This script will cross reference valid usernames/emails with credentials obtained from past breaches.
{% embed url="https://github.com/hmaverickadams/breach-parse" %}
Syntax Usage:
./breach-parse.sh @tesla.com tesla.txt
Extracting usernames...
Extracting passwords...
- With the information that we obtain from this script, we can execute a Credential Stuffing attack against the login form on Tesla's site.
Credential Stuffing is when you KNOW the password is valid for one or more accounts.
Password Spraying is more of a brute force and "blind fire" method where you run valid accounts against a large wordlist of possible passwords.
- We can search my email, username, IP, name, address, phone, VIN, or even domain
- Should we consider buying this for a week? -- $5