DehashedDumper

Python3 script to dump breach data from Dehashed

💬 Description

DehashedDumper is a Python 3 script that dumps breach data from the Dehashed Leak API.

The script either takes a single domain name or a file with newline separated domain names. It will then query breach data for each target domain and output the results into outfiles. If you supply the --full command, all breach data from Dehashed's API is stored in a separate CSV outfile. The CSV will be extended with private information about breaches, e.g. a description, the breach date as well as the amount and type of leaked data.

✨ Requirements

DehashedDumper talks with the official Dehashed API, which requires authentication. Therefore, you must have a valid subscription and enough API tokens on Dehashed. You can retrieve your API key from your Dehashed profile. Use your email address for the API authentication.

Your authentication credentials are passed via the CLI parameters --email and --api-token.

🎓 Usage

usage: dehasheddumper.py [-h] (--domain <domain> | --domains <file>) [--email <email>] [--api-token <token>] [--full]

options:
  -h, --help              show this help message and exit
  --domain <domain>       Domain name to extract leaks
  --domains <file>        Newline separated file with domain names
  --email <email>         Dehashed email account
  --api-token <token>     Dehashed API token
  --full                  Dump all data from Dehashed into CSV

🐳 Example 1 - Docker Run

docker run --rm -v ${PWD}:/app/results l4rm4nd/dehasheddumper:latest --domain apple.com --email <email> --api-token <token> --full

🐍 Example 2 - Native Python

# install dependencies
pip install -r requirements.txt

python3 dehasheddumper.py --domain apple.com --email <email> --api-token <token> --full

💎 Outputs

$ python3 dehasheddumper.py --domains domains.txt --full

▓█████▄ ▓█████▄  █    ██  ███▄ ▄███▓ ██▓███  ▓█████  ██▀███  
▒██▀ ██▌▒██▀ ██▌ ██  ▓██▒▓██▒▀█▀ ██▒▓██░  ██▒▓█   ▀ ▓██ ▒ ██▒
░██   █▌░██   █▌▓██  ▒██░▓██    ▓██░▓██░ ██▓▒▒███   ▓██ ░▄█ ▒
░▓█▄   ▌░▓█▄   ▌▓▓█  ░██░▒██    ▒██ ▒██▄█▓▒ ▒▒▓█  ▄ ▒██▀▀█▄  
░▒████▓ ░▒████▓ ▒▒█████▓ ▒██▒   ░██▒▒██▒ ░  ░░▒████▒░██▓ ▒██▒
 ▒▒▓  ▒  ▒▒▓  ▒ ░▒▓▒ ▒ ▒ ░ ▒░   ░  ░▒▓▒░ ░  ░░░ ▒░ ░░ ▒▓ ░▒▓░
 ░ ▒  ▒  ░ ▒  ▒ ░░▒░ ░ ░ ░  ░      ░░▒ ░      ░ ░  ░  ░▒ ░ ▒░
 ░ ░  ░  ░ ░  ░  ░░░ ░ ░ ░      ░   ░░          ░     ░░   ░ 
   ░       ░       ░            ░               ░  ░   ░     
 ░       ░                                         ░ by LRVT                  

[i] Performing leak check on apple.com
[i] Finished leak check on apple.com
    > 42 unique user emails found!
    > 1000 unique passwords found!
    
    
$ ls -la  
.rw-r--r-- anon anon 148 B  Thu Oct 20 18:13:04 2022   20102022-1337_DD_apple.com_passwords.lst 
.rw-r--r-- anon anon 122 B  Thu Oct 20 18:13:04 2022   20102022-1337_DD_apple.com_users.lst    
.rw-r--r-- anon anon 08 KB  Thu Oct 20 18:13:04 2022   20102022-1337_DD_apple.com_fulldata.lst
.rw-r--r-- anon anon 04 KB  Thu Oct 20 18:13:44 2022   dehasheddumper.py

l4rm4nd / DehashedDumper