Domain Email Breach Scanners

This project is a comprehensive, community-curated directory of resources and methodologies for open-source intelligence gathering. It serves as a centralized reference framework for researchers, providing a structured index of specialized tools, databases, and search techniques used to collect and analyze publicly available information from across the global internet. The directory distinguishes itself through a hierarchical taxonomy that organizes complex investigative domains, ranging from cyber threat intelligence and digital forensic investigation to geospatial analysis and operational security. By leveraging a crowdsourced model, the repository ensures that its collection of investigative tools remains current, with a distributed network of contributors validating links and maintaining the integrity of the resource list. The project covers a broad capability surface, including advanced search operators, reverse image lookup, social network analysis, and domain infrastructure research. It also provides guidance on privacy-focused browsing and anonymity protection to support sensitive research workflows. The entire knowledge base is maintained as a version-controlled markdown repository, offering a portable and searchable index for professionals and researchers conducting deep web investigations or fact-checking tasks.

This project is a comprehensive cybersecurity tool collection designed to support security research, penetration testing, and vulnerability assessment. It functions as a unified penetration testing suite, providing a centralized environment where professionals can access a wide range of offensive security utilities to identify system weaknesses and study attack vectors. The platform distinguishes itself through a modular architecture that aggregates disparate security scripts into a single, hierarchical command-line interface. It simplifies the management of these utilities by integrating external repositories, allowing users to fetch and organize third-party tools directly into a structured local directory. By utilizing a categorized menu system and shell-based process execution, the suite enables efficient navigation and direct invocation of specialized tools for tasks ranging from forensic analysis and reverse engineering to exploit development. The toolkit covers a broad spectrum of security domains, including web and wireless attack vectors, cloud security, payload creation, and social media analysis. It also incorporates automated environment setup to handle the installation of necessary system packages and language runtimes, ensuring compatibility across its diverse collection of utilities.

pwnedOrNot is a search and auditing utility for querying breach metadata and verifying the exposure of email addresses and passwords in public data dumps. It functions as a data breach search engine designed to identify leaked credentials and assess account security. The tool provides capabilities for corporate domain auditing and email compromise detection, allowing for the identification of leaked addresses belonging to specific domains. It includes a password leak detector and the ability to scan public data dumps for plaintext passwords associated with compromised accounts. The system covers breach metadata extraction and security breach analysis, retrieving details such as breach names, dates, and verification status. It further supports account exposure assessments and domain security auditing to determine the scope of security incidents.

This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuristic fingerprinting, which adjusts injection techniques in real-time based on server responses. It supports advanced post-exploitation capabilities, including remote command execution on the underlying host operating system and file system access through database-level vulnerabilities. To navigate restricted environments, the software incorporates out-of-band data exfiltration channels and a middleware pipeline for applying user-defined transformations to bypass security filters and web application firewalls. The suite covers a broad range of operational requirements, including stateful session management, anti-CSRF token handling, and extensive request customization. It supports various target specification methods, such as proxy log analysis and remote API management, while offering granular control over scan performance and detection thresholds. The software is distributed as a command-line application, with configuration management supported through external file loading and command-line arguments.

Holehe is an email account discovery and presence verification tool used for open source intelligence. It scans various social media platforms and web services to identify if a specific email address is linked to an existing account. The tool verifies account existence by utilizing registration and password recovery endpoints without notifying the account owner. It maps digital footprints by checking for the presence of an email across numerous third-party services and extracting available account metadata.

theHarvester is a command-line utility designed for gathering open-source intelligence and mapping an organization's external attack surface. It functions as a security information gathering framework that automates the collection of publicly available data to assist in reconnaissance and threat analysis. The tool utilizes a plugin-based architecture to execute isolated queries against various search engines and public databases. It employs asynchronous task execution to run multiple discovery operations in parallel, while a centralized pipeline aggregates and deduplicates findings from these disparate sources into a unified output. The framework supports the identification of public-facing digital assets, including subdomains, IP addresses, and email addresses. It manages connectivity to third-party intelligence providers through a centralized configuration system that handles authentication keys for external data sources. Raw information retrieved from these services is processed using pattern-matching logic to isolate specific entities from unstructured text.

