Ekultek / WhatBreach

OSINT tool to find breached emails, databases, pastes, and relevant information
1.17k stars 171 forks source link

Receiving False Negatives #1

Closed cam-barts closed 5 years ago

cam-barts commented 5 years ago

The first time I ran the tool, it was against my own email address that I was aware had been involved in breaches. Then a I ran against a list of email addresses, it retrieved results for the first couple, and then said no results for the rest, even for known breached accounts. I then ran it against my own email again, and it said there was no results.

Ekultek commented 5 years ago

Hi, sorry for the late reply. Do me a favor, run rm -rf ~/.whatbreach_home add your email to the list and run the program again, post all the terminal output here. (Obviously hide the emails). Thank you!

cam-barts commented 5 years ago

No worries, I think your reply was very timely. The first time I ran it was on Windows. There was no file or directory called .whatbreach_home anywhere.

This is a fresh install on Ubuntu. The email address is mine, and is known to have been breached.

unbreached

Ekultek commented 5 years ago
python whatbreach.py -e "camerond.barts@gmail.com"

 __    __  __ __   ____  ______  ____   ____     ___   ____    __  __ __  _____ 
|  |__|  ||  |  | /    ||      ||    \ |    \   /  _] /    |  /  ]|  |  |/     |
|  |  |  ||  |  ||  o  ||      ||  o  )|  D  ) /  [_ |  o  | /  / |  |  ||  Y  |
|  |  |  ||  _  ||     ||_|  |_||     ||    / |    _]|     |/  /  |  _  ||__|  |
|  `  '  ||  |  ||  _  |  |  |  |  O  ||    \ |   [_ |  _  /   \_ |  |  |   |__|
 \      / |  |  ||  |  |  |  |  |     ||  .  \|     ||  |  \     ||  |  |    __ 
  \_/\_/  |__|__||__|__|  |__|  |_____||__|\_||_____||__|__|\____||__|__|   |__| v0.0.1

[ i ] starting search on single email address: camerond.barts@gmail.com
[ i ] searching breached accounts on HIBP related to: camerond.barts@gmail.com
[ i ] searching for paste dumps on HIBP related to: camerond.barts@gmail.com
[ i ] found a total of 3 database breach(es) pertaining to: camerond.barts@gmail.com
-------------------------------------------------------------------------
Breached Site:       | Database Link:
Bitly                | https://www.dehashed.com/search?query=Bitly
Edmodo               | https://www.dehashed.com/search?query=Edmodo
MyFitnessPal         | https://www.dehashed.com/search?query=MyFitnessPal
-------------------------------------------------------------------------
Ekultek commented 5 years ago
python --version
Python 3.7.3
(venv) admin@TBG-Hades:~/whatbreach$ python whatbreach.py -e "camerond.barts@gmail.com"

 __    __  __ __   ____  ______  ____   ____     ___   ____    __  __ __  _____ 
|  |__|  ||  |  | /    ||      ||    \ |    \   /  _] /    |  /  ]|  |  |/     |
|  |  |  ||  |  ||  o  ||      ||  o  )|  D  ) /  [_ |  o  | /  / |  |  ||  Y  |
|  |  |  ||  _  ||     ||_|  |_||     ||    / |    _]|     |/  /  |  _  ||__|  |
|  `  '  ||  |  ||  _  |  |  |  |  O  ||    \ |   [_ |  _  /   \_ |  |  |   |__|
 \      / |  |  ||  |  |  |  |  |     ||  .  \|     ||  |  \     ||  |  |    __ 
  \_/\_/  |__|__||__|__|  |__|  |_____||__|\_||_____||__|__|\____||__|__|   |__| v0.0.1

[ i ] starting search on single email address: camerond.barts@gmail.com
[ i ] searching breached accounts on HIBP related to: camerond.barts@gmail.com
[ i ] searching for paste dumps on HIBP related to: camerond.barts@gmail.com
[ i ] found a total of 3 database breach(es) pertaining to: camerond.barts@gmail.com
-------------------------------------------------------------------------
Breached Site:       | Database Link:
Bitly                | https://www.dehashed.com/search?query=Bitly
Edmodo               | https://www.dehashed.com/search?query=Edmodo
MyFitnessPal         | https://www.dehashed.com/search?query=MyFitnessPal
-------------------------------------------------------------------------
(venv) admin@TBG-Hades:~/whatbreach$ 
Ekultek commented 5 years ago

Have you checked your network?

Ekultek commented 5 years ago

ping?

cam-barts commented 5 years ago

Looked at it again this morning. I ran it and it gave me the dumps for my email address, so I ran it against the file and it gave me results for 16 emails, and then the rest none. Afterwards I ran it again against my own email and it gave me no result. Maybe since I am at work, they are throttling my outgoing requests after a certain point, or the apis are throttling my incoming requests. I'll try again later on my home network and see if I get the same result. Will keep updated.

Ekultek commented 5 years ago

I do know that hibp throttles the requests if too many come at once

On Apr 23, 2019, at 10:40 AM, Cam notifications@github.com wrote:

Looked at it again this morning. I ran it and it gave me the dumps for my email address, so I ran it against the file and it gave me results for 16 emails, and then the rest none. Afterwards I ran it again against my own email and it gave me no result. Maybe since I am at work, they are throttling my outgoing requests after a certain point, or the apis are throttling my incoming requests. I'll try again later on my home network and see if I get the same result. Will keep updated.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

cam-barts commented 5 years ago

I can submit a pr for logic to handle to respective rate limits when I get home if I find that's the issue.

cam-barts commented 5 years ago

After investigation, the requests are hitting the HIBP rate limit. I can submit pr to handle rate limit appropriately.