http://www.pemiblanc.com/test.txtPaste#8 | https://pastebin.com/EGS77pC4 Paste#7 | https://pastebin.com/pQdmx6mc Paste#6 | https://pastebin.com/ZwUh4tcG Paste#5 | https://pastebin.com/RkdC5arB MySpace | https://www.dehashed.com/search?query=MySpacePaste#3 | https://pastebin.com/GUV70Jqa Paste#2 | https://pastebin.com/2eENex9n Paste#1 | https://pastebin.com/rSd85uLK Onverse | https://www.dehashed.com/search?query=Onverse————————————————————————————You also have the option to suppress the discovered pastes:(venv) admin@Hades:~/whatbreach$ python whatbreach.py -e "user@gmail.com" -nP[ i ] starting search on single email address: user@gmail.com[ i ] searching breached accounts on HIBP related to: user@gmail.com[ i ] searching for paste dumps on HIBP related to: user@gmail.com[ w ] suppressing discovered pastes[ i ] found a total of 67 database breach(es) and a total of 0 paste(s) pertaining to: user@gmail.com————————————————————————————Breached Site: | Database Link:Dropbox | https://www.dehashed.com/search?query=DropboxLeet | https://www.dehashed.com/search?query=LeetMySpace | https://www.dehashed.com/search?query=MySpaceMyHeritage | https://www.dehashed.com/search?query=MyHeritageArmyForceOnline | https://www.dehashed.com/search?query=ArmyForceOnline17Media | https://www.dehashed.co m/search?query=17MediaXbox360ISO | https://www.dehashed.com/search?query=Xbox360ISOLinkedIn | https://www.dehashed.com/search?query=LinkedInQuinStreet | https://www.dehashed.com/search?query=QuinStreetBookmate | https://www.dehashed.com/search?query=Bookmate… | … # truncated to save spaceDubsmash | https://www.dehashed.com/search?query=DubsmashMangaFox | https://www.dehashed.com/search?query=MangaFoxFashionFantasyGame | https://www.dehashed.com/search?query=FashionFantasyGameTrillian | https://www.dehashed.com/search?query=TrillianDisqus | https://www.dehashed.com/search?query=DisqusNemoWeb | https://www.dehashed.com/search?query=NemoWebGawker | https://www.dehashed.com/search?query=GawkerCashCrate | https://www.dehashed.com/search?query=CashCrateTumblr | https://www.dehashed.com/search?query=TumblrPoliceOne | https://www.dehashed.com/search?query=PoliceOneOnverse | https://www.dehashed.com/search?query=OnverseInterpals | https://www.dehashed.com/search?query=InterpalsSeedpeer | https://www.dehashed.com/search?query=SeedpeerHeroesOfNewerth | https://www.dehashed.com/search?query=HeroesOfNewerthBell2017 | https://www.dehashed.com/search?query=Bell2017————————————————————————————As well as the discovered databases:(venv) admin@Hades:~/whatbreach$ python whatbreach.py -e "user@gmail.com" -nD[ i ] starting search on single email address: user@gmail.com[ i ] searching breached accounts on HIBP related to: user@gmail.com[ i ] searching for paste dumps on HIBP related to: user@gmail.com[ i ] found a total of 67 database breach(es) and a total of 59 paste(s) pertaining to: user@gmail.com[ w ] suppressing discovered databases———————————————————————–Breached Site: | Database Link:Paste#26 | https://pastebin.com/b0zdYUzc Paste#27 | https://pastebin.com/C6YUMUxk Paste#24 | https://pastebin.com/JFvBG4HW Paste#25 | https://pastebin.com/hi5yXRCn Paste#22 | https://pastebin.com/mVrrDb9d Paste#23 | https://pastebin.com/jBCPwT1e … | … # truncated to save spacePaste#9 | http://www.pemiblanc.com/test.txtPaste#8 | https://pastebin.com/EGS77pC4 Paste#7 | https://pastebin.com/pQdmx6mc Paste#6 | https://pastebin.com/ZwUh4tcG Paste#5 | https://pastebin.com/RkdC5arB Paste#4 | https://pastebin.com/4qH2fRMc Paste#3 | https://pastebin.com/GUV70Jqa Paste#2 | https://pastebin.com/2eENex9n Paste#1 | https://pastebin.com/rSd85uLK Paste#52 | https://pastebin.com/ffkjfRrY Paste#48 | http://balockae.online/files/Lizard Stresser.txtPaste#49 | https://pastebin.com/bUq60ZKA Paste#44 | http://siph0n.in/exploits.php?id=3667Paste#45 | https://pastebin.com/MAFfXwGA Paste#46 | http://pxahb.xyz/emailpass/www.chocolate.at.txtPaste#47 | https://pastebin.com/zchq7iQS Paste#40 | https://pastebin.com/sj9 eyM5w Paste#41 | https://pastebin.com/wY9ghBM9 Paste#42 | https://pred.me/gmail.html Paste#43 | https://pastebin.com/AnTUDMtj ———————————————————————–I have also implemented the ability to search through a list of email addresses and check for the possibility of the email being a "Ten minute email", it will prompt you to continue if the email is found, since the possibility of using this email is next to none:(venv) admin@Hades:~/whatbreach$ python whatbreach.py -l test.txt -cT[ i ] parsing email file: test.txt[ i ] starting search on a total of 3 email(s)[ i ] searching breached accounts on HIBP related to: user@gmail.com[ i ] searching for paste dumps on HIBP related to: user@gmail.com[ i ] found a total of 67 database breach(es) and a total of 59 paste(s) pertaining to: user@gmail.com————————————————————————————Breached Site: | Database Link:Paste#26 | https://pastebin.com/b0zdYUzc Paste#27 | https://pastebin.com/C6YUMUxk Paste#24 | https://pastebin.com/JFvBG4HW Paste#25 | https://pastebin.com/hi5yXRCn Paste#22 | https://pastebin.com/mVrrDb9d Paste#23 | https://pastebin.com/jBCPwT1e Paste#20 | https://pastebin.com/uyG5ggf8 Paste#21 | https://paste bin.com/QrudBvXf R2Games | https://www.dehashed.com/search?query=R2GamesNemoWeb | https://www.dehashed.com/search?query=NemoWebDisqus | https://www.dehashed.com/search?query=DisqusAdobe | https://www.dehashed.com/search?query=Adobe… | … # truncated to save spacePaste#15 | https://pastebin.com/Sin9fR7f Paste#14 | https://pastebin.com/jvSgnZkK Paste#19 | https://pastebin.com/2rVemphh VK | https://www.dehashed.com/search?query=VKArmyForceOnline | https://www.dehashed.com/search?query=ArmyForceOnlineGawker | https://www.dehashed.com/search?query=GawkerPaste#9 | http://www.pemiblanc.com/test.txtPaste#8 | https://pastebin.com/EGS77pC4 Paste#7 | https://pastebin.com/pQdmx6mc Paste#6 | https://pastebin.com/ZwUh4tcG Paste#5 | https://pastebin.com/RkdC5arB MySpace | https://www.dehashed.com/search?query=MySpacePaste#3 | https://pastebin.com/GUV70Jqa Paste#2 | https://pastebin.com/2eENex9n Paste#1 | https://pastebin.com/rSd85uLK Onverse | https://www.dehashed.com/search?query=Onverse————————————————————————————[ w ] email: user@0815.ru0clickemail.com appears to be a ten minute email[ ? ] would you like to process the email[y/N]: n[ i ] searching breached accounts on HIBP related to: someuser@gmail.com[ i ] searching for paste dumps on HIBP related to: someuser@gmail.com[ i ] found a total of 6 database breach(es) and a total of 4 paste(s) pertaining to: someuser@gmail.com—————————————————————————-Breached Site: | Database Link:Adobe | https://www.dehashed.com/search?query=AdobePaste#4 | http://xn--e1alhsoq4c.xn--p1ai/base/Gmail.txtPaste#3 | https://pastebin.com/GUV70Jqa Paste#2 | https://pred.me/gmail.html Paste#1 | https://pastebin.com/VVgL8Fzp NemoWeb | https://www.dehashed.com/search?query=NemoWeb—————————————————————————-The program is pretty straight forward but for simplicity I have provided the acceptable arguments below:(venv) admin@Hades:~/whatbreach$ python whatbreach.py –helpusage: whatbreach.py [-h] [-e EMAIL] [-l PATH] [-nD] [-nP] [-cT] [-d]optional arguments: -h, –help show this help message and exitmandatory opts: -e EMAIL, –email EMAIL Pass a single email to scan for -l PATH, -f PATH, –list PATH, –file PATH Pass a file containing emails one per line to scansearch opts: -nD, –no-dehashed Suppres dehashed output -nP, –no-pastebin Suppress Pastebin outputmisc opts: -cT, –check-ten-minute Check if the provided email address is a ten minute email or not -d, –download Attempt to dow nload the database if there is one availableInstallationInstalling is extremely easy, just run pip install -r requirements.txtDownload WhatBreach

Link: http://feedproxy.google.com/~r/PentestTools/~3/EI6tCAyZ1-c/whatbreach-osint-tool-to-find-breached.html