WhatBreach – OSINT Tool to Find Breached Data

WhatBreach is a tool to search for breached emails and their corresponding database. It takes either a single email or a list of emails and searches them leveraging haveibeenpwned.com’s API, from there (if there are any breaches) it will search for the query link on Dehashed pertaining to the database, and output all breaches along with all pastes that this email is included in (if any).

WhatBreach - OSINT Tool to Find Breached Emails and Databases
WhatBreach – OSINT Tool to Find Breached Emails and Databases

If you are trying to find the database, passing a certain flag will also attempt to download available freely public databases from databases.today. If the query is found within the publicly listed it will download the database for you and save it into the projects home folder which will be located under ~/.whatbreach_home/downloads.

There are several options to search online for breached emails or database as an example:

  • Just to provide the email you are looking to search and the tool will make search in breached accounts on HIBP next it will search for paste dumps using the same source. if there is any link identified you will have the list of links so you review the finding.
  • Another option is to search for list of email addresses so you add the list to text file that will be used for searching breached information online.
  • in case you are looking to suppress dehashed or pastebin links you can add this in the command and you will have the required OSINT data.

Once you have the list of online information user may start to process and investigate the data to see if this is a real leaked/breached information or it is just an outdated or fake information. You can also report the link for removal if this is a real compromised data and alert the affected user to change the account information.

You can read more and download this tool over here: https://github.com/Ekultek/WhatBreach

Share