reddit hackernews mail facebook facebook linkedin
WhatBreach

WhatBreach

OSINT tool to find breached emails, databases, pastes, and relevant information.

WhatBreach is an OSINT tool that simplifies the task of discovering what breaches an email address has been discovered in. WhatBreach provides a simple and effective way to search either multiple, or a single email address and discover all known breaches that this email has been seen in. From there WhatBreach is capable of downloading the database if it is publicly available, downloading the pastes the email was seen in, or searching the domain of the email for further investigation.

To perform this task successfully WhatBreach takes advantage of the following websites and/or API's:
- haveibeenpwned.com
- dehashed.com
- hunter.io
- pastebin.com
- databases.today
- weleakinfo.com
- emailrep.io

Some interesting features of WhatBreach include the following:
- Ability to detect if the email is a ten minute email or not and prompt to process it or not
- Check the email for deliverable status using hunter.io
- Ability to throttle the requests in order to help prevent HIBP from blocking you
- Download the databases (since they are large) into a directory of your choice
- Search either a single email or a text file containing one email per line