search
GitHubPsMapExec

Password OSINT

hashtag
Local Database (Linux)

Download the 3.2 billion record list

COMB Magnet: 

magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3&dn=BreachCompilation&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fglotorrents.pw%3A6969&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337

Once the torrent is downloaded. Use the following password to unzip:

+w/P3PRqQQoJ6g

hashtag
Breach-Parse

Once the database has been downloaded we can use Breach-Parse to pull targeted information from the database.

Breach Parse: https://github.com/hmaverickadams/breach-parsearrow-up-right

Following the Breach-Parse install instructions we can then run Breach-Parse against the database downloaded earlier.

# Search for all results in a domain
breach-parse <Domain> Domain.txt "/media/sf_CompilationOfManyBreaches/data"

# Search for a specific email address
breach-parse <Example@Outlook.com> Email.txt "/media/sf_CompilationOfManyBreaches/data"
breach-parse @example.com Example.txt "/media/sf_CompilationOfManyBreaches/data"

Breach-Parse will then create three separate files as shown below. We are then able to read the contents of the master file to read both breached email addresses and plain text passwords.

hashtag
Local Database (Windows)

Download the 3.2 billion record list

COMB: https://github.com/samokosik/COMBarrow-up-right

Once the torrent is downloaded. Use the following password to unzip (Use 7zip):

hashtag
Notepad++

Notepad++: https://notepad-plus-plus.org/downloads/arrow-up-right

In Notepad++ select the pink folder icon to add a folder as a workspace. After adding the data folder from the COMB database we should see something similar as below.

We can then right click on the data folder and proceed with "Find in files". Allowing us to specify a search query on the entire database.

This will take some time to complete. However, once completed we should see a screen similar to this:

hashtag
Web Tools

hashtag
HaveIBeenPwned

URL: https://haveibeenpwned.com/arrow-up-right

We can see from the example above the account example@microsoft.com has been involved in 21 breaches and 1 paste.

A little further down the page we can see what breaches they were and a little more information. Each listing will describe some details about the breach and what was leaked. In some cases, this may be only email addresses and in others, this could be plain text or hashes passwords with related email addresses.

In many of these cases it would be feasible to assume the related accounts database breaches are discoverable online whether free or paid for.

This site is a useful resource for blue team personnel as with a registered account it is possible to receive notifications for when specific accounts are found in future breaches. The blue team can also verify ownership of a domain and perform a domain wide search on breaches, as well as setup breach notifications for future leaks.

hashtag
Resources

BreachDirectory: https://breachdirectory.org/arrow-up-right

Dehashed: https://dehashed.com/arrow-up-right

NTLM: https://ntlm.pw/arrow-up-right

WeLeakInfo: https://weleakinfo.to/v2/arrow-up-right

LeakCheck: https://leakcheck.io/arrow-up-right

SnusBase: https://snusbase.com/arrow-up-right

Scylla (Hopefully soon): https://scylla.so/arrow-up-right

HaveIBeenPwned: https://haveibeenpwned.com/arrow-up-right

ComboList: https://github.com/samokosik/COMBarrow-up-right

Last updated