• Stars
    star
    1,126
  • Rank 41,328 (Top 0.9 %)
  • Language
    Python
  • Created over 5 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

OSINT tool to find breached emails, databases, pastes, and relevant information

WhatBreach

WhatBreach is an OSINT tool that simplifies the task of discovering what breaches an email address has been discovered in. WhatBreach provides a simple and effective way to search either multiple, or a single email address and discover all known breaches that this email has been seen in. From there WhatBreach is capable of downloading the database if it is publicly available, downloading the pastes the email was seen in, or searching the domain of the email for further investigation. To perform this task successfully WhatBreach takes advantage of the following websites and/or API's:

  • WhatBreach takes advantage of haveibeenpwned.com's API. HIBP's API is no longer free and costs 3.50 USD per month. To get an API key please see here
  • WhatBreach takes advantage of dehashed.com in order to discover if the database has been seen in a breach before. WhatBreach provides a link to a dehashed search for effective downloading
  • WhatBreach takes advantage of hunter.io's API (requires free API token) this allows simple and effective domain searching and will provide further information on the domain being searched along with store the discovered results in a file for later processing
  • WhatBreach takes advantage of pastes from pastebin.com that have been found from HIBP. It will also provide a link to the paste that the breach was seen in and is capable of downloading the raw paste if requested
  • WhatBreach takes advantage of databases.today to download the databases off the website. This allows a simple and effective way of downloading databases without having to search manually
  • WhatBreach takes advantage of weleakinfo.com's API (requires free API token) this provides an extra search for the email in order to discover even more public breaches
  • WhatBreach takes advantage of emailrep.io's simple open API to search for possible profiles associated with an email, it also dumps all information discovered into a file for further processing

Some interesting features of WhatBreach include the following:

  • Ability to detect if the email is a ten minute email or not and prompt to process it or not
  • Check the email for deliverable status using hunter.io
  • Ability to throttle the requests in order to help prevent HIBP from blocking you
  • Download the databases (since they are large) into a directory of your choice
  • Search either a single email or a text file containing one email per line

Examples

Help page:

usage: whatbreach.py [-h] [-e EMAIL] [-l PATH] [-nD] [-nP] [-sH] [-wL] [-dP]
                     [-vH] [-cT] [-d] [-s DIRECTORY-PATH] [--throttle TIME]

optional arguments:
  -h, --help            show this help message and exit

mandatory opts:
  -e EMAIL, --email EMAIL
                        Pass a single email to scan for
  -l PATH, -f PATH, --list PATH, --file PATH
                        Pass a file containing emails one per line to scan

search opts:
  -nD, --no-dehashed    Suppres dehashed output
  -nP, --no-pastebin    Suppress Pastebin output
  -sH, --search-hunter  Search hunter.io with a provided email address and
                        query for all information, this will process all
                        emails found as normal
  -wL, --search-weleakinfo
                        Search weleakinfo.com as well as HIBP for results

misc opts:
  -dP, --download-pastes
                        Download pastes associated with the email address
                        found (if any)
  -vH, --verify-hunter  Verify the emails found on hunter.io for deliverable
                        status
  -cT, --check-ten-minute
                        Check if the provided email address is a ten minute
                        email or not
  -d, --download        Attempt to download the database if there is one
                        available
  -s DIRECTORY-PATH, --save-dir DIRECTORY-PATH
                        Pass a directory to save the downloaded databases into
                        instead of the `HOME` path
  --throttle TIME       Throttle the HIBP requests to help prevent yourself
                        from being blocked

Simple email search:

python whatbreach.py -e [email protected]

	                                                    _____ 
	   _ _ _ _       _   _____                 _       |___  |
	  | | | | |_ ___| |_| __  |___ ___ ___ ___| |_       |  _|
	  | | | |   | .'|  _| __ -|  _| -_| .'|  _|   |      |_|  
	  |_____|_|_|__,|_| |_____|_| |___|__,|___|_|_|[][][]|_|
	Find emails and their associated leaked databases.. v0.1.5


