PwnBin is a webcrawler or Pastebin search tool which searches public pastebins for specified keywords. All pastes are then returned after sending completion signal CTRL+C
.
Apart from being a great tool for developers, Pastebins are often used by hackers to leak stolen credentials or d0x people. This tool can help you search pastebins for your API keys, SSH keys, tokens and anything else sensitive to check for leaks.
What is a Pastebin?
A pastebin is a type of web application where users can store plain text. They are most commonly used to share short source code snippets for code review via Internet Relay Chat. The first pastebin was located at pastebin.com. Other sites with the same functionality have appeared, and several open-source pastebin scripts are available. Many pastebins allow commenting where readers can post feedback directly on the page. GitHub Gists are a type of pastebin with version control.
Since pastebins are relatively simple to implement, writing a pastebin web-application is regarded as a good exercise for programmers. Representative pastebins now exist for many programming languages, including Lisp, PHP, Perl and Python.
There are other tools that can help with this and similar tasks like – Scumblr by Netflix – Automatically Scan For Leaks.
Pwbin – Pastebin Search Tool Features
- Currently only supports Pastebin.com
- Searches by default for:
- SSH Credentials
- Passwords
- API Keys
- Tokens
Usage for PwnBin Pastebin Search
Basic command:
1 |
python pwnbin.py -k ,"example substring",..... -o |
Both the keyword and outputfile arguments are optional and default to
1 2 |
-k ssh,pass,key,token -o log.txt |
Optional commands:
1 2 3 4 |
-a, Append to file instead of overwriting file. -t <time>, Run for time in seconds. -n , Run for number of pastes. -m , Run for number of matches.</time> |
You can download PwnBin for Pastebin search here:
Or read more here.