API tools faq
paste
Advertisement
Sweetening

Untitled

Sweetening
Aug 21st, 2023
68
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.08 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python3
  2.  
  3. import os
  4. import re
  5. import sys
  6. import json
  7. import time
  8. import argparse
  9. import requests
  10.  
  11. R = '\033[31m' # red
  12. G = '\033[32m' # green
  13. C = '\033[36m' # cyan
  14. W = '\033[0m' # white
  15.  
  16. version = '1.2.8'
  17.  
  18. key = ''
  19. useragent = ''
  20. start = ''
  21.  
  22. def banner():
  23. if sys.platform == 'win32':
  24. os.system('cls')
  25. else:
  26. os.system('clear')
  27.  
  28. banner = r'''
  29. ______ _ __ __
  30. ____ _ ______ ___ ____/ / __ \_____/ | / /___ / /_
  31. / __ \ | /| / / __ \/ _ \/ __ / / / / ___/ |/ / __ \/ __/
  32. / /_/ / |/ |/ / / / / __/ /_/ / /_/ / / / /| / /_/ / /_
  33. / .___/|__/|__/_/ /_/\___/\__,_/\____/_/ /_/ |_/\____/\__/
  34. /_/
  35. '''
  36. print(G + banner + W)
  37. print(G + '[>]' + C + ' Created by : ' + W + 'thewhiteh4t')
  38. print(G + '[>]' + C + ' Version : ' + W + version + '\n')
  39.  
  40. def api_key():
  41. global key, useragent
  42. try:
  43. with open('key.txt', 'r') as keyfile:
  44. key = keyfile.readline()
  45. key = key.strip()
  46. print(G + '[+]' + C + ' API Key Found...' + W + '\n')
  47. useragent = {'User-Agent': 'pwnedOrNot', 'hibp-api-key': key}
  48. except FileNotFoundError:
  49. print(R + '[-]' + C + ' API Key Not Found...' + W + '\n')
  50. print(G + '[+]' + C + ' Get your API Key : ' + W + 'https://haveibeenpwned.com/API/Key' + '\n')
  51. enter_key = input(G + '[+]' + C + ' Enter your API Key : ' + W)
  52. enter_key = enter_key.strip()
  53. with open('key.txt', 'w') as keyfile:
  54. keyfile.write(enter_key)
  55. key_path = os.getcwd() + '/key.txt'
  56. print(G + '[+]' + C + ' Saved API Key in : ' + W + key_path + '\n')
  57.  
  58. def main():
  59. global addr, start
  60. start = time.time()
  61.  
  62. if list_domain is True:
  63. domains_list()
  64. elif check_domain:
  65. domain_check()
  66. elif addr is not None and domain is not None:
  67. filtered_check()
  68. elif addr is not None and domain is None:
  69. check()
  70. elif file is not None and domain is None:
  71. print (G + '[+]' + C + ' Reading Emails Addresses from ' + W + '{}'.format(file) + '\n')
  72. with open(file) as dict:
  73. for line in dict:
  74. line = line.strip()
  75. addr = line
  76. if addr != '':
  77. check()
  78. time.sleep(1.6)
  79. elif file != None and domain != None:
  80. print(G + '[+]' + C + ' Reading Emails Addresses from ' + W + '{}'.format(file) + '\n')
  81. print(G + '[+]' + C + ' Domain : ' + W + domain)
  82. with open(file) as dict:
  83. for line in dict:
  84. line = line.strip()
  85. addr = line
  86. if addr != '':
  87. filtered_check()
  88. time.sleep(1.6)
  89. else:
  90. print('\n' + R + '[-]' + C + ' Error : Atleast 1 Argument is Required, Try : python3 pwnedornot.py -h' + W)
  91. exit()
  92.  
  93. def check():
  94. print(G + '[+]' + C + ' Checking Breach status for ' + W + '{}'.format(addr), end = '')
  95. rqst = requests.get('https://haveibeenpwned.com/api/v3/breachedaccount/{}'.format(addr), headers=useragent, params={'truncateResponse': 'false'}, timeout=10)
  96. sc = rqst.status_code
  97.  
  98. if sc == 200:
  99. print(G + ' [ pwned ]' + W)
  100. json_out = rqst.content.decode('utf-8', 'ignore')
  101. simple_out = json.loads(json_out)
  102. for item in simple_out:
  103. print( '\n'
  104. + G + '[+]' + C + ' Breach : ' + W + str(item['Title']) + '\n'
  105. + G + '[+]' + C + ' Domain : ' + W + str(item['Domain']) + '\n'
  106. + G + '[+]' + C + ' Date : ' + W + str(item['BreachDate']) + '\n'
  107. + G + '[+]' + C + ' Fabricated : ' + W + str(item['IsFabricated']) + '\n'
  108. + G + '[+]' + C + ' Verified : ' + W + str(item['IsVerified']) + '\n'
  109. + G + '[+]' + C + ' Retired : ' + W + str(item['IsRetired']) + '\n'
  110. + G + '[+]' + C + ' Spam : ' + W + str(item['IsSpamList']))
  111. if nodumps is not True:
  112. dump()
  113. elif sc == 404:
  114. print(R + ' [ Not Breached ]' + W)
  115. if nodumps is not True:
  116. dump()
  117. elif sc == 503:
  118. print('\n')
  119. print(R + '[-]' + C + ' Error 503 : ' + W + 'Request Blocked by Cloudflare DDoS Protection')
  120. elif sc == 403:
  121. print('\n')
  122. print(R + '[-]' + C + ' Error 403 : ' + W + 'Request Blocked by haveibeenpwned API')
  123. print('\n-------------------------------------------------')
  124. print('Email This Complete Response at troy@troyhunt.com')
  125. print('-------------------------------------------------\n')
  126. print(rqst.text)
  127. else:
  128. print('\n')
  129. print(R + '[-]' + C + ' An Unknown Error Occurred')
  130. print(rqst.text)
  131.  
