What is this?

This is a script that can be used in conjunction with dehashed.com. Dehashed allows anyone who has an API key to query their API for credentials that may exist within a breach database. This script simply uses the dehashed API and sorts the information returned. Currently the script does the following

  • Filters the results in the format of
    • Raw dehashed data formatted with into json with JQ
      "id": "8912739811",
      "email": "example@testdomain.com",
      "ip_address": "0.0.0.0",
      "username": "exampleusername",
      "password": "thisistheplaintextpassword123",
      "hashed_password": "16652e4c27058396b37c026d1bd419a830b20e6a",
      "name": "John Smith",
      "vin": "5YJSA1DG9DFP14705",
      "address": "123 main street",
      "phone": "123-123-1234",
      "database_name": "MyFitnessPal"
    
  • email:password
    • example@testdomain.com:Pa$$word123
  • email:hashedpassword
    • example@testdomain.com:8a5d97b76a1ca8965518b0f94787cdd0

How do I use it?

To use the script, you need a dehashed account and API Key. Next, install JQ

Debian

sudo apt-get install JQ

Then all you need to do is clone this repository and use the following command to query dehashed.

./dehashQuery.sh -l dehashedaccount -k <APIKEY> -s example.com 

This will search the dehashed database for any accounts associated with example.com

Contact me

Twitter: @grahamhelton3

LinkedIn: Graham Helton

Discord Server: https://discord.gg/byCmSHgdZR