MediaCrawler is an automated web scraping framework designed to extract public posts, comments, and creator metadata from various social media platforms. It functions as a headless browser automator, utilizing real browser instances to render dynamic content and execute the client-side scripts necessary for interacting with modern web interfaces. The system distinguishes itself through a focus on session persistence and network flexibility. It supports remote debugging to reuse active browser sessions and cookies, which helps minimize the risk of triggering platform security challenges. To maintain stable data collection at scale, the tool integrates proxy-based request routing, allowing users to distribute traffic across external IP services to bypass rate limits and geographic restrictions. The architecture is built for extensibility and modularity, employing a provider pattern that allows developers to integrate new platforms or custom storage backends through standardized interfaces. Users can manage complex scraping workflows via command-line configuration, enabling the definition of specific targets and storage formats—such as JSON, CSV, or various database systems—without modifying the core logic. The project also includes utilities for data visualization, such as generating word clouds from collected comments. Installation requires setting up the necessary runtime environments, including a JavaScript engine for handling complex client-side rendering and the appropriate browser automation drivers.

Gitleaks is a security scanning engine designed to identify hardcoded credentials, API keys, and other sensitive information within version control systems and local file structures. It functions as a static analysis tool that automates the detection of secrets, helping to prevent the accidental exposure of sensitive data during the development lifecycle. The tool distinguishes itself through its ability to perform deep forensic analysis of git history, allowing users to audit entire project timelines or enforce security gates within continuous integration pipelines. It supports complex detection logic through composite rules and provides mechanisms for baseline management, which enables teams to ignore existing findings and focus exclusively on new security risks. By offering pre-commit hook integration and exit-code-based orchestration, it allows for the enforcement of security policies directly within developer workflows and automated build environments. Beyond core scanning, the project provides a broad set of utilities for managing security findings, including support for decoding obfuscated strings, inspecting compressed archives, and filtering results through allowlisting or path exclusions. It facilitates compliance and reporting by exporting structured data, which can be integrated into external dashboards or tracking systems. The tool is built to handle various input sources, including direct file system traversal and standard input streams, ensuring compatibility with diverse development and deployment environments.

OpenChat is a conversational AI agent builder and customer service automation platform that uses large language models to power customer support chatbots across multiple channels. It provides tools for defining AI agent behavior, training on custom knowledge, managing actions, and controlling autopilot responses per channel. The platform enables deploying AI agents on web, phone, email, SMS, and WhatsApp, with a unified inbox for managing conversations across all channels. It includes CRM synchronization, automated workflows, contact segmentation, and analytics for tracking customer satisfaction and recurring issues. Key capabilities include automatic PII redaction, OpenAPI-based action execution, and a dual-purpose knowledge base that simultaneously serves a public help center and trains the AI. Organizations can manage team roles, configure office hours, and integrate with tools like Zapier for event-driven automation. The system also supports phone system integration via SIP, outbound call initiation, and AI-powered email management with custom domains and opt-out handling.

This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data integrity and collaborative growth by utilizing version-controlled knowledge management and template-driven content generation, ensuring that the research remains current and consistent across a wide range of technical domains. The project covers a broad capability surface, including detailed references for web application security, database injection, insecure deserialization, and AI model security testing. It also aggregates external resources, such as research papers and third-party tools, to provide a holistic view of modern threat analysis and defensive research. The documentation is organized as a hierarchical tree of markdown files, designed for easy navigation and reference during active security engagements.

h8mail is an open-source intelligence tool for searching leaked credentials and compromised accounts across remote APIs and local data dumps. It functions as a credential leak hunter and email reconnaissance framework designed to identify exposed passwords and sensitive information using usernames, domains, IP addresses, and email hashes. The tool distinguishes itself through a recursive target expansion system that feeds newly discovered email addresses back into the search queue to broaden the scope of investigations. It also includes a local breach data parser that employs multiprocessing to scan large cleartext and compressed credential files stored on the local filesystem. Broad capabilities cover digital footprint mapping and threat intelligence gathering. The system supports multi-criteria lookups, domain breach scanning, and the extraction of email addresses from web URLs. Findings can be exported in JSON and CSV formats for external analysis, while sensitive output is obfuscated in the terminal to prevent the exposure of full credentials.

