How to see the exposed Password of Email or Username with PWNDB

PWNDB is a repository of accounts whose passwords have been exposed. However, you must currently use the Tor browser to be able to query PWNDB account information. Here stores millions of data including emails, passwords. Do you know where this great data source comes from? From hacked forums, blogs, social networks, and hackers who have shared user databases publicly, PWNDB has gathered this information into a huge archive.

Nowadays there are many How to check if your email, account password has been exposed?? However, the data that appears is only 1.2 characters of the password, you do not

How to check all your passwords have been exposed with PWNDB

Warning! Whether or not the use of PWNDB’s resources is legal depends on what you use it for. Should only be used to check if your password has been exposed? Do not check the pass of others, because this will be against the law.

Check with Terminal

Since PWNDB is located on DeepWeb, you need to use Tor to access it. On ParrotOS/Kali Linux we install and start Tor with the following commands:

sudo apt-get install tor

Since I use ParrotOS with Tor pre-installed, just use the command below to start Tor up.
/etc/init.d/tor start

Now we proceed to install PWNDB, open Terminal and type the command:

git clone https://github.com/anonyvietofficial/pwndb.git
cd pwndb
pip install virtualenv
virtualenv venv
source venv/bin/activate
pip install -r requirements.txt

OK, now that the installation is done, next we will find the exposed Password of the Email or the account related to that Email.

You use the command:

python pwndb.py [-h] [--target TARGET] [--list LIST] [--output OUTPUT]

optional arguments:
-h, --help xem hướng dẫn
--target nhập email để tìm mật khẩu của email đó
--list nhập tên file chứa list email muốn tìm
--output xuất file ra json hoặc txt

For example, if you want to find the password of an Email named [email protected], we will execute the following command:

python pwndb.py --target [email protected]

You can omit @yahoo.com just to be python pwndb.py --target hoangtubongdem

it will give more results, if [email protected], @hotmail.com…. contained in the PWNDB database.

WAO! Does this email have many passwords? Means email owner [email protected] used this email to register username in forums, blogs that have been hacked before. And each account she sets a different password. Maybe these 3 passwords are not email login passwords, but can be passwords to login with usernames in forums.

Currently, I do not know how many years PWNDB updated the leaked Database Password? But, my password is also in here, quite sad. In my opinion, maybe this DB was updated about 3.4 years ago or something.

Check Leaked Passwords Using Tor

If you use Windows, you can download Tor Browser and install to be able to access DeepWeb quickly. The browser interface is easier to use to find leaked passwords with PWNDB.

After the installation is complete, open Tor, access to Website of PWNDB.

Enter the information in the Email box for the Password to leak, or enter the Password in the purple Password box to see which accounts/emails are using the Password you entered.

How to know where your password was leaked from?

This time we have to rely on the page https://haveibeenpwned.com/

This is a public data page for you to check if your account has been leaked? and leaking from any source.

Just enter email in the search box and press the button pwned? The results will be listed below. Let’s try to continue re-entering the email [email protected].

Scrolling down to the red area will list you a list of websites that have caused you to reveal your Password. These are: tailieu.vn, verfications.io, VNG (Vinagame)….

If you check your Password is in the list, quickly change your Password Email and social networking accounts, forums… quickly. Your leaked Passwords can be seen by anyone.