Unofficial Dehashed.com API Query Tool. Dehashed.com has been invaluable to me for external and internal penetration tests.
Clone the repository:
git clone https://github.com/RackunSec/qdehashed.gitInstall the requirements:
cd qdehashed
python3 -m pip install -r requirements.txtUpdate the main app to include your email address and API token:
16: full_query={
17: "api_auth":("<EMAIL>","<API TOKEN>"),Run the application with your search type.
python3 qdehashed.py --type email --query someone@example.com
. ___ * . __ . * __ . __ *
/ _ \___ / / *__ __*_/ / ___*___/ / .
* / // / -_) _ \/ _ `(_-</ _ \/ -_) _ /
/____/\__/_//_/\_,_/___/_//_/\__/\_,_/ *
. API QUERY TOOL version: 0.5.19.0a
✔ Dehashed API token balance: 56
✔ Total entries discovered: 1010
✔ API server sesponse time: 163µs
id,email,ip_address,username,password,hashed_password,name,vin,address,phone,database_name
... [REDACTED] ...You can also do light password statistics analysis using qdehashed:
python3 analysis.py (/PATH/TO/QDEHASHED/OUTPUT.CSV)
*** QDehashed Password Analysis Tool ***
[i] Analysis for file: /PATH/TO/QDEHASHED/OUTPUT.CSV
[i] Top Ten passwords used:
+=====================================+
[13] password123
[13] MYpassword123#
[10] LetMeIn@2022
[6] Winter2022!
[4] Summer2022!
[3] Spring@2020
[3] P@55w0rd@123
[3] SuperS3cr3tPasswd!
[3] 123456
[2] password