Background
I decided to make an API for my bot TrashPanda which searches different paste sites for leaked data. The API itself gives access to the information the bot detected. I did this for personal research reasons. Jake Creps approached me and asked if it would be possible for him to access the API for his own researches. As he has a really good reputation inside the OSINT community and is a respectable and responsible researcher who would not abuse leak data, I decided to granted him access under certain rules. I may grant access to other persons, if I am sure they will not abuse the information and only use it to help the OSINT/INFOSEC community. I will never grant access just for the lols or anything even worse.
Statistical Data
Want to get an idea how the data looks like? Visit the statistical page of the API.
http://stats.got-hacked.wtf:6780/
Need Access?
I will not publish the API for everyone. It is to likely that somebody will abuse the data and may commit a crime with it. The only way to get access is to convince me that you are a reasonable researcher that provides a benefit for the OSINT/INFOSEC community or helps to fight crime. The goal is to make the internet a little bit more secure. So I encourage every white hat researcher or law enforcement agency to approach me and help to reach this nearly unreachable goal.
Rules
Once you gained access there are some rules.
- First of all: NO ABUSE
- You are only allowed to use the information for research purposes to help the OSINT/INFOSEC community to make the internet a safer place
- Account sharing is not allowed
- Use the API to perform your research and publish the results. But do not publish any plain data you got from the API
- If you publish results of your research do not forget me. Please say where you got the data from 🙂
Violating one of the rules results in an account ban.
Am I Pwned?!
If you just wanna know if your email address got pwned you can use TrashSearch. This Python script allows you to search for your email/domain or password and tells you if it was identified by the TrashPanda OSINT bot on a paste site. To avoid abuse the email/domain search does not disclose passwords and the password search does not disclose the corresponding email/domain.