¿Cómo verificar cuáles de tus contraseñas fueron filtradas?

davidtavarez

Recientemente publiqué un en mi cuenta de github una herramienta que permite, desde la terminal, verificar en pwndb si un correo fue filtrado. Lo interesante de éste servicio es que te dá la contraseña en texto plano.

Éstos son los pasos para instalar:

$ git clone https://github.com/davidtavarez/pwndb
Cloning into 'pwndb'...
remote: Enumerating objects: 10, done.
remote: Counting objects: 100% (10/10), done.
remote: Compressing objects: 100% (9/9), done.
remote: Total 10 (delta 2), reused 4 (delta 0), pack-reused 0
Unpacking objects: 100% (10/10), done.

$ cd pwndb

$ virtualenv venv
New python executable in /Users/davidtavarez/pwndb/venv/bin/python
Installing setuptools, pip, wheel...done.

$ source venv/bin/activate

(venv) $ pip install -r requirements.txt
Collecting PySocks==1.6.8 (from -r requirements.txt (line 1))
...

(venv) $ python pwndb.py -h

usage: pwndb.py [-h] [--target TARGET] [--list LIST] [--output OUTPUT]

optional arguments:
  -h, --help       show this help message and exit
  --target TARGET  Target email/domain to search for leaks.
  --list LIST      A list of emails in a file to search for leaks.
  --output OUTPUT  Return results as json/txt

Ejemplos de uso

Para consultar un correo, puedes utilizarlo de la siguiente manera:

$ python pwndb.py --target [email protected]
[-] Searching for leaks...
[+] [email protected]:alex1994
[+] [email protected]:fatboy124
[+] [email protected]:friend1
[+] [email protected]:girl
[+] [email protected]:lolomgbff
[+] [email protected]:password
[+] [email protected]:rahulkadam

Si necesitas consultar un dominio:

$ python pwndb.py --target @probando.com
[-] Searching for leaks...
[+] [email protected]:marlboro
[+] [email protected]:probando123456
[+] [email protected]:123zxc

Para utilizar una lista de correos, puedes hacerlo pasando como argumento un archivo:

$ python pwndb.py --list targets_example.txt
[-] Searching for leaks...
[+] [email protected]:alex1994
[+] [email protected]:fatboy124
[+] [email protected]:friend1
[+] [email protected]:girl
[+] [email protected]:lolomgbff
[+] [email protected]:password
[+] [email protected]:rahulkadam
[+] [email protected]:123456789
[+] [email protected]:smith
[+] [email protected]:cslax21
[+] [email protected]:paska1
[+] [email protected]:sailormoon
[+] [email protected]:woof02

Si quieres usar un wildcard (%) sería algo como lo que sigue:

$ python pwndb.py --target pruebaprueba%
[-] Searching for leaks...
[+] [email protected]:niputaidea46
[+] [email protected]:prueba
[+] [email protected]:pruebaprueba
[+] [email protected]:70203823
[+] [email protected]:nvbyhd
[+] [email protected]:nvbyhd
[+] [email protected]:1.2.3.4.5.6.
[+] [email protected]:march56134
[+] [email protected]:foteqenu
[+] [email protected]:leganes1
[+] [email protected]:pruebaprueba
[+] [email protected]:yahoo97
[+] [email protected]:yahoo97
[+] [email protected]:pepepepe22
[+] [email protected]:liogeram
[+] [email protected]:liogeram
[+] [email protected]:12345678b
[+] [email protected]:qwerty123
[+] [email protected]:cyruqolo
[+] [email protected]:petete
[+] [email protected]:vega42
[+] [email protected]:ronaldinho10
[+] [email protected]:ronaldinho10
[+] [email protected]:tequila1
[+] [email protected]:hequweve
[+] [email protected]:bufete2014
[+] [email protected]:000000
[+] [email protected]:qwerty2001
[+] [email protected]:jaime135
[+] [email protected]:qamaguzy
[+] [email protected]:vocuripa
[+] [email protected]:joseprue10
[+] [email protected]:114083
[+] [email protected]:114083
[+] [email protected]:pruebajoomla123
[+] [email protected]:prueba
[+] [email protected]:melapela
[+] [email protected]:redsocail1
[+] [email protected]:901121t
[+] [email protected]:admin2014
[+] [email protected]:admin2014
[+] [email protected]:asdfasdf
[+] [email protected]:clave123

Igualmente puedes agregar --output para especificar el tipo de salida que quieres, json o texto plano. Agradecería cualquier tipo de comentario, si encuentras algún problema, favor reportar: https://github.com/davidtavarez/pwndb