Collect information about leaked email addresses from Pastebin
The script parses Pastebin email:password dumps and gathers information about each email address. It supports Google, Trumail, Pipl, FullContact, and HaveIBeenPwned. Moreover, it allows you to send an informational mail to a person about his leaked password, at the end every information lands in Elasticsearch for further exploration.
It supports only one format – email:password.
Everything else will not work!
For now, notification works when it finds a match on FullContact and next send you email address and associated social media accounts.
Install
git clone https://github.com/woj-ciech/pepe.git
pip install -r requirements
Config
{"domains":
{ #domains to whitelist or blacklist
"whitelist": [""],
"blacklist": ["yahoo.com"]
},
"keys":
{ #API KEYS
"pushsafer": "API_KEY",
"fullcontact": "API_KEY",
"pipl": "API_KEY"
},
"gmail":
{ #GMAIL credentials and informational message that will be send
"username": "your_username@gmail.com",
"password": "password",
"message": "Hey,\n\nI am a security researcher and I want to inform you that your password !PASSWORD! has been leaked and you should change it immediately.\nThis email is part of the research, you can find more about it on https://medium.com/@wojciech\n\nStay safe!"},
"elasticsearch":
{ #ElasticSearch connection info
"host": "127.0.0.1",
"port": 9200}
}