🇦🇿 WhatBreach – инструмент OSINT для поиска взломанных электронных email и баз данных – Information Security Squad
🇦🇿 WhatBreach – инструмент OSINT для поиска взломанных электронных email и баз данных

WhatBreach – это инструмент для поиска взломанных эмейлов и соответствующих им базы данных.

Он берет либо одно электронное письмо, либо список электронных писем и ищет их, используя API-интерфейс сайта haveibeenpwned.com, оттуда (если есть какие-либо нарушения) он будет искать ссылку на запрос в разделе Dehashed, относящуюся к базе данных, и выводить все нарушения (если есть).

Если вы пытаетесь найти базу данных, передача определенного флага также попытается загрузить доступные общедоступные базы данных из database.today.

Если запрос найден в общедоступном списке, он загрузит вам базу данных и сохранит ее в домашней папке проектов, которая находится в ~/.whatbre ach_home/downloads.

Примеры

В качестве примера мы будем использовать user@gmail.com в качестве элемента поиска:

(venv) admin@Hades:~/whatbreach$ python whatbreach.py -e "user@gmail.com"
[ i ] starting search on single email address: user@gmail.com
[ i ] searching breached accounts on HIBP related to: user@gmail.com
[ i ] searching for paste dumps on HIBP related to: user@gmail.com
[ i ] found a total of 67 database breach(es) and a total of 59 paste(s) pertaining to: user@gmail.com
------------------------------------------------------------------------------------
Breached Site: | Database Link:
Paste#26 | https://pastebin.com/b0zdYUzc 
Paste#27 | https://pastebin.com/C6YUMUxk 
Paste#24 | https://pastebin.com/JFvBG4HW 
Paste#25 | https://pastebin.com/hi5yXRCn 
Paste#22 | https://pastebin.com/mVrrDb9d 
Paste#23 | https://pastebin.com/jBCPwT1e 
Paste#20 | https://pastebin.com/uyG5ggf8 
Paste#21 | https://pastebin.com/QrudBvXf 
Paste#28 | https://pastebin.com/6fZtANAb 
Paste#29 | https://pastebin.com/gffDmJ5X 
... | ... # truncated to save space
Paste#13 | https://pastebin.com/RLVk8j3E 
Paste#12 | https://pastebin.com/zaN47ZZJ 
Paste#11 | https://pastebin.com/k193QzRG 
Paste#10 | https://pastebin.com/Qhaf51b6 
Paste#17 | http://siph0n.in/exploits.php?id=4440
Paste#16 | https://pastebin.com/j7YX2sJm 
Paste#15 | https://pastebin.com/Sin9fR7f 
Paste#14 | https://pastebin.com/jvSgnZkK 
Paste#19 | https://pastebin.com/2rVemphh 
VK | https://www.dehashed.com/search?query=VK
ArmyForceOnline | https://www.dehashed.com/search?query=ArmyForceOnline
Gawker | https://www.dehashed.com/search?query=Gawker
Paste#9 | http://www.pemiblanc.com/test.txt
Paste#8 | https://pastebin.com/EGS77pC4 
Paste#7 | https://pastebin.com/pQdmx6mc 
Paste#6 | https://pastebin.com/ZwUh4tcG 
Paste#5 | https://pastebin.com/RkdC5arB 
MySpace | https://www.dehashed.com/search?query=MySpace
Paste#3 | https://pastebin.com/GUV70Jqa 
Paste#2 | https://pastebin.com/2eENex9n 
Paste#1 | https://pastebin.com/rSd85uLK 
Onverse | https://www.dehashed.com/search?query=Onverse
------------------------------------------------------------------------------------

У вас также есть возможность подавить обнаруженные вставки:

