Download
pwnedOrNot is an open source OSINT tool designed to investigate whether an email address has been compromised in known data breaches and to identify exposed credentials associated with that account. The tool works by interacting with the HaveIBeenPwned (HIBP) API to determine if a given email address appears in breach databases. If the email is found in a breach, the tool proceeds to search for associated passwords within publicly available data dumps. This two-phase approach allows investigators, security professionals, and researchers to assess the exposure level of compromised accounts using publicly accessible breach information. The tool displays useful breach details such as the name of the breach, the affected domain, the breach date, and several status indicators related to the authenticity and status of the breach. pwnedOrNot can also analyze domains to determine whether they have been involved in breaches and can list all breached domains available through the HIBP database.
Features
- Checks whether an email address has appeared in known data breaches using the HaveIBeenPwned API
- Searches public breach dumps to find exposed passwords linked to compromised emails
- Displays detailed breach metadata including breach name, domain, and breach date
- Provides breach status indicators such as verification, fabrication, retirement, and spam flags
- Supports domain-based searches to check if a specific domain has been involved in breaches
- Allows listing of all breached domains available through the HIBP database
Project Samples
