Breach-Parse Basics

Breach-Parse Basics | Terence Martin

Open-source intelligence gathering, or OSINT, can be a threat to organizations because it can be used to gather information about their employees, assets, and vulnerabilities. This information can then be used to launch targeted scanning against discovered infrastructure or launch password attacks and social engineering campaigns against the organization. In this blog series, I will examine some tools that attackers can use to gather information about an organization.

The first tool that I’d like to review is Breach-Parse, which can be used to search a database of breaches to locate compromised usernames and passwords.

To run Breach-Parse, you only need to specify the target domain and a text file to output.

Figure 1: Running Breach-Parse

Once the script is finished, three files are saved as the output: