WhatBreach – это инструмент для поиска взломанных эмейлов и соответствующих им базы данных.
Он берет либо одно электронное письмо, либо список электронных писем и ищет их, используя API-интерфейс сайта haveibeenpwned.com, оттуда (если есть какие-либо нарушения) он будет искать ссылку на запрос в разделе Dehashed, относящуюся к базе данных, и выводить все нарушения (если есть).
Если вы пытаетесь найти базу данных, передача определенного флага также попытается загрузить доступные общедоступные базы данных из database.today.
Если запрос найден в общедоступном списке, он загрузит вам базу данных и сохранит ее в домашней папке проектов, которая находится в ~/.whatbre ach_home/downloads.
Примеры
В качестве примера мы будем использовать user@gmail.com в качестве элемента поиска:
(venv) admin@Hades:~/whatbreach$ python whatbreach.py -e "user@gmail.com" [ i ] starting search on single email address: user@gmail.com [ i ] searching breached accounts on HIBP related to: user@gmail.com [ i ] searching for paste dumps on HIBP related to: user@gmail.com [ i ] found a total of 67 database breach(es) and a total of 59 paste(s) pertaining to: user@gmail.com ------------------------------------------------------------------------------------ Breached Site: | Database Link: Paste#26 | https://pastebin.com/b0zdYUzc Paste#27 | https://pastebin.com/C6YUMUxk Paste#24 | https://pastebin.com/JFvBG4HW Paste#25 | https://pastebin.com/hi5yXRCn Paste#22 | https://pastebin.com/mVrrDb9d Paste#23 | https://pastebin.com/jBCPwT1e Paste#20 | https://pastebin.com/uyG5ggf8 Paste#21 | https://pastebin.com/QrudBvXf Paste#28 | https://pastebin.com/6fZtANAb Paste#29 | https://pastebin.com/gffDmJ5X ... | ... # truncated to save space Paste#13 | https://pastebin.com/RLVk8j3E Paste#12 | https://pastebin.com/zaN47ZZJ Paste#11 | https://pastebin.com/k193QzRG Paste#10 | https://pastebin.com/Qhaf51b6 Paste#17 | http://siph0n.in/exploits.php?id=4440 Paste#16 | https://pastebin.com/j7YX2sJm Paste#15 | https://pastebin.com/Sin9fR7f Paste#14 | https://pastebin.com/jvSgnZkK Paste#19 | https://pastebin.com/2rVemphh VK | https://www.dehashed.com/search?query=VK ArmyForceOnline | https://www.dehashed.com/search?query=ArmyForceOnline Gawker | https://www.dehashed.com/search?query=Gawker Paste#9 | http://www.pemiblanc.com/test.txt Paste#8 | https://pastebin.com/EGS77pC4 Paste#7 | https://pastebin.com/pQdmx6mc Paste#6 | https://pastebin.com/ZwUh4tcG Paste#5 | https://pastebin.com/RkdC5arB MySpace | https://www.dehashed.com/search?query=MySpace Paste#3 | https://pastebin.com/GUV70Jqa Paste#2 | https://pastebin.com/2eENex9n Paste#1 | https://pastebin.com/rSd85uLK Onverse | https://www.dehashed.com/search?query=Onverse ------------------------------------------------------------------------------------
У вас также есть возможность подавить обнаруженные вставки:
(venv) admin@Hades:~/whatbreach$ python whatbreach.py -e "user@gmail.com" -nP [ i ] starting search on single email address: user@gmail.com [ i ] searching breached accounts on HIBP related to: user@gmail.com [ i ] searching for paste dumps on HIBP related to: user@gmail.com [ w ] suppressing discovered pastes [ i ] found a total of 67 database breach(es) and a total of 0 paste(s) pertaining to: user@gmail.com ------------------------------------------------------------------------------------ Breached Site: | Database Link: Dropbox | https://www.dehashed.com/search?query=Dropbox Leet | https://www.dehashed.com/search?query=Leet MySpace | https://www.dehashed.com/search?query=MySpace MyHeritage | https://www.dehashed.com/search?query=MyHeritage