Credentials Harvesting

Email Harvesting

hunter.io

craw emails from all websites

Email pattern:
{f}{last}@tesla.com

Clear Bits (chrome extension + need login)

https://chrome.google.com/webstore/detail/clearbit-connect-free-ver/pmnhcgfcafcnkbengdcanjablaabjplo

phonebook.cz (Reliable)

craw emails , domains and URLs

Google Account Abusing

put username then check if google auto add @gmail to behind username

Click forgot password and it may reveal another email that link to the current email

Github abusing

https://github.com/username
https://github.com/maverickadams

Verify Email Existence

https://tools.emailhippo.com/

https://email-checker.net/

Checking for leaked usernames and passwords

breach-parse

sudo ./breach-parse.sh @tesla.com result.txt "/mnt/breach-parse/BreachCompilation/data"

leakcheck (need login + 15 limit search)

https://leakcheck.io/dashboard

  • 15 limit search

  • only reveal first 4 characters

breachdirectory (No need login + unlimited search)

https://www.breachdirectory.org/

  • sha1 hash

  • reveals first 4 char

Google ID DORKING

![[Pasted image 20230819035629.png]]

PreviousWeb Tech HuntingNextSubdomain Hunting

Last updated

Was this helpful?