Identify email owners by their password and PGP key

Today I will talk about the sources that I use to identify users by their password and PGP key.

There are several resources on the web that allow you to search for related nicknames and email addresses using leaked passwords:

https://leak-lookup.com/

https://leakpeek.com/

https://breachdirectory.org

/passwords.html

https://eyeofgod.global/

https://leakcheck.io/

https://github.com/jdiazmx/karma/tree/dd49cace6f68772397

a66b04860c10a93f4eb505

http://xjypo5vzgmo7jca6b322dnqbsdnp3amd24ybx26x5nxbusccjkm4pwid.onion/

Next, we learn to identify the user’s mail by its public PGP encryption key. And you didn’t know, go, that it’s possible?

Let’s start with the simplest. So, there are services in the network ( https://www.google.com/search?q=list+of+public+pgp+keyservers ,) on which public PGP keys are laid out.

I personally found peegeepee (https://peegeepee.com/) and keybase (https://keybase.io/) to be the most pleasant services. The data is partially hidden there, but when it scared us.

To extract an email address from a PGP key, we will use the two built-in Linux commands curl and gpg to download and extract the key of interest. Curl is built into Linux and Mac OS by default. For Windows, there is GPG4Win (https://www.gpg4win.org/) which will allow you to download and import PGP keys

Retrieve the full PGP public key:

$ curl https://peegeepee.com/******.asc

We read the data of the full PGP key (including the username and his email):

$ curl https://d.peegeepee.com/******.asc | gpg

REFERENCE: https://medium.com/@ibederov_en

Posted by: @ESPYER

Facebook
Twitter
LinkedIn
5 social monitoring tools great for OSINT

5 Social Media Monitoring Tools

In this article we’ll talk about the following social monitoring tools:
Hootsuite, Brand24, Mention, Sprout Social, Synthesio.
For each of these we’ll know the main benefits of using it, as well as reason to chose another tool, based on your needs! Here goes 🙂

Read More »
OSINT Investigating questions

OSINT for Businesses: A Guide to Conducting Due Diligence and Intelligence Investigations

In this article, we’ll explore how businesses can use OSINT techniques to gather information and conduct due diligence and intelligence investigations.

Open-source intelligence (OSINT) is the process of gathering information from publicly available sources to support decision-making and informed action.

For businesses, OSINT can be a valuable tool for conducting due diligence and intelligence investigations, providing a wealth of information on potential partners, competitors, and threats.
However, with the increasing use of artificial intelligence (AI) in online investigations, it’s important to know how to gather information while avoiding detection.

Read More »

ProfileNINJA

A Revolutionary API to Check If Your Personal Information is Compromised.
Are you tired of constantly worrying about your personal information being compromised? Well, let me introduce you to ProfileNINJA, a one-of-a-kind API service listed on the RapidAPI marketplace.

ProfileNINJA takes the hassle out of checking if your personal information has been leaked by searching through databases linked to popular social media platforms like Twitter, Facebook, VK, Instagram, Telegram, and LinkedIn.

Read More »

People Data Lookup API

People Data Lookup API on RapidAPI is a service that allows users to search and retrieve information about individuals using phone number, email address, password, or full name. The API offers accurate and updated information that can be used for various purposes such as fraud detection, verification, and customer engagement. The service is accessible through RapidAPI, a platform that connects developers with over 16,000 APIs.

Read More »

SCAN FOR WEBCAMS WORLDWIDE

With Shodan Exploit, you will have all your calls on your terminal. It also allows you to make detailed searches.
All you have to do without running Shodansploiti is to add shodan api.

Read More »