[ i ] starting search on single email address: [email protected]
[ i ] searching breached accounts on HIBP related to: [email protected]
[ i ] searching for paste dumps on HIBP related to: [email protected]
[ i ] found a total of 9 database breach(es) pertaining to: [email protected]
---------------------------------------------------------------------------
Breach/Paste:	     | Database/Paste Link:
Dailymotion          | https://www.dehashed.com/search?query=Dailymotion
500px                | https://www.dehashed.com/search?query=500px
LinkedIn             | https://www.dehashed.com/search?query=LinkedIn
MyFitnessPal         | https://www.dehashed.com/search?query=MyFitnessPal
Bolt                 | https://www.dehashed.com/search?query=Bolt
Dropbox              | https://www.dehashed.com/search?query=Dropbox
Lastfm               | https://www.dehashed.com/search?query=Lastfm
Apollo               | https://www.dehashed.com/search?query=Apollo
OnlinerSpambot       | N/A                           
---------------------------------------------------------------------------

Searching with weleakinfo and haveibeenpwned:

python whatbreach.py -e [email protected] -wL

	                                                    _____ 
	   _ _ _ _       _   _____                 _       |___  |
	  | | | | |_ ___| |_| __  |___ ___ ___ ___| |_       |  _|
	  | | | |   | .'|  _| __ -|  _| -_| .'|  _|   |      |_|  
	  |_____|_|_|__,|_| |_____|_| |___|__,|___|_|_|[][][]|_|
	Find emails and their associated leaked databases.. v0.1.5


[ i ] starting search on single email address: [email protected]
[ i ] searching breached accounts on HIBP related to: [email protected]
[ i ] searching for paste dumps on HIBP related to: [email protected]
[ i ] searching weleakinfo.com for breaches related to: [email protected]
[ i ] discovered a total of 12 more breaches from weleakinfo.com
[ i ] found a total of 21 database breach(es) pertaining to: [email protected]
[ w ] large amount of database breaches, obtaining links from dehashed (this may take a minute)
-------------------------------------------------------------------------------
Breach/Paste:	     | Database/Paste Link:
Pesfan.com           | https://www.dehashed.com/search?query=Pesfan.com
Dailymotion          | https://www.dehashed.com/search?query=Dailymotion
Apollo               | https://www.dehashed.com/search?query=Apollo
MyFitnessPal         | https://www.dehashed.com/search?query=MyFitnessPal
500px                | https://www.dehashed.com/search?query=500px
Collection 4         | https://www.dehashed.com/search?query=Collection 4
OnlinerSpambot       | N/A                           
LinkedIn             | https://www.dehashed.com/search?query=LinkedIn
Dropbox.com          | https://www.dehashed.com/search?query=Dropbox.com
500px.com            | https://www.dehashed.com/search?query=500px.com
Dailymotion.com      | https://www.dehashed.com/search?query=Dailymotion.com
Last.fm March 2012   | https://www.dehashed.com/search?query=Last.fm March 2012
Dropbox              | https://www.dehashed.com/search?query=Dropbox
Myfitnesspal.com     | https://www.dehashed.com/search?query=Myfitnesspal.com
Collection 1         | https://www.dehashed.com/search?query=Collection 1
Collection 2         | https://www.dehashed.com/search?query=Collection 2
Bolt.cd              | https://www.dehashed.com/search?query=Bolt.cd
Lastfm               | https://www.dehashed.com/search?query=Lastfm
Bolt                 | https://www.dehashed.com/search?query=Bolt
Collection 3         | https://www.dehashed.com/search?query=Collection 3
LinkedIn.com         | https://www.dehashed.com/search?query=LinkedIn.com
-------------------------------------------------------------------------------

