Today I will talk about the sources that I use to identify users by their password and PGP key.
There are several resources on the web that allow you to search for related nicknames and email addresses using leaked passwords:
https://leak-lookup.com/
https://leakpeek.com/
https://breachdirectory.org
/passwords.html
https://eyeofgod.global/
https://leakcheck.io/
https://github.com/jdiazmx/karma/tree/dd49cace6f68772397
a66b04860c10a93f4eb505
http://xjypo5vzgmo7jca6b322dnqbsdnp3amd24ybx26x5nxbusccjkm4pwid.onion/
Next, we learn to identify the user’s mail by its public PGP encryption key. And you didn’t know, go, that it’s possible?
Let’s start with the simplest. So, there are services in the network ( https://www.google.com/search?q=list+of+public+pgp+keyservers ,) on which public PGP keys are laid out.
I personally found peegeepee (https://peegeepee.com/) and keybase (https://keybase.io/) to be the most pleasant services. The data is partially hidden there, but when it scared us.
To extract an email address from a PGP key, we will use the two built-in Linux commands curl and gpg to download and extract the key of interest. Curl is built into Linux and Mac OS by default. For Windows, there is GPG4Win (https://www.gpg4win.org/) which will allow you to download and import PGP keys
Retrieve the full PGP public key:
$ curl https://peegeepee.com/******.asc
We read the data of the full PGP key (including the username and his email):
$ curl https://d.peegeepee.com/******.asc | gpg
REFERENCE: https://medium.com/@ibederov_en
Posted by: @ESPYER
