OSINT Password
Last updated
Last updated
We can use cost money
If a similar password pops multiple times it means it could be used somewhere else.
Dehashed will also allow us to lookup for password and give information on where it is coming from
Get the tool
This tool will searched through the breach data and pull down names
./breach-parse.sh @domain.com outfile.txt
gather breached emails and passwords from the mentionned domain and put it in a file using the name mentioned
At the end of the execution we will get 3 files outfile-master.txt
with email and passwords, outfile-passwords.txt
with the pulled passwords nd outfile-users.txt
with the users
If we get hash:
We can try to crack it
It can be useful to search it and see if it ties back to something else
Developers often share whole sections of code on StackOverflow (we could find leaks there)
Github migh have private keys or secret as well