Ethical Hacking Tutorials

Ethical Hacking Tutorials, Tips and Tricks

pwnedOrNot – Find Passwords for Compromised Email Accounts

pwnedOrNot is a python script which checks if the email account has been compromised in a data breach if the email account is compromised it proceeds to find passwords for the compromised account.

It uses haveibeenpwned v2 API to test email accounts and searches for the password in Pastebin Dumps.


haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script:

  • Name of Breach
  • Domain Name
  • Date of Breach
  • Fabrication status
  • Verification Status
  • Retirement status
  • Spam Status

And with all this information pwnedOrNot can easily find passwords for compromised emails if the dump is accessible and it contains the password.



Ubuntu and Kali

# Python 2
pip install cfscrape
apt-get install nodejs

# Python 3
apt-get install python3-pip
pip3 install requests
pip3 install cfscrape


# Python 2
pkg install python2
pkg install git
pip2 install requests
pip2 install cfscrape

# Python 3
pkg install python2
pip install requests
pip install cfscrape


git clone


python -h
usage: [-h] [-e EMAIL] [-f FILE]

optional arguments:
  -h, --help              show this help message and exit
  -e EMAIL, --email EMAIL Email account you want to test
  -f FILE, --file FILE    Load a file with multiple email accounts





Updated: April 23, 2019 — 4:20 pm

Leave a Reply

Your email address will not be published. Required fields are marked *

Ethical Hacking Tutorials © 2018
Skip to toolbar