Skip to content

Latest commit

 

History

History
97 lines (80 loc) · 5.39 KB

README.md

File metadata and controls

97 lines (80 loc) · 5.39 KB

TrashSearch

Searching the TrashPanda OSINT bot API to check if your email/domain or password was leaked.

Anurag's GitHub stats

$ python3 TrashSearch.py -h

MMMMMMMMMMMMMMMMMMMMMMMMNKXNWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWNXKNMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMNo..';cxXMMMMMMMMMMMMMMMMMMMMMMMMMMMWKdc;'..lNMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMK,      ;0XXWMMMWNXK0XNWX0KXNWMMMMNNk'      '0MMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMO.      .xo,dkoc;'dkocccdkoc',:okxcko       .kMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMM0'      .ox'                     .:k:       .OMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMX:                                          ;KMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMk.                                        .xWMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMWx.                                      .dWMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMM0'                  ..                  .OMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMx.      ...                    ...       dWMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMNl .':oxO0K0Oko,            'lxO0K0Okoc,. cNMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMNkd0NMMMMMWXNWMNo.        .lXMWNXWMMMMMN0dxNMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMXo';xNMK,        '0MWk;'lXMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMXo;xXWWx.        .dWWXx;lXMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWNWMWO,  .:llc.  .kWMWNWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNd.   :KWWXc   .dXMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMN0o,  ....cxxl....  'oONWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMXkxxdl:'.     ..........     .':lodxkXMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMXd'                                'oXMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMXkc'                          .:xXWMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMWWWWWWWWWNKkoc,..              ..,:okKNWWWWWWWWWMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMWWNXK00OOkkxxddooollllccc:;,,,,,,,,,,,,,,,,;:ccclllloooddxxkkOO0KKXNWMMMMMMMMMMMM
MMMMMMMMMMMMMMMWWWWWWNNNNNNXXXXXXXXKKKKKKKKKKKKKKKKKKKKKKKXXXXXXXXXNNNNNNWWWWWWMMMMMMMMMMMMMM

usage: TrashSearch.py [-h] [-m MODE] -v VALUE [-w] [-s SOURCES]

Searching the TrashPanda OSINT bot API to check if your email/domain or
password was leaked. To avoid abuse (when running as anonymous user) the
email/domain search does not disclose passwords and the password search does
not disclose the corresponding email/domain.

optional arguments:
  -h, --help            show this help message and exit
  -m MODE, --mode MODE  Select mode [0 = email/domain search, 1 = password
                        search] default = 0
  -v VALUE, --value VALUE
                        email/domain or password to check for leaks
  -w, --wildcard        Enables wildcard mode when searching a domain. Adds a
                        wildcard in front of the target domain (e.g.:
                        *example.com) to also check for subdomains.
  -s SOURCES, --sources SOURCES
                        Data sources to search [g = ghostbin.co, p =
                        pastebin.com, z = 0paste.com]. You can combine
                        sources. example: '-s gz'. default = gpz

example usage: python3 TrashSearch.py -v [email protected] -s gz

Intro and Configuration

This tool tells you if your email/domain or password was identified by the TrashPanda OSINT bot.

The tool works out of the box with anonymous credentials provided inside the auth.conf file. To avoid abuse the anonymous email/domain search does not disclose passwords and the password search does not disclose the corresponding email/domain.

auth.conf:

username=anonymous
password=Uh324)nwh64AL

If you are a whitehat researcher and I granted you access to the TrashPanda API, you can subsitute the anonymous credentials inside auth.conf with your login information to get raw leak data when using this tool.

You are a whitehat researcher but I did not grant you access to the TrashPanda API so far? Visit https://got-hacked.wtf/ for more information

Parameters

  • m: mode to use [0 = email/domain search, 1 = password search]
  • v: depends on the mode what kind of value is expected here. Mode 0 expects an email/domain and mode 1 expects a password.
  • w: enables wildcard search when combined with a domain search. Adds a wildcard in front of the target domain (e.g.: *example.com).
  • s: data sources to search [g = ghostbin.co, p = pastebin.com, z = 0paste.com]. You can combine data sources.

Example Usage

Lookup if [email protected] got pwned and published on ghostbin.co or 0paste.com

python3 TrashSearch.py -v [email protected] -s gz

Lookup if accounts from the domain example.com got pwned and published on ghostbin.co, 0paste.com or pastebin.com

python3 TrashSearch.py -v example.com 

Lookup if accounts from the domain example.com and all its subdomains got pwned and published on ghostbin.co, 0paste.com or pastebin.com

python3 TrashSearch.py -v example.com -w

Lookup if the password 123456 was published in credential leaks on ghostbin.co, 0paste.com or pastebin.com

python3 TrashSearch.py -m 1 -v 123456