Downloading public databases:

python whatbreach.py -e [email protected] -d

	                                                    _____ 
	   _ _ _ _       _   _____                 _       |___  |
	  | | | | |_ ___| |_| __  |___ ___ ___ ___| |_       |  _|
	  | | | |   | .'|  _| __ -|  _| -_| .'|  _|   |      |_|  
	  |_____|_|_|__,|_| |_____|_| |___|__,|___|_|_|[][][]|_|
	Find emails and their associated leaked databases.. v0.1.5


[ i ] starting search on single email address: [email protected]
[ i ] searching breached accounts on HIBP related to: [email protected]
[ i ] searching for paste dumps on HIBP related to: [email protected]
[ i ] found a total of 9 database breach(es) pertaining to: [email protected]
---------------------------------------------------------------------------
Breach/Paste:	     | Database/Paste Link:
Dailymotion          | https://www.dehashed.com/search?query=Dailymotion
500px                | https://www.dehashed.com/search?query=500px
LinkedIn             | https://www.dehashed.com/search?query=LinkedIn
MyFitnessPal         | https://www.dehashed.com/search?query=MyFitnessPal
Bolt                 | https://www.dehashed.com/search?query=Bolt
Dropbox              | https://www.dehashed.com/search?query=Dropbox
Lastfm               | https://www.dehashed.com/search?query=Lastfm
Apollo               | https://www.dehashed.com/search?query=Apollo
OnlinerSpambot       | N/A                           
---------------------------------------------------------------------------
[ i ] searching for downloadable databases using query: dailymotion
[ w ] no databases appeared to be present and downloadable related to query: Dailymotion
[ i ] searching for downloadable databases using query: 500px
[ w ] no databases appeared to be present and downloadable related to query: 500px
[ i ] searching for downloadable databases using query: linkedin
[ ? ] discovered publicly available database for query LinkedIn, do you want to download [y/N]: n
[ i ] skipping download as requested
[ w ] no databases appeared to be present and downloadable related to query: LinkedIn
[ i ] searching for downloadable databases using query: myfitnesspal
[ w ] no databases appeared to be present and downloadable related to query: MyFitnessPal
[ i ] searching for downloadable databases using query: bolt
[ w ] no databases appeared to be present and downloadable related to query: Bolt
[ i ] searching for downloadable databases using query: dropbox
[ ? ] discovered publicly available database for query Dropbox, do you want to download [y/N]: n
[ i ] skipping download as requested
[ w ] no databases appeared to be present and downloadable related to query: Dropbox
[ i ] searching for downloadable databases using query: lastfm
[ ? ] discovered publicly available database for query Lastfm, do you want to download [y/N]: n
[ i ] skipping download as requested
[ w ] no databases appeared to be present and downloadable related to query: Lastfm
[ i ] searching for downloadable databases using query: apollo
[ w ] no databases appeared to be present and downloadable related to query: Apollo
[ i ] searching for downloadable databases using query: onlinerspambot
[ w ] no databases appeared to be present and downloadable related to query: OnlinerSpambot

Using hunter.io for domain hunting and throttling the requests to attempt prevention of HIBP from blocking you:

python whatbreach.py -e [email protected] -sH --throttle 35

	                                                    _____ 
	   _ _ _ _       _   _____                 _       |___  |
	  | | | | |_ ___| |_| __  |___ ___ ___ ___| |_       |  _|
	  | | | |   | .'|  _| __ -|  _| -_| .'|  _|   |      |_|  
	  |_____|_|_|__,|_| |_____|_| |___|__,|___|_|_|[][][]|_|
	Find emails and their associated leaked databases.. v0.1.5


