Hunting Breached Credentials
- https://dehashed.com/
- El brimo, the besttt
- Snusbase - Database Search Engine
- OG was the best: WeLeakInfo - https://weleakinfo.to/v2/
- LeakCheck - https://leakcheck.io/
- Scylla.sh - https://scylla.sh/
- search works like this:
- email:shark@tesla.com
- looks for info for that email
- HaveIBeenPwned - https://haveibeenpwned.com/
- Use Notify Me to find if you have been breached
- Intelligence X (intelx.io)
- DAA
Relate different accounts together. Password reuse is good to tie multiple emails together if the password is unique enough
We gather enough information from personal accounts so we can break into the organization’s account.
Works for investigation as well to find who is the person or tie “anon” emails.
Get the IP or usernames or stuff like that and find what other credentials are shared. ZigZag the info