This project provides a system-wide content filtering utility that controls network traffic by redirecting domain resolution requests to local null addresses. By mapping unwanted hostnames to these addresses at the operating system level, it effectively blocks connections to advertising, tracking, and malicious domains across all applications on a machine. The core of the system is a data-driven build pipeline that aggregates multiple curated source lists into a single, unified configuration file. This process is highly customizable, allowing users to employ declarative filtering logic through external blacklist and whitelist files to define exactly which domains are included or excluded. The build process is managed via a command-line interface, which supports various flags to control output formats, source selection, and custom domain mappings. Beyond basic aggregation, the project supports diverse deployment scenarios, including containerized environments and integration with local network resolver services. It provides platform-specific utilities to ensure consistent application of these filtering rules, including mechanisms to manage local DNS client services for immediate configuration updates. The resulting output is designed to be environment-agnostic, maintaining compatibility across a wide range of operating systems and network services.

GAM is a command-line tool for administering Google Workspace and Cloud Identity. It translates command-line arguments into structured API calls, enabling administrators to manage users, groups, organizational units, and domain settings across a Google Workspace environment. The tool handles authentication through OAuth2 flows, service accounts, and workload identity federation, and supports multi-tenant configurations for managing multiple domains or cloud projects from a single installation. GAM distinguishes itself through its batch processing and automation capabilities. It can process large datasets from CSV files, Google Sheets, or cloud storage, distributing independent API requests across parallel worker threads for efficient execution. The tool supports template-based string substitution for personalizing content like email signatures, regex-based resource filtering for targeting specific users or files, and external script extensibility for implementing custom workflows beyond the built-in command set. It also provides keyless authentication methods, allowing short-lived tokens from external identity providers to replace static service account keys. The tool covers a broad range of administrative domains including user account lifecycle management, group and membership administration, Drive file and folder operations, calendar event management, Gmail configuration and message handling, Google Classroom course administration, Chrome browser and device policy management, and Google Chat space management. It also includes capabilities for managing Shared Drives, contacts, tasks, forms, Google Meet spaces, and Google Vault matters, holds, and exports. Reporting and auditing features allow extraction of activity logs, usage statistics, and security alerts across workspace services. Documentation is available through a built-in help system that displays the tool version and the path to the local command syntax file, along with a link to the online wiki.

Pi-hole is a self-hosted network utility that functions as a DNS sinkhole server to provide network-wide ad blocking. By acting as a dedicated network gateway, it intercepts and discards requests for known advertising, tracking, and malicious domains across an entire local network, preventing unwanted content from loading on any connected device. The software operates through a lightweight background daemon that handles high volumes of concurrent DNS queries with minimal resource overhead. It utilizes a host-file injection mechanism to redirect traffic toward its local filtering engine and applies regex-based pattern matching to identify and block specific domain requests. Users manage these operations and monitor network traffic statistics through a centralized, web-based configuration interface. Beyond blocking, the project provides tools for comprehensive DNS traffic management and home network security. By resolving domain names locally, it offers increased visibility into outgoing internet traffic and helps optimize network performance by preventing the download of resource-heavy tracking scripts and advertisements.

Amass is a network attack surface mapper and reconnaissance framework designed to discover and map the external, internet-facing infrastructure of a target organization. It functions as an open source intelligence tool that identifies public network boundaries and locates hidden or forgotten subdomains to define an organization's total reachable footprint. The project utilizes passive-source data aggregation from external APIs and public databases alongside active DNS brute-forcing and recursive subdomain expansion. It employs a graph-based asset mapping system to visualize the relationships between discovered domains and IP addresses, supported by a modular plugin system for integrating third-party discovery services. The framework covers broader capabilities including network reconnaissance, public asset discovery, and the preparation of security audits by mapping all reachable entry points. These processes are managed through a concurrent worker pipeline to accelerate the scanning and resolution of large target sets.

Firecrawl is a web data extraction platform designed to convert unstructured web content into clean, LLM-ready formats like markdown or JSON. It functions as an autonomous web crawler and scraper, capable of mapping entire domains, performing recursive navigation, and executing complex data gathering tasks. By leveraging headless browser orchestration, the system handles dynamic, JavaScript-heavy pages to ensure comprehensive data capture. The platform distinguishes itself through its focus on agentic workflows, providing a programmatic interface that allows autonomous agents to perform live web research, interact with pages, and execute multi-step navigation tasks. It supports distributed crawling infrastructure, enabling users to scale data collection across multiple nodes while managing concurrency and long-running jobs through asynchronous queueing. The system also integrates with agentic frameworks via standardized protocols, allowing for seamless connection to AI-powered clients and automated pipelines. Beyond its core extraction capabilities, the project provides a suite of developer tools for site mapping, batch scraping, and web searching. It includes features for stateful session persistence, webhook-based notifications, and configurable crawl depth, allowing for granular control over how information is retrieved and processed. The project offers comprehensive API documentation and SDKs to facilitate integration into backend services and local development environments. Users can deploy the crawling infrastructure within their own private networks or utilize managed cloud services.

