A credential breach and data leak detection tool for professional investigators and security researchers.
SneakLeak checks multiple breach databases to identify compromised credentials and data leaks. It helps investigators determine if email addresses, usernames, or passwords have been exposed in known data breaches.
- Multi-source breach aggregation - Search 4+ databases simultaneously
- OSINTCabal Breach Bot integration - Access comprehensive Telegram-based breach data
- Automatic query type detection (email, username, phone, etc.)
- Smart deduplication across APIs
- Dynamic field display (shows ALL available data)
- Password breach checking with k-anonymity
- JSON export for further analysis
- Beautiful ASCII art interface
- Comprehensive result formatting
This tool integrates with the following breach databases:
-
OSINTCabal Breach Bot (Telegram) - Comprehensive breach search via Telegram
- Sign up required: https://t.me/Cabal_Breach_bot?start=Et18TP4
- Access via Telegram bot interface
- API endpoint: https://leakosintapi.com/
- Supports: email, phone, domain, username, name, IP
- Note: You must register through the Telegram bot to get API access
-
Breach Directory - Public breach database
- API Documentation: https://breachdirectory.com/
- Sign up: https://breachdirectory.com/
- Supports: email, domain, username, IP, name
- Free tier available
-
Have I Been Pwned (HIBP) - Email breach database
- API Documentation: https://haveibeenpwned.com/API/v3
- Get API Key: https://haveibeenpwned.com/API/Key
- Paid API ($3.50/month)
- Supports: email only
-
Have I Been Pwned - Pwned Passwords - Password breach checking
- API Documentation: https://haveibeenpwned.com/API/v3#PwnedPasswords
- No API key required (uses k-anonymity)
- Free
-
LeakInsight (via RapidAPI) - Multi-source breach aggregator
- API Documentation: https://rapidapi.com/
- Sign up: https://rapidapi.com/
- Supports: email, phone, domain, username, name, IP, hash, password
- Paid service with free tier
- Python 3.7 or higher
- pip package manager
- Clone the repository:
git clone https://github.com/yourusername/sneakleak.git
cd sneakleak- Install dependencies:
pip install -r requirements.txt- Configure API keys:
Edit sneakleak.py and replace the placeholder values with your actual API keys:
'breach_bot': {
'key': 'YOUR_BREACH_BOT_API_KEY_HERE', # Get from OSINTCabal Breach BotGetting API Keys:
- OSINTCabal Breach Bot: Visit https://t.me/Cabal_Breach_bot?start=Et18TP4 and register through Telegram
- Breach Directory: Sign up at https://breachdirectory.com/
- HIBP: Purchase API key at https://haveibeenpwned.com/API/Key ($3.50/month)
- LeakInsight: Sign up at https://rapidapi.com/ and subscribe to LeakInsight API
Check an email across all databases:
python sneakleak.py user@example.comOnly check Have I Been Pwned:
python sneakleak.py user@example.com -c hibpCheck if a password has been compromised:
python sneakleak.py user@example.com -c password -p "MyPassword123"Note: Password checking uses k-anonymity and never sends your full password to the API.
Output results to JSON file:
python sneakleak.py user@example.com -o results.jsonusage: sneakleak.py [-h] [-c {hibp,dehashed,leakcheck,password,all} [...]] [-p PASSWORD] [-o OUTPUT] email
positional arguments:
email Target email address to check
optional arguments:
-h, --help show this help message and exit
-c, --checks Checks to perform (default: all)
-p, --password Password to check against breach databases
-o, --output OUTPUT Output file for JSON results
python sneakleak.py john.doe@example.compython sneakleak.py john.doe@example.com -p "SecretPassword" -c hibp passwordpython sneakleak.py investigate@target.com -o breach_report.jsonpython sneakleak.py user@domain.com -c hibp leakcheckResults are provided in JSON format:
{
"target": "user@example.com",
"timestamp": "2025-01-11T12:00:00",
"checks": {
"hibp_email": {
"breaches_found": 3,
"breaches": [
{
"name": "Adobe",
"breach_date": "2013-10-04",
"pwn_count": 152445165,
"data_classes": ["Email addresses", "Passwords"]
}
]
},
"hibp_password": {
"password_compromised": true,
"times_seen": 47205,
"recommendation": "CRITICAL: Change this password immediately"
}
}
}SneakLeak uses the k-anonymity model for password checking:
- Only the first 5 characters of the SHA-1 hash are sent to the API
- Your full password is NEVER transmitted
- The API returns all hashes matching the prefix
- Local matching determines if your password was breached
This ensures your password remains private while checking against millions of known breached passwords.
IMPORTANT: This tool is intended for legitimate security research and investigations only. Users must:
- Have proper authorization before investigating individuals
- Comply with all applicable laws and regulations
- Respect API terms of service
- Use responsibly and ethically
- Only investigate targets you have legal authority to investigate
- Not use discovered credentials for unauthorized access
The author is not responsible for misuse of this tool.
Be aware of rate limits for each service:
- HIBP: Rate limiting applies (check API documentation)
- Dehashed: Rate limits based on subscription tier
- LeakCheck: Rate limits based on subscription tier
MIT License - See LICENSE file for details
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Create a Pull Request
For issues and questions:
- Open an issue on GitHub
- Check existing issues for solutions
This tool is provided "as-is" without warranty. Use at your own risk. Always ensure you have proper authorization before conducting investigations. Accessing accounts with discovered credentials without authorization is illegal.
Created for professional OSINT investigators and security researchers.
- Initial release
- HIBP email and password checking
- Dehashed integration
- LeakCheck integration
- JSON output support
- K-anonymity password checking