ArmyForceOnline | https://www.dehashed.com/search?query=ArmyForceOnline 17Media | https://www.dehashed.co m/search?query=17Media Xbox360ISO | https://www.dehashed.com/search?query=Xbox360ISO LinkedIn | https://www.dehashed.com/search?query=LinkedIn QuinStreet | https://www.dehashed.com/search?query=QuinStreet Bookmate | https://www.dehashed.com/search?query=Bookmate ... | ... # truncated to save space Dubsmash | https://www.dehashed.com/search?query=Dubsmash MangaFox | https://www.dehashed.com/search?query=MangaFox FashionFantasyGame | https://www.dehashed.com/search?query=FashionFantasyGame Trillian | https://www.dehashed.com/search?query=Trillian Disqus | https://www.dehashed.com/search?query=Disqus NemoWeb | https://www.dehashed.com/search?query=NemoWeb Gawker | https://www.dehashed.com/search?query=Gawker CashCrate | https://www.dehashed.com/search?query=CashCrate Tumblr | https://www.dehashed.com/search?query=Tumblr PoliceOne | https://www.dehashed.com/search?query=PoliceOne Onverse | https://www.dehashed.com/search?query=Onverse Interpals | https://www.dehashed.com/search?query=Interpals Seedpeer | https://www.dehashed.com/search?query=Seedpeer HeroesOfNewerth | https://www.dehashed.com/search?query=HeroesOfNewerth Bell2017 | https://www.dehashed.com/search?query=Bell2017 ------------------------------------------------------------------------------------
А также обнаруженные базы данных:
(venv) admin@Hades:~/whatbreach$ python whatbreach.py -e "user@gmail.com" -nD [ i ] starting search on single email address: user@gmail.com [ i ] searching breached accounts on HIBP related to: user@gmail.com [ i ] searching for paste dumps on HIBP related to: user@gmail.com [ i ] found a total of 67 database breach(es) and a total of 59 paste(s) pertaining to: user@gmail.com [ w ] suppressing discovered databases ----------------------------------------------------------------------- Breached Site: | Database Link: Paste#26 | https://pastebin.com/b0zdYUzc Paste#27 | https://pastebin.com/C6YUMUxk Paste#24 | https://pastebin.com/JFvBG4HW Paste#25 | https://pastebin.com/hi5yXRCn Paste#22 | https://pastebin.com/mVrrDb9d Paste#23 | https://pastebin.com/jBCPwT1e ... | ... # truncated to save space Paste#9 | http://www.pemiblanc.com/test.txt Paste#8 | https://pastebin.com/EGS77pC4 Paste#7 | https://pastebin.com/pQdmx6mc Paste#6 | https://pastebin.com/ZwUh4tcG Paste#5 | https://pastebin.com/RkdC5arB Paste#4 | https://pastebin.com/4qH2fRMc Paste#3 | https://pastebin.com/GUV70Jqa Paste#2 | https://pastebin.com/2eENex9n Paste#1 | https://pastebin.com/rSd85uLK Paste#52 | https://pastebin.com/ffkjfRrY Paste#48 | http://balockae.online/files/Lizard Stresser.txt Paste#49 | https://pastebin.com/bUq60ZKA Paste#44 | http://siph0n.in/exploits.php?id=3667 Paste#45 | https://pastebin.com/MAFfXwGA Paste#46 | http://pxahb.xyz/emailpass/www.chocolate.at.txt Paste#47 | https://pastebin.com/zchq7iQS Paste#40 | https://pastebin.com/sj9 eyM5w Paste#41 | https://pastebin.com/wY9ghBM9 Paste#42 | https://pred.me/gmail.html Paste#43 | https://pastebin.com/AnTUDMtj -----------------------------------------------------------------------
Я также реализовал возможность поиска по списку адресов электронной почты и проверки возможности того, что электронное письмо является «Десяти минутным письмом»,система предложит вам продолжить, если эмейл найден:
(venv) admin@Hades:~/whatbreach$ python whatbreach.py -l test.txt -cT [ i ] parsing email file: test.txt [ i ] starting search on a total of 3 email(s) [ i ] searching breached accounts on HIBP related to: user@gmail.com [ i ] searching for paste dumps on HIBP related to: user@gmail.com [ i ] found a total of 67 database breach(es) and a total of 59 paste(s) pertaining to: user@gmail.com ------------------------------------------------------------------------------------ Breached Site: | Database Link: Paste#26 | https://pastebin.com/b0zdYUzc Paste#27 | https://pastebin.com/C6YUMUxk Paste#24 | https://pastebin.com/JFvBG4HW Paste#25 | https://pastebin.com/hi5yXRCn Paste#22 | https://pastebin.com/mVrrDb9d Paste#23 | https://pastebin.com/jBCPwT1e Paste#20 | https://pastebin.com/uyG5ggf8 Paste#21 | https://paste bin.com/QrudBvXf R2Games | https://www.dehashed.com/search?query=R2Games NemoWeb | https://www.dehashed.com/search?query=NemoWeb Disqus | https://www.dehashed.com/search?query=Disqus Adobe | https://www.dehashed.com/search?query=Adobe ... | ... # truncated to save space Paste#15 | https://pastebin.com/Sin9fR7f Paste#14 | https://pastebin.com/jvSgnZkK Paste#19 | https://pastebin.com/2rVemphh VK | https://www.dehashed.com/search?query=VK ArmyForceOnline | https://www.dehashed.com/search?query=ArmyForceOnline Gawker | https://www.dehashed.com/search?query=Gawker Paste#9 | http://www.pemiblanc.com/test.txt Paste#8 | https://pastebin.com/EGS77pC4 Paste#7 | https://pastebin.com/pQdmx6mc Paste#6 | https://pastebin.com/ZwUh4tcG Paste#5 | https://pastebin.com/RkdC5arB MySpace | https://www.dehashed.com/search?query=MySpace Paste#3 | https://pastebin.com/GUV70Jqa Paste#2 | https://pastebin.com/2eENex9n Paste#1 | https://pastebin.com/rSd85uLK Onverse | https://www.dehashed.com/search?query=Onverse ------------------------------------------------------------------------------------ [ w ] email: user@0815.ru0clickemail.com appears to be a ten minute email [ ? ] would you like to process the email[y/N]: n [ i ] searching breached accounts on HIBP related to: someuser@gmail.com [ i ] searching for paste dumps on HIBP related to: someuser@gmail.com [ i ] found a total of 6 database breach(es) and a total of 4 paste(s) pertaining to: someuser@gmail.com ---------------------------------------------------------------------------- Breached Site: | Database Link: Adobe | https://www.dehashed.com/search?query=Adobe Paste#4 | http://xn--e1alhsoq4c.xn--p1ai/base/Gmail.txt Paste#3 | https://pastebin.com/GUV70Jqa Paste#2 | https://pred.me/gmail.html Paste#1 | https://pastebin.com/VVgL8Fzp NemoWeb | https://www.dehashed.com/search?query=NemoWeb ----------------------------------------------------------------------------
Программа довольно проста, но для упрощения я привел приемлемые аргументы ниже:
The program is pretty straight forward but for simplicity I have provided the acceptable (venv) admin@Hades:~/whatbreach$ python whatbreach.py --help usage: whatbreach.py [-h] [-e EMAIL] [-l PATH] [-nD] [-nP] [-cT] [-d] optional arguments: -h, --help show this help message and exit mandatory opts: -e EMAIL, --email EMAIL Pass a single email to scan for -l PATH, -f PATH, --list PATH, --file PATH Pass a file containing emails one per line to scan search opts: -nD, --no-dehashed Suppres dehashed output -nP, --no-pastebin Suppress Pastebin output misc opts: -cT, --check-ten-minute Check if the provided email address is a ten minute email or not -d, --download Attempt to dow nload the database if there is one availablearguments below:
Установка
Установка очень проста, просто запустите pip install -r needs.txt
Скачать WhatBreach
¯\_(ツ)_/¯
Примечание: Информация для исследования, обучения или проведения аудита. Применение в корыстных целях карается законодательством РФ.