[ i ] starting search on hunter.io using [email protected]
[ i ] discovered a total of 11 email(s)
[ i ] information discovered associated with fbi.com
[ i ] discovered possible pattern to emails: {first}.{last}@fbi.com
[ w ] did not discover any associated phone number(s)
[ i ] discovered associated email address(es):
	-> [email protected]
	-> [email protected]
	-> [email protected]
	-> [email protected]
	-> [email protected]
	-> [email protected]
	-> [email protected]
	-> [email protected]
	-> [email protected]
[ w ] hit maximum length, total of 1 not displayed
[ i ] discovered associated external URL(s):
	-> http://jobsnotification.blogspot.com/2011/03/ifbi-pgdbo-admission-2011-pg-diploma-in.html
	-> http://complaintsboard.com/complaints/fbi-robert-s-muelleriii-huber-heights-ohio-c121118.html
	-> http://user.xmission.com/~daina/known_scammers.html
	-> http://anonymousxwrites.blogspot.com/2012/02
	-> http://boingboing.net/2012/02/14
	-> http://joewein.net/dbl-update/2014-06/2014-06-22.htm
	-> http://anonymousxwrites.blogspot.fr/2012/02/federal-bureau-of-investigation-fbi-yet.html
	-> http://anonymousxwrites.blogspot.sg/2012/02
	-> http://meg-golpistasvirtuais.blogspot.fr/2013/04/update-emails-addresses-scammers-dia.html
[ w ] hit maximum length, total of 35 not displayed
[ i ] dumping all information into json file for further processing
[ i ] information written to: /Users/admin/.whatbreach_home/downloads/json_dumps/cbNcFiXZsU_fbi.com.json
[ i ] searching breached accounts on HIBP related to: [email protected]
[ i ] searching for paste dumps on HIBP related to: [email protected]
[ ! ] email [email protected] was not found in any breach
[ i ] searching breached accounts on HIBP related to: [email protected]
[ i ] searching for paste dumps on HIBP related to: [email protected]
[ ! ] email [email protected] was not found in any breach
[ i ] searching breached accounts on HIBP related to: [email protected]
[ i ] searching for paste dumps on HIBP related to: [email protected]
...

Checking for ten minute emails:

python whatbreach.py -l test.txt -cT 

	                                                    _____ 
	   _ _ _ _       _   _____                 _       |___  |
	  | | | | |_ ___| |_| __  |___ ___ ___ ___| |_       |  _|
	  | | | |   | .'|  _| __ -|  _| -_| .'|  _|   |      |_|  
	  |_____|_|_|__,|_| |_____|_| |___|__,|___|_|_|[][][]|_|
	Find emails and their associated leaked databases.. v0.1.5


[ i ] parsing email file: test.txt
[ i ] starting search on a total of 2 email(s)
[ i ] searching breached accounts on HIBP related to: [email protected]
[ i ] searching for paste dumps on HIBP related to: [email protected]
[ i ] found a total of 9 database breach(es) pertaining to: [email protected]
---------------------------------------------------------------------------
Breach/Paste:	     | Database/Paste Link:
Dailymotion          | https://www.dehashed.com/search?query=Dailymotion
500px                | https://www.dehashed.com/search?query=500px
LinkedIn             | https://www.dehashed.com/search?query=LinkedIn
MyFitnessPal         | https://www.dehashed.com/search?query=MyFitnessPal
Bolt                 | https://www.dehashed.com/search?query=Bolt
Dropbox              | https://www.dehashed.com/search?query=Dropbox
Lastfm               | https://www.dehashed.com/search?query=Lastfm
Apollo               | https://www.dehashed.com/search?query=Apollo
OnlinerSpambot       | N/A                           
---------------------------------------------------------------------------
[ w ] email: [email protected] appears to be a ten minute email
[ ? ] would you like to process the email[y/N]: n

Searching for profiles associated with the email:

python whatbreach.py -e [email protected] -cA

                                                            _____ 
           _ _ _ _       _   _____                 _       |___  |
          | | | | |_ ___| |_| __  |___ ___ ___ ___| |_       |  _|
          | | | |   | .'|  _| __ -|  _| -_| .'|  _|   |      |_|  
          |_____|_|_|__,|_| |_____|_| |___|__,|___|_|_|[][][]|_|
        Find emails and their associated leaked databases.. v0.1.8


[ i ] starting search on single email address: [email protected]
[ i ] searching for possible profiles related to [email protected]
[ i ] all data dumped to file for future processing: /Users/admin/.whatbreach_home/downloads/json_dumps/user_emailrep.json
[ i ] found a total of 5 possible profiles associated with [email protected] on the following domains:
        -> Twitter
        -> Instagram
        -> Pastebin
        -> Pinterest
        -> Spotify
...