  132. def filtered_check():
  133. print('\n' + G + '[+]' + C + ' Checking Breach status for ' + W + '{}'.format(addr), end='')
  134. rqst = requests.get('https://haveibeenpwned.com/api/v3/breachedaccount/{}?domain={}'.format(addr, domain), headers=useragent, params={'truncateResponse': 'false'}, verify=True, timeout=10)
  135. sc = rqst.status_code
  136.  
  137. if sc == 200:
  138. print(G + ' [ pwned ]' + W)
  139. json_out = rqst.content.decode('utf-8', 'ignore')
  140. simple_out = json.loads(json_out)
  141.  
  142. for item in simple_out:
  143. print( '\n'
  144. + G + '[+]' + C + ' Breach : ' + W + str(item['Title']) + '\n'
  145. + G + '[+]' + C + ' Domain : ' + W + str(item['Domain']) + '\n'
  146. + G + '[+]' + C + ' Date : ' + W + str(item['BreachDate']) + '\n'
  147. + G + '[+]' + C + ' Fabricated : ' + W + str(item['IsFabricated']) + '\n'
  148. + G + '[+]' + C + ' Verified : ' + W + str(item['IsVerified']) + '\n'
  149. + G + '[+]' + C + ' Retired : ' + W + str(item['IsRetired']) + '\n'
  150. + G + '[+]' + C + ' Spam : ' + W + str(item['IsSpamList']))
  151. if nodumps is not True:
  152. dump()
  153. elif sc == 404:
  154. print(R + ' [ Not Breached ]' + W)
  155. if nodumps is not True:
  156. dump()
  157. elif sc == 503:
  158. print('\n')
  159. print(R + '[-]' + C + ' Error 503 : ' + W + 'Request Blocked by Cloudflare DDoS Protection')
  160. elif sc == 403:
  161. print('\n')
  162. print(R + '[-]' + C + ' Error 403 : ' + W + 'Request Blocked by Cloudflare')
  163. else:
  164. print('\n')
  165. print(R + '[-]' + C + ' An Unknown Error Occurred')
  166. print(rqst.text)
  167.  
  168. def dump():
  169. dumplist = []
  170. print('\n' + G + '[+]' + C + ' Looking for Dumps...' + W, end = '')
  171. rqst = requests.get('https://haveibeenpwned.com/api/v3/pasteaccount/{}'.format(addr), headers=useragent, timeout=10)
  172. sc = rqst.status_code
  173.  
  174. if sc != 200:
  175. print(R + ' [ No Dumps Found ]' + W)
  176. else:
  177. print(G + ' [ Dumps Found ]' + W + '\n')
  178. json_out = rqst.content.decode('utf-8', 'ignore')
  179. simple_out = json.loads(json_out)
  180.  
  181. for item in simple_out:
  182. if (item['Source']) == 'Pastebin':
  183. link = item['Id']
  184. try:
  185. url = 'https://www.pastebin.com/raw/{}'.format(link)
  186. page = requests.get(url, timeout=10)
  187. sc = page.status_code
  188. if sc == 200:
  189. dumplist.append(url)
  190. print(G + '[+]' + C + ' Dumps Found : ' + W + str(len(dumplist)), end='\r')
  191. if len(dumplist) == 0:
  192. print(R + '[-]' + C + ' Dumps are not Accessible...' + W)
  193. except requests.exceptions.ConnectionError:
  194. pass
  195. elif (item['Source']) == 'AdHocUrl':
  196. url = item['Id']
  197. try:
  198. page = requests.get(url, timeout=10)
  199. sc = page.status_code
  200. if sc == 200:
  201. dumplist.append(url)
  202. print(G + '[+]' + C + ' Dumps Found : ' + W + str(len(dumplist)), end='\r')
  203. if len(dumplist) == 0:
  204. print(R + '[-]' + C + ' Dumps are not Accessible...' + W)
  205. except requests.exceptions.ConnectionError:
  206. pass
  207.  
