Recientemente publiqué un en mi cuenta de github una herramienta que permite, desde la terminal, verificar en pwndb si un correo fue filtrado. Lo interesante de éste servicio es que te dá la contraseña en texto plano.
Éstos son los pasos para instalar:
$ git clone https://github.com/davidtavarez/pwndb
Cloning into 'pwndb'...
remote: Enumerating objects: 10, done.
remote: Counting objects: 100% (10/10), done.
remote: Compressing objects: 100% (9/9), done.
remote: Total 10 (delta 2), reused 4 (delta 0), pack-reused 0
Unpacking objects: 100% (10/10), done.
$ cd pwndb
$ virtualenv venv
New python executable in /Users/davidtavarez/pwndb/venv/bin/python
Installing setuptools, pip, wheel...done.
$ source venv/bin/activate
(venv) $ pip install -r requirements.txt
Collecting PySocks==1.6.8 (from -r requirements.txt (line 1))
...
(venv) $ python pwndb.py -h
usage: pwndb.py [-h] [--target TARGET] [--list LIST] [--output OUTPUT]
optional arguments:
-h, --help show this help message and exit
--target TARGET Target email/domain to search for leaks.
--list LIST A list of emails in a file to search for leaks.
--output OUTPUT Return results as json/txt
Para consultar un correo, puedes utilizarlo de la siguiente manera:
$ python pwndb.py --target [email protected]
[-] Searching for leaks...
[+] [email protected]:alex1994
[+] [email protected]:fatboy124
[+] [email protected]:friend1
[+] [email protected]:girl
[+] [email protected]:lolomgbff
[+] [email protected]:password
[+] [email protected]:rahulkadam
Si necesitas consultar un dominio:
$ python pwndb.py --target @probando.com
[-] Searching for leaks...
[+] [email protected]:marlboro
[+] [email protected]:probando123456
[+] [email protected]:123zxc
Para utilizar una lista de correos, puedes hacerlo pasando como argumento un archivo:
$ python pwndb.py --list targets_example.txt
[-] Searching for leaks...
[+] [email protected]:alex1994
[+] [email protected]:fatboy124
[+] [email protected]:friend1
[+] [email protected]:girl
[+] [email protected]:lolomgbff
[+] [email protected]:password
[+] [email protected]:rahulkadam
[+] [email protected]:123456789
[+] [email protected]:smith
[+] [email protected]:cslax21
[+] [email protected]:paska1
[+] [email protected]:sailormoon
[+] [email protected]:woof02
Si quieres usar un wildcard (%) sería algo como lo que sigue:
$ python pwndb.py --target pruebaprueba%
[-] Searching for leaks...
[+] [email protected]:niputaidea46
[+] [email protected]:prueba
[+] [email protected]:pruebaprueba
[+] [email protected]:70203823
[+] [email protected]:nvbyhd
[+] [email protected]:nvbyhd
[+] [email protected]:1.2.3.4.5.6.
[+] [email protected]:march56134
[+] [email protected]:foteqenu
[+] [email protected]:leganes1
[+] [email protected]:pruebaprueba
[+] [email protected]:yahoo97
[+] [email protected]:yahoo97
[+] [email protected]:pepepepe22
[+] [email protected]:liogeram
[+] [email protected]:liogeram
[+] [email protected]:12345678b
[+] [email protected]:qwerty123
[+] [email protected]:cyruqolo
[+] [email protected]:petete
[+] [email protected]:vega42
[+] [email protected]:ronaldinho10
[+] [email protected]:ronaldinho10
[+] [email protected]:tequila1
[+] [email protected]:hequweve
[+] [email protected]:bufete2014
[+] [email protected]:000000
[+] [email protected]:qwerty2001
[+] [email protected]:jaime135
[+] [email protected]:qamaguzy
[+] [email protected]:vocuripa
[+] [email protected]:joseprue10
[+] [email protected]:114083
[+] [email protected]:114083
[+] [email protected]:pruebajoomla123
[+] [email protected]:prueba
[+] [email protected]:melapela
[+] [email protected]:redsocail1
[+] [email protected].com:901121t
[+] [email protected]:admin2014
[+] [email protected]:admin2014
[+] [email protected]:asdfasdf
[+] [email protected]:clave123
Igualmente puedes agregar --output
para especificar el tipo de salida que quieres, json o texto plano. Agradecería cualquier tipo de comentario, si encuentras algún problema, favor reportar: https://github.com/davidtavarez/pwndb
Pareces nuevo por aquí. Si quieres participar, ¡pulsa uno de estos botones!
Comentarios
Para complementar el articulo, si aparece en una auditoria alguna cuenta comprometida, esta herramienta ayuda a verificar el reuso de contraseñas, en algunas plataformas.
https://github.com/D4Vinci/Cr3dOv3r