pwndb script

4 files changed, 88 insertions, 2 deletions

diff --git a/.gitattributes b/.gitattributes
deleted file mode 100644
index dfe0770..0000000
--- a/.gitattributes
+++ /dev/null
@@ -1,2 +0,0 @@
-# Auto detect text files and perform LF normalization
-* text=auto
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..17d6e05
--- /dev/null
+++ b/README.md
@@ -0,0 +1,14 @@
+## **pwndb - Get Mail Credentials**
+Search for leaked passwords from an email
+
+### Prerequisities
+To use in Linux (Kali/Ubuntu/Debian) you should to run make script:
+```
+chmod +x make.sh
+./make.sh
+```
+
+### Usage
+```[python]
+python3 pwndb_credentials.py -m mail@mail.com [-p socks5h://localhost:9050]
+```
diff --git a/make.sh b/make.sh
new file mode 100644
index 0000000..a005bd9
--- /dev/null
+++ b/make.sh
@@ -0,0 +1,3 @@
+sudo apt-get install tor
+sudo /etc/init.d/tor start
+sudo python3 -m pip install PySocks
diff --git a/pwndb_credentials.py b/pwndb_credentials.py
new file mode 100644
index 0000000..8fa6896
--- /dev/null
+++ b/pwndb_credentials.py
@@ -0,0 +1,71 @@
+import requests
+from bs4 import BeautifulSoup
+import argparse
+import re
+
+
+class FindPasswords():
+    def __init__(self, mail, proxy):
+        self.url = "http://pwndb2am4tzkvold.onion/"
+        name, service = self.__parse_mail(mail)
+        self.session = None
+        if name and service:
+            self.data = {
+                    "domain":	service,
+                    "domainopr":	"0",
+                    "luser":	name,
+                    "luseropr":	"0",
+                    "submitform":	"em"
+                }
+            self.session = requests.session()
+            self.session.proxie = {}
+            #TOR PROXY
+            self.session.proxies['http'] = proxy
+            self.session.proxies['https'] = proxy
+        
+    def __parse_mail(self, mail):
+        name = None
+        service = None
+        try:
+            split_mail = mail.split("@")
+            name = split_mail[0]
+            service = split_mail[1]
+        except:
+            pass
+        return name, service
+
+    def request_data(self):
+        result = []
+        if self.session is None:
+            return []
+        try:
+            response = self.session.post(self.url, data=self.data, timeout=5)
+            soup = soup = BeautifulSoup(response.text, features="html.parser")
+            passwords = soup.find("pre").get_text()
+            if passwords:
+                i = 0
+                for line in passwords.split("\n"):
+                    if "[password]" in line:
+                        result.append(line.split("=> ")[1])
+        except Exception as e:
+            print(e)
+
+        return result
+    
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser()
+    parser.add_argument("-m", "--mail", help="Email to search passwords", required=True)
+    parser.add_argument("-p", "--proxy", help="TOR proxy", default="socks5h://localhost:9050")
+    args = parser.parse_args()
+    mail = args.mail
+    proxy = args.proxy
+    match = re.match(
+        '^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$', mail)
+    if match:
+        print(f"Looking passwords for {mail}")
+        passwords = FindPasswords(mail, proxy)
+        data = passwords.request_data()
+        print("--------- Passwords list --------")
+        print(data)
+    else:
+        print("Please enter a valid mail")
\ No newline at end of file