๐ต๏ธโโ๏ธ Breach & Leak Investigation Resources
๐ Leak Search Engines
| Name / Website | Description | Link |
|---|---|---|
| Have I Been Pwned | Checks if an email or username appears in known data breaches | ๐ |
| psbdmp.ws (Pastebin Monitor) | Searches Pastebin dumps via API | Usage: https://psbdmp.ws/api/search/<email> | ๐ |
| Breach Directory | Search for compromised credentials | ๐ |
| IntelX | Search across IPs, emails, domains, Bitcoin addresses, etc. | ๐ |
| Snusbase | Leak search engine (registration required) | ๐ |
| Dehashed | Similar to IntelX, credential-focused | ๐ |
| Leakcheck | Search for compromised email/username/password credentials | ๐ |
| Leakpeek | Simple search engine for credential leaks | ๐ |
| Hudson Rock (Cavalier API) | Checks if an email/domain/company appears in stealer logs | Usage: https://cavalier.hudsonrock.com/api/[email protected] | ๐ |
| Oathnet | Search for digital footprints (5 free searches/day) | ๐ |
๐ ๏ธ Leak Analysis & OSINT Tools
| Name / Tool | Description |
|---|---|
| WhatBreach | OSINT tool to discover breaches related to an email (using public databases) |
| h8mail & pwnedOrNot | Searches for compromised passwords associated with an email |
| Infoga | Collects email information from public sources + HIBP API |
| FOCA | Metadata extraction from Word documents |
๐ Leak Data Verification
- Guide : How to Verify Leak Data (Medium)
๐ผ๏ธ Metadata Analysis
Extract metadata from a batch of images or documents:
- ๐ PDFMiner
- ๐ metadata2go.com
- ๐ Jimpl
- ๐ VerEXIF
- ๐ Metadata Interrogator
Automation example (PDF):
import fitz
from datetime import datetime
def extract_creation_date(pdf_path):
with fitz.open(pdf_path) as doc:
try:
creation_date = doc.metadata.get("creationDate")
if creation_date:
creation_date = datetime.strptime(creation_date[2:16], "%Y%m%d%H%M%S")
return creation_date
else:
return None
except Exception as e:
print(f"Error extracting creation date from {pdf_path}: {e}")
return None
if __name__ == "__main__":
pdf_paths = ["file1.pdf", "file2.pdf", "file3.pdf"]
creation_dates = []
for path in pdf_paths:
creation_date = extract_creation_date(path)
if creation_date:
creation_dates.append((path, creation_date))
creation_dates.sort(key=lambda x: x[1])
print("๐ PDF Creation Dates (chronological order):")
for i, (pdf_path, date) in enumerate(creation_dates, start=1):
print(f"{i}. {pdf_path} - {date}")๐ก๏ธ Virus Scan
โ ๏ธ Never analyze raw leak data without caution:
- Use an isolated machine, preferably behind Tor
- Scan dumps with multiple antivirus engines
- If the dump is on an external drive: scan the entire drive
๐ผ๏ธ Visual Verification (Photos / Graphs)
- Yandex Reverse Image Search โ Good at detecting photos, less effective for graphics.
- Search through Slideshare : Example dork
- Use Chronolocation techniques : Bellingcat Chronolocation Techniques
โ๏ธ Signature Verification
Compare digital file signatures