pwnedOrNot v1.2.6 - OSINT Tool to Find Passwords for Compromised Email Addresses

OSINT Tool to Find Passwords for Compromised Email Accounts
pwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps.


Get In Touch


haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script:
  • Name of Breach
  • Domain Name
  • Date of Breach
  • Fabrication status
  • Verification Status
  • Retirement status
  • Spam Status
And with all this information pwnedOrNot can easily find passwords for compromised emails if the dump is accessible and it contains the password

Tested on
  • Kali Linux 2019.1
  • BlackArch Linux
  • Ubuntu 18.04
  • Kali Nethunter
  • Termux

Ubuntu / Kali Linux / Nethunter / Termux
git clone
cd pwnedOrNot
pip3 install requests
BlackArch Linux
pacman -S pwnedornot

cd pwnedOrNot
git pull

python3 -h

usage: [-h] [-e EMAIL] [-f FILE] [-d DOMAIN] [-n] [-l]
[-c CHECK]

optional arguments:
-h, --help show this help message and exit
-e EMAIL, --email EMAIL Email Address You Want to Test
-f FILE, --file FILE Load a File with Multiple Email Addresses
-d DOMAIN, --domain DOMAIN Filter Results by Domain Name
-n, --nodumps Only Check Breach Info and Skip Password Dumps
-l, --list Get List of all pwned Domains
-c CHECK, --check CHECK Check if your Domain is pwned

# Examples

# Check Single Email
python3 -e <email>
python3 --email <email>

# Check Multiple Emails from File
python3 -f <file name>
python3 --file <file name>

# Filter Result for a Domai n Name [Ex :]
python3 -e <email> -d <domain name>
python3 -f <file name> --domain <domain name>

# Get only Breach Info, Skip Password Dumps
python3 -e <email> -n
python3 -f <file name> --nodumps

# Get List of all Breached Domains
python3 -l
python3 --list

# Check if a Domain is Pwned
python3 -c <domain name>
python3 --check <domain name>


Disqus Comments