I’ve been playing around with dehashed.com and it’s a great tool. Can search pretty much any identifier and can wildcard so really good for #RedTeam recon as well as straight up #OSINT investigation 1/n
It only brings back 5 results per page so is actually pretty difficult to just trawl results for something juicy. I wildcarded a few fairly large corporate UK domains and consistently got 2-3k results. That’s a lot of clicking to get through all of them 2/n
So it’s probably not quite the privacy nightmare I thought it might be even with the wildcard function and increased number of search parameters. From my limited testing I t looks like it has the same data sets as haveibeenpwned etc 3/n
But dehashed.com gives which breach the creds appeared in too. I haven’t found any from the more *sensitive* breaches so I don’t know if they’re redacted. I paid around $2.50 for a week and all in all I think it’s well worth the money 4/5
But I’d really like to get into the API and see what we could get out - I think this would potentially be awesome for the pentesting crowd. 5/5
• • •
Missing some Tweet in this thread? You can try to
force a refresh