  208. if len(dumplist) != 0:
  209. print('\n\n' + G + '[+]' + C + ' Passwords:' + W + '\n')
  210. for entry in dumplist:
  211. time.sleep(1.1)
  212. try:
  213. page = requests.get(entry, timeout=10)
  214. dict = page.content.decode('utf-8', 'ignore')
  215. passwd = re.search('{}:(\w+)'.format(addr), dict)
  216. if passwd:
  217. print(G + '[+] ' + W + passwd.group(1))
  218. elif not passwd:
  219. for line in dict.splitlines():
  220. passwd = re.search('(.*{}.*)'.format(addr), line)
  221. if passwd:
  222. print(G + '[+] ' + W + passwd.group(0))
  223. except requests.exceptions.ConnectionError:
  224. pass
  225.  
  226. def domains_list():
  227. domains = []
  228. print(G + '[+]' + C + ' Fetching List of Breached Domains...' + W + '\n')
  229. rqst = requests.get('https://haveibeenpwned.com/api/v3/breaches', headers=useragent, timeout=10)
  230. sc = rqst.status_code
  231.  
  232. if sc == 200:
  233. json_out = rqst.content.decode('utf-8', 'ignore')
  234. simple_out = json.loads(json_out)
  235. for item in simple_out:
  236. domain_name = item['Domain']
  237. if len(domain_name) != 0:
  238. print (G + '[+] ' + W + str(domain_name))
  239. domains.append(domain_name)
  240. print('\n' + G + '[+]' + C + ' Total : ' + W + str(len(domains)))
  241. elif sc == 503:
  242. print(R + '[-]' + C + ' Error 503 : ' + W + 'Request Blocked by Cloudflare DDoS Protection')
  243. elif sc == 403:
  244. print(R + '[-]' + C + ' Error 403 : ' + W + 'Request Blocked by Cloudflare')
  245. else:
  246. print(R + '[-]' + C + ' An Unknown Error Occurred')
  247. print(rqst.text)
  248.  
  249. def domain_check():
  250. print(G + '[+]' + C + ' Domain Name : ' + W + check_domain, end = '')
  251. rqst = requests.get('https://haveibeenpwned.com/api/v3/breaches?domain={}'.format(check_domain), headers=useragent, timeout=10)
  252. sc = rqst.status_code
  253. if sc == 200:
  254. json_out = rqst.content.decode('utf-8', 'ignore')
  255. simple_out = json.loads(json_out)
  256. if len(simple_out) != 0:
  257. print(G + ' [ pwned ]' + W)
  258. for item in simple_out:
  259. print( '\n'
  260. + G + '[+]' + C + ' Breach : ' + W + str(item['Title']) + '\n'
  261. + G + '[+]' + C + ' Domain : ' + W + str(item['Domain']) + '\n'
  262. + G + '[+]' + C + ' Date : ' + W + str(item['BreachDate']) + '\n'
  263. + G + '[+]' + C + ' Pwn Count : ' + W + str(item['PwnCount']) + '\n'
  264. + G + '[+]' + C + ' Fabricated : ' + W + str(item['IsFabricated']) + '\n'
  265. + G + '[+]' + C + ' Verified : ' + W + str(item['IsVerified']) + '\n'
  266. + G + '[+]' + C + ' Retired : ' + W + str(item['IsRetired']) + '\n'
  267. + G + '[+]' + C + ' Spam : ' + W + str(item['IsSpamList']) + '\n'
  268. + G + '[+]' + C + ' Data Types : ' + W + str(item['DataClasses']))
  269. else:
  270. print(R + ' [ Not Breached ]' + W)
  271. elif sc == 503:
  272. print('\n')
  273. print(R + '[-]' + C + ' Error 503 : ' + W + 'Request Blocked by Cloudflare DDoS Protection')
  274. elif sc == 403:
  275. print('\n')
  276. print(R + '[-]' + C + ' Error 403 : ' + W + 'Request Blocked by Cloudflare')
  277. else:
  278. print('\n')
  279. print(R + '[-]' + C + ' An Unknown Error Occurred')
  280. print(rqst.text)
  281.  
  282. def quit():
  283. global start
  284. print('\n' + G + '[+]' + C + ' Completed in ' + W + str(time.time()-start) + C + ' seconds.' + W)
  285. exit()
  286.  
  287. try:
  288. banner()
  289.  
  290. ap = argparse.ArgumentParser()
  291. ap.add_argument('-e', '--email', required=False,
  292. help='Email Address You Want to Test')
  293. ap.add_argument('-f', '--file', required=False,
  294. help='Load a File with Multiple Email Addresses')
  295. ap.add_argument('-d', '--domain', required=False,
  296. help='Filter Results by Domain Name')
  297. ap.add_argument('-n', '--nodumps', required=False, action='store_true',
  298. help='Only Check Breach Info and Skip Password Dumps')
  299. ap.add_argument('-l', '--list', required=False, action='store_true',
  300. help='Get List of all pwned Domains')
  301. ap.add_argument('-c', '--check', required=False,
  302. help='Check if your Domain is pwned')
  303. arg = ap.parse_args()
  304. addr = arg.email
  305. file = arg.file
  306. domain = arg.domain
  307. nodumps = arg.nodumps
  308. list_domain = arg.list
  309. check_domain = arg.check
  310.  
  311. api_key()
  312. main()
  313. quit()
  314. except KeyboardInterrupt:
  315. print('\n' + R + '[!]' + C + ' Keyboard Interrupt.' + W)
  316. exit()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!