OSINT tool for checking breached email accounts and searching public dumps for passwords
- Stars2.6k
- Forks348
- Open Issues6
MIT
- Python
- Shell
- Dockerfile
About pwnedOrNot
pwnedOrNot checks whether your own email address has been caught up in a known data breach by querying the HaveIBeenPwned v3 API. It is a security tool for assessing your exposure, so you can change affected passwords and tighten accounts that were part of a breach.
For each breach it reports the breach name, domain name, date of breach, fabrication status, verification status, retirement status, and spam status. It can also surface whether your credentials turned up in public dumps, which depends on whether such dumps exist, are accessible, and contain passwords rather than only email addresses.
The tool runs as a command line utility and uses the HaveIBeenPwned v3 API, which requires an API key. It runs on Linux distributions such as Kali Linux and BlackArch, on Android through Termux, and on Windows via WSL2 or a virtual machine.
Key features
- Checks your email against the HaveIBeenPwned v3 API
- Flags whether your credentials reached public dumps
- Shows breach name, domain, and breach date
- Shows fabrication, verification, retirement, and spam status
Details
- First released
- 2018
- API
- HaveIBeenPwned v3
- Platforms
- Linux · Android · CLI
- Deployment
- offline-first
- Input
- Your own email address
- Output
- Breach status and exposure details