(venv) admin@Hades:~/whatbreach$ python whatbreach.py -e "user@gmail.com" -nP
[ i ] starting search on single email address: user@gmail.com
[ i ] searching breached accounts on HIBP related to: user@gmail.com
[ i ] searching for paste dumps on HIBP related to: user@gmail.com
[ w ] suppressing discovered pastes
[ i ] found a total of 67 database breach(es) and a total of 0 paste(s) pertaining to: user@gmail.com
------------------------------------------------------------------------------------
Breached Site: | Database Link:
Dropbox | https://www.dehashed.com/search?query=Dropbox
Leet | https://www.dehashed.com/search?query=Leet
MySpace | https://www.dehashed.com/search?query=MySpace
MyHeritage | https://www.dehashed.com/search?query=MyHeritage
ArmyForceOnline | https://www.dehashed.com/search?query=ArmyForceOnline
17Media | https://www.dehashed.co m/search?query=17Media
Xbox360ISO | https://www.dehashed.com/search?query=Xbox360ISO
LinkedIn | https://www.dehashed.com/search?query=LinkedIn
QuinStreet | https://www.dehashed.com/search?query=QuinStreet
Bookmate | https://www.dehashed.com/search?query=Bookmate
... | ... # truncated to save space
Dubsmash | https://www.dehashed.com/search?query=Dubsmash
MangaFox | https://www.dehashed.com/search?query=MangaFox
FashionFantasyGame | https://www.dehashed.com/search?query=FashionFantasyGame
Trillian | https://www.dehashed.com/search?query=Trillian
Disqus | https://www.dehashed.com/search?query=Disqus
NemoWeb | https://www.dehashed.com/search?query=NemoWeb
Gawker | https://www.dehashed.com/search?query=Gawker
CashCrate | https://www.dehashed.com/search?query=CashCrate
Tumblr | https://www.dehashed.com/search?query=Tumblr
PoliceOne | https://www.dehashed.com/search?query=PoliceOne
Onverse | https://www.dehashed.com/search?query=Onverse
Interpals | https://www.dehashed.com/search?query=Interpals
Seedpeer | https://www.dehashed.com/search?query=Seedpeer
HeroesOfNewerth | https://www.dehashed.com/search?query=HeroesOfNewerth
Bell2017 | https://www.dehashed.com/search?query=Bell2017
------------------------------------------------------------------------------------

А также обнаруженные базы данных:

(venv) admin@Hades:~/whatbreach$ python whatbreach.py -e "user@gmail.com" -nD
[ i ] starting search on single email address: user@gmail.com
[ i ] searching breached accounts on HIBP related to: user@gmail.com
[ i ] searching for paste dumps on HIBP related to: user@gmail.com
[ i ] found a total of 67 database breach(es) and a total of 59 paste(s) pertaining to: user@gmail.com
[ w ] suppressing discovered databases
-----------------------------------------------------------------------
Breached Site: | Database Link:
Paste#26 | https://pastebin.com/b0zdYUzc
Paste#27 | https://pastebin.com/C6YUMUxk
Paste#24 | https://pastebin.com/JFvBG4HW
Paste#25 | https://pastebin.com/hi5yXRCn
Paste#22 | https://pastebin.com/mVrrDb9d
Paste#23 | https://pastebin.com/jBCPwT1e
... | ... # truncated to save space
Paste#9 | http://www.pemiblanc.com/test.txt
Paste#8 | https://pastebin.com/EGS77pC4
Paste#7 | https://pastebin.com/pQdmx6mc
Paste#6 | https://pastebin.com/ZwUh4tcG
Paste#5 | https://pastebin.com/RkdC5arB
Paste#4 | https://pastebin.com/4qH2fRMc
Paste#3 | https://pastebin.com/GUV70Jqa
Paste#2 | https://pastebin.com/2eENex9n
Paste#1 | https://pastebin.com/rSd85uLK
Paste#52 | https://pastebin.com/ffkjfRrY
Paste#48 | http://balockae.online/files/Lizard Stresser.txt
Paste#49 | https://pastebin.com/bUq60ZKA
Paste#44 | http://siph0n.in/exploits.php?id=3667
Paste#45 | https://pastebin.com/MAFfXwGA
Paste#46 | http://pxahb.xyz/emailpass/www.chocolate.at.txt
Paste#47 | https://pastebin.com/zchq7iQS
Paste#40 | https://pastebin.com/sj9 eyM5w
Paste#41 | https://pastebin.com/wY9ghBM9
Paste#42 | https://pred.me/gmail.html
Paste#43 | https://pastebin.com/AnTUDMtj
-----------------------------------------------------------------------

Я также реализовал возможность поиска по списку адресов электронной почты и проверки возможности того, что электронное письмо является «Десяти минутным письмом»,система предложит вам продолжить, если эмейл найден:

(venv) admin@Hades:~/whatbreach$ python whatbreach.py -l test.txt -cT
[ i ] parsing email file: test.txt
[ i ] starting search on a total of 3 email(s)
[ i ] searching breached accounts on HIBP related to: user@gmail.com
[ i ] searching for paste dumps on HIBP related to: user@gmail.com
[ i ] found a total of 67 database breach(es) and a total of 59 paste(s) pertaining to: user@gmail.com
------------------------------------------------------------------------------------
Breached Site: | Database Link:
Paste#26 | https://pastebin.com/b0zdYUzc
Paste#27 | https://pastebin.com/C6YUMUxk
Paste#24 | https://pastebin.com/JFvBG4HW
Paste#25 | https://pastebin.com/hi5yXRCn
Paste#22 | https://pastebin.com/mVrrDb9d
Paste#23 | https://pastebin.com/jBCPwT1e
Paste#20 | https://pastebin.com/uyG5ggf8
Paste#21 | https://paste bin.com/QrudBvXf
R2Games | https://www.dehashed.com/search?query=R2Games
NemoWeb | https://www.dehashed.com/search?query=NemoWeb
Disqus | https://www.dehashed.com/search?query=Disqus
Adobe | https://www.dehashed.com/search?query=Adobe
... | ... # truncated to save space
Paste#15 | https://pastebin.com/Sin9fR7f
Paste#14 | https://pastebin.com/jvSgnZkK
Paste#19 | https://pastebin.com/2rVemphh
VK | https://www.dehashed.com/search?query=VK
ArmyForceOnline | https://www.dehashed.com/search?query=ArmyForceOnline
Gawker | https://www.dehashed.com/search?query=Gawker
Paste#9 | http://www.pemiblanc.com/test.txt
Paste#8 | https://pastebin.com/EGS77pC4
Paste#7 | https://pastebin.com/pQdmx6mc
Paste#6 | https://pastebin.com/ZwUh4tcG
Paste#5 | https://pastebin.com/RkdC5arB
MySpace | https://www.dehashed.com/search?query=MySpace
Paste#3 | https://pastebin.com/GUV70Jqa
Paste#2 | https://pastebin.com/2eENex9n
Paste#1 | https://pastebin.com/rSd85uLK
Onverse | https://www.dehashed.com/search?query=Onverse
------------------------------------------------------------------------------------
[ w ] email: user@0815.ru0clickemail.com appears to be a ten minute email
[ ? ] would you like to process the email[y/N]: n
[ i ] searching breached accounts on HIBP related to: someuser@gmail.com
[ i ] searching for paste dumps on HIBP related to: someuser@gmail.com
[ i ] found a total of 6 database breach(es) and a total of 4 paste(s) pertaining to: someuser@gmail.com
----------------------------------------------------------------------------
Breached Site: | Database Link:
Adobe | https://www.dehashed.com/search?query=Adobe
Paste#4 | http://xn--e1alhsoq4c.xn--p1ai/base/Gmail.txt
Paste#3 | https://pastebin.com/GUV70Jqa
Paste#2 | https://pred.me/gmail.html
Paste#1 | https://pastebin.com/VVgL8Fzp
NemoWeb | https://www.dehashed.com/search?query=NemoWeb
----------------------------------------------------------------------------

Программа довольно проста, но для упрощения я привел приемлемые аргументы ниже:

The program is pretty straight forward but for simplicity I have provided the acceptable (venv) admin@Hades:~/whatbreach$ python whatbreach.py --help
usage: whatbreach.py [-h] [-e EMAIL] [-l PATH] [-nD] [-nP] [-cT] [-d]

optional arguments:
-h, --help show this help message and exit

mandatory opts:
-e EMAIL, --email EMAIL
Pass a single email to scan for
-l PATH, -f PATH, --list PATH, --file PATH
Pass a file containing emails one per line to scan

search opts:
-nD, --no-dehashed Suppres dehashed output
-nP, --no-pastebin Suppress Pastebin output

misc opts:
-cT, --check-ten-minute
Check if the provided email address is a ten minute
email or not
-d, --download Attempt to dow nload the database if there is one
availablearguments below:

Установка

Установка очень проста, просто запустите pip install -r needs.txt

Скачать WhatBreach

¯\_(ツ)_/¯

Примечание: Информация для исследования, обучения или проведения аудита. Применение в корыстных целях карается законодательством РФ.

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *