> For the complete documentation index, see [llms.txt](https://viperone.gitbook.io/pentest-everything/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://viperone.gitbook.io/pentest-everything/everything/everything-osint/password-osint.md). # Password OSINT ## Local Database (Linux) Download the 3.2 billion record list **COMB Magnet:** ``` magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3&dn=BreachCompilation&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fglotorrents.pw%3A6969&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337 ``` Once the torrent is downloaded. Use the following password to unzip: ``` +w/P3PRqQQoJ6g ``` ### Breach-Parse Once the database has been downloaded we can use Breach-Parse to pull targeted information from the database. **Breach Parse:** Following the Breach-Parse install instructions we can then run Breach-Parse against the database downloaded earlier. ```bash # Search for all results in a domain breach-parse Domain.txt "/media/sf_CompilationOfManyBreaches/data" # Search for a specific email address breach-parse Email.txt "/media/sf_CompilationOfManyBreaches/data" ``` ```bash breach-parse @example.com Example.txt "/media/sf_CompilationOfManyBreaches/data" ``` ![](/files/I7oO7RgclhEQ9nPV3ahB) Breach-Parse will then create three separate files as shown below. We are then able to read the contents of the master file to read both breached email addresses and plain text passwords. ![](/files/bnwGainccn9W1oYbnwz6) ## Local Database (Windows) Download the 3.2 billion record list **COMB:** Once the torrent is downloaded. Use the following password to unzip (Use 7zip): ``` +w/P3PRqQQoJ6g ``` ### Notepad++ **Notepad++:** In Notepad++ select the pink folder icon to add a folder as a workspace. After adding the data folder from the COMB database we should see something similar as below. ![](/files/ooMIBCaifuEYE6iNGJ1d) We can then right click on the data folder and proceed with "Find in files". Allowing us to specify a search query on the entire database. ![](/files/8NldI46YxLmGScGTmmF7) This will take some time to complete. However, once completed we should see a screen similar to this: ![](/files/9WmUb9YU3zMMNO3fYFii) ## Web Tools ### HaveIBeenPwned **URL:** [https://haveibeenpwned.com/](https://haveibeenpwned.com) ![](/files/rzFbsn7729w6gYkCGVHi) We can see from the example above the account ** has been involved in 21 breaches and 1 paste. A little further down the page we can see what breaches they were and a little more information. Each listing will describe some details about the breach and what was leaked. In some cases, this may be only email addresses and in others, this could be plain text or hashes passwords with related email addresses. ![](/files/bDZu4GOZ1j0WIOBu3opz) In many of these cases it would be feasible to assume the related accounts database breaches are discoverable online whether free or paid for. This site is a useful resource for blue team personnel as with a registered account it is possible to receive notifications for when specific accounts are found in future breaches. The blue team can also verify ownership of a domain and perform a domain wide search on breaches, as well as setup breach notifications for future leaks. ## Resources **BreachDirectory:** **Dehashed:** [https://dehashed.com/](https://dehashed.com) **NTLM:** **WeLeakInfo:** **LeakCheck:** [https://leakcheck.io/](https://leakcheck.io) **SnusBase**: [https://snusbase.com/](https://snusbase.com) **Scylla (Hopefully soon):** [https://scylla.so/](https://scylla.so) **HaveIBeenPwned:** [https://haveibeenpwned.com/](https://haveibeenpwned.com) **ComboList:** --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://viperone.gitbook.io/pentest-everything/everything/everything-osint/password-osint.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.