Installation

Installing is extremely easy, just run pip install -r requirements.txt

Why?

During my time in information technology, during researching and doing OSINT, I have noticed a need to find email addresses as well as their password. I have found reliable tools that do this successfully and make the process quick and easy, however I have not found a tool that meets my exact requirements. This tool is basically my own personal take on how I think email searching should work and ties in the database searching and database downloading as well. What better way to break into an email then to have the possible password as well as all known breaches it's been seen in?

Shoutouts

  • NullArray for providing me with the idea for the hash checking and the idea for the databases.today downloads, as well as being an awesome and supportive person at all times.
  • khast3x (or as you know him the creator of h8mail) for being supportive and and overall enjoyable person. The best way to find the data in the databases downloaded from this tool is to use h8mail, it's quick, efficient, and easy. Go check it out.

More Repositories

1

WhatWaf

Detect and bypass web application firewalls and protection systems
Python
2,604
star
2

BlueKeep

Proof of concept for CVE-2019-0708
Python
1,170
star
3

Zeus-Scanner

Advanced reconnaissance utility
Python
953
star
4

Pybelt

The hackers tool belt
Python
510
star
5

Graffiti

A tool to generate obfuscated one liners to aid in penetration testing
Python
176
star
6

Dagon

Advanced Hash Manipulation
Python
171
star
7

XanXSS

A simple XSS finding tool
Python
107
star
8

tadpole

Download files out of open AWS buckets
Python
37
star
9

HacApt

Package manager for hackers built by hackers
Python
35
star
10

Checkers

Determine everything you need to know to about a system
Python
30
star
11

GitRekt

Search .git folders for emails and URL's that should otherwise be hidden
Python
28
star
12

WhatDir

Multi-threaded web application directory bruteforcer
Python
24
star
13

Strutter

Proof of Concept for CVE-2018-11776
Python
20
star
14

PoC

Leveraging CVE-2018-19788 without root shells
Python
18
star
15

CVE-2019-17625

Working exploit code for CVE-2019-17625
Python
17
star
16

soapy

log file scrubber
Python
15
star
17

CVE-2019-7216

Filechucker filter bypass Proof Of Concept
10
star
18

letmein

Lightweight easy to use password manager
Python
9
star
19

Whisper

Intellegent detection system to determine if a computer has been compromised
8
star
20

arpper

Simple tool to determine live IP addresses on a local network
Python
7
star
21

ISIE

InfoSlut Image Editor
Python
6
star
22

pen-test

Pentesting tools
Python
6
star
23

elastic-custom-scraper

Python
4
star
24

Throwing-Shade

You all know what this is for.
3
star
25

codecademy

Python codecademy
Python
3
star
26

TikTok-Pixel-Code

Deobfuscated and comments TikTok pixel Javascript code
JavaScript
3
star
27

email-tool

An email generator CLI based tool
Ruby
3
star
28

charmed

Issues reported to jetbrains that they decided weren't issues
Python
3
star
29

Gignor

Stashing for computer cleaning
Python
2
star
30

Analyzer.

Simple text Analyzer
Ruby
2
star
31

Inventory-Management-Framework

A basic overview framework of an inventory management system
Python
2
star
32

archiver

Extremely quick file archiver, send files to a zip file in under 30 seconds.
C#
2
star
33

IDENT

Ip address DENying Tool
Python
1
star
34

u2b

Holding repo for a reimage
Python
1
star
35

exercism-io-answers

Exercism.IOanswers
Python
1
star
36

Python-Challenges

Challenges that I've done using Python
Python
1
star
37

C

Learning C from learncthehardway
C
1
star