Nuclei is a modular security scanning framework designed for automated vulnerability detection and infrastructure reconnaissance. It functions as a template-driven engine that executes security checks across diverse network protocols, allowing users to define custom detection logic to identify vulnerabilities, misconfigurations, and exposed assets. The platform distinguishes itself through its highly extensible architecture, which supports distributed scanning, headless browser automation for dynamic web content, and out-of-band interaction monitoring to detect blind vulnerabilities. It integrates advanced reconnaissance capabilities, including cloud infrastructure assessment, subdomain discovery, and technology fingerprinting, into a unified workflow that can be orchestrated via a command-line interface or programmatic API. Beyond core scanning, the project provides a comprehensive suite of tools for external attack surface management, including asset inventorying, visual evidence capture, and automated ticketing integration. It supports collaborative security operations through team workspaces, centralized template management, and real-time alerting, ensuring that vulnerability findings can be tracked, verified, and remediated within a single environment. The platform is distributed as a command-line utility and supports containerized execution, enabling integration into existing CI/CD pipelines and automated security workflows.

uBlock is a browser-based content blocker that functions as a declarative filtering engine to intercept network requests and modify web page content. It operates by parsing standardized filter lists into optimized data structures, allowing it to block network hosts, enforce security policies, and prevent unauthorized data transmission. The extension provides a comprehensive security layer that monitors outgoing traffic and disables intrusive browser features to enhance user privacy. What distinguishes this project is its granular control over filtering behavior through a dynamic rule orchestrator. Users can manage custom rules, apply site-specific overrides, and toggle filtering settings on a per-domain basis. The engine also employs advanced techniques such as CNAME uncloaking, IP address filtering, and response body modification to identify and neutralize trackers that attempt to bypass standard blocking methods. Furthermore, it supports enterprise-grade deployment, enabling organizations to enforce consistent security and filtering configurations across managed environments. The project covers a broad capability surface including cosmetic page modification, which uses CSS injection and sandboxed scriptlets to remove visual clutter and neutralize anti-blocking scripts. It also provides interactive tools for real-time network traffic inspection and manual element removal, ensuring users can debug and customize their browsing experience. The extension is designed to maintain high performance by synchronizing its initialization at startup, ensuring that all security rules are active before any network requests are processed.

This project is an open-source intelligence reconnaissance framework and recursive attack surface mapper. It functions as a containerized security scanner designed to map public-facing infrastructure, perform subdomain enumeration, and automate the gathering of open-source intelligence. The system employs a recursive discovery engine to iteratively explore target infrastructure, utilizing a plugin-based module architecture to extend scanning capabilities. It integrates third-party APIs for data enrichment and applies YARA rules across discovered assets to identify specific vulnerability patterns. The framework covers a broad range of reconnaissance activities, including web application scanning, email address enumeration, and public infrastructure mapping. It maintains a state-persistent asset inventory and provides capabilities for web screenshot capture, parameter extraction, and real-time event streaming. Data is managed through an event-driven pipeline that supports external data export to databases and logging platforms, as well as notification delivery via webhooks to chat platforms.

This project is a command-line tool that automates the entire lifecycle of security certificates using standard domain validation protocols. It functions as a background service to manage the issuance, renewal, and installation of certificates, ensuring that encrypted web traffic remains active without requiring manual intervention. The tool distinguishes itself through extensive support for automated domain ownership verification, including the ability to issue wildcard certificates by programmatically interacting with external domain name system providers. It provides flexible validation options, such as using a temporary, ephemeral web server to handle challenges in isolated environments, which allows for certificate generation without needing an existing web server or active website. Beyond issuance, the system includes robust deployment capabilities that integrate directly with server environments. Through customizable hooks, it can automatically update server configuration files and reload services to apply new cryptographic assets immediately upon renewal. The software is built as a modular collection of POSIX-compliant scripts that leverage standard system utilities and support various cryptographic key types to meet diverse security requirements.