Passwords

Steps

  • Search through various databases of breached credentials.
  • Look for patterns in the passwords that might have been repeated or rearranged.
  • You might be able to use the same password and/or a variation of the password elsewhere.

Subsections of Passwords

Breached Passwords

dehashed.com (Paid service)

Search by different elements:

  • name
  • email
  • password
  • username
  • IP address
  • domain
  • address
  • phone
  1. Collect all the data, find patterns.
  2. Try to find other emails and see if you can connect them to the same person.
  3. They might use the same password.
  4. Connect everything together and notate everything so it can be replicated.

hashes.org - no longer online.
reddit.com/r/DataHoarder/comments/ohlcye/hashesorg_archives_of_all_cracked_hash_lists_up
github.com/rarecoil/hashes.org-list

hashmob.net/
HashMob allows anyone to submit hashes discovered in database breaches (or other sources) and share them with the community so that everyone can collaborate on recovering the original plaintexts.

Note: You’ll probably have to pay for anything that is extensive and current.

weleakinfo.io (need to pay)
leakcheck.io (need to pay)
snusbase.com (need to pay)
scylla.so (coming soon?)
haveibeenpwned.com
haveibeenpwned.com/API/v2
breachdirectory.org

github.com/thewhiteh4t/pwnedOrNot
github.com/khast3x/h8mail