Searching the TrashPanda OSINT bot API to check if your email/domain or password was leaked.
$ python3 TrashSearch.py -h
MMMMMMMMMMMMMMMMMMMMMMMMNKXNWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWNXKNMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMNo..';cxXMMMMMMMMMMMMMMMMMMMMMMMMMMMWKdc;'..lNMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMK, ;0XXWMMMWNXK0XNWX0KXNWMMMMNNk' '0MMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMO. .xo,dkoc;'dkocccdkoc',:okxcko .kMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMM0' .ox' .:k: .OMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMX: ;KMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMk. .xWMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMWx. .dWMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMM0' .. .OMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMx. ... ... dWMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMNl .':oxO0K0Oko, 'lxO0K0Okoc,. cNMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMNkd0NMMMMMWXNWMNo. .lXMWNXWMMMMMN0dxNMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMXo';xNMK, '0MWk;'lXMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMXo;xXWWx. .dWWXx;lXMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWNWMWO, .:llc. .kWMWNWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNd. :KWWXc .dXMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMN0o, ....cxxl.... 'oONWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMXkxxdl:'. .......... .':lodxkXMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMXd' 'oXMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMXkc' .:xXWMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMWWWWWWWWWNKkoc,.. ..,:okKNWWWWWWWWWMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMWWNXK00OOkkxxddooollllccc:;,,,,,,,,,,,,,,,,;:ccclllloooddxxkkOO0KKXNWMMMMMMMMMMMM
MMMMMMMMMMMMMMMWWWWWWNNNNNNXXXXXXXXKKKKKKKKKKKKKKKKKKKKKKKXXXXXXXXXNNNNNNWWWWWWMMMMMMMMMMMMMM
usage: TrashSearch.py [-h] [-m MODE] -v VALUE [-w] [-s SOURCES]
Searching the TrashPanda OSINT bot API to check if your email/domain or
password was leaked. To avoid abuse (when running as anonymous user) the
email/domain search does not disclose passwords and the password search does
not disclose the corresponding email/domain.
optional arguments:
-h, --help show this help message and exit
-m MODE, --mode MODE Select mode [0 = email/domain search, 1 = password
search] default = 0
-v VALUE, --value VALUE
email/domain or password to check for leaks
-w, --wildcard Enables wildcard mode when searching a domain. Adds a
wildcard in front of the target domain (e.g.:
*example.com) to also check for subdomains.
-s SOURCES, --sources SOURCES
Data sources to search [g = ghostbin.co, p =
pastebin.com, z = 0paste.com]. You can combine
sources. example: '-s gz'. default = gpz
example usage: python3 TrashSearch.py -v [email protected] -s gz
This tool tells you if your email/domain or password was identified by the TrashPanda OSINT bot.
The tool works out of the box with anonymous credentials provided inside the auth.conf file. To avoid abuse the anonymous email/domain search does not disclose passwords and the password search does not disclose the corresponding email/domain.
auth.conf:
username=anonymous
password=Uh324)nwh64AL
If you are a whitehat researcher and I granted you access to the TrashPanda API, you can subsitute the anonymous credentials inside auth.conf with your login information to get raw leak data when using this tool.
You are a whitehat researcher but I did not grant you access to the TrashPanda API so far? Visit https://got-hacked.wtf/ for more information
- m: mode to use [0 = email/domain search, 1 = password search]
- v: depends on the mode what kind of value is expected here. Mode 0 expects an email/domain and mode 1 expects a password.
- w: enables wildcard search when combined with a domain search. Adds a wildcard in front of the target domain (e.g.: *example.com).
- s: data sources to search [g = ghostbin.co, p = pastebin.com, z = 0paste.com]. You can combine data sources.
Lookup if [email protected] got pwned and published on ghostbin.co or 0paste.com
python3 TrashSearch.py -v [email protected] -s gz
Lookup if accounts from the domain example.com got pwned and published on ghostbin.co, 0paste.com or pastebin.com
python3 TrashSearch.py -v example.com
Lookup if accounts from the domain example.com and all its subdomains got pwned and published on ghostbin.co, 0paste.com or pastebin.com
python3 TrashSearch.py -v example.com -w
Lookup if the password 123456 was published in credential leaks on ghostbin.co, 0paste.com or pastebin.com
python3 TrashSearch.py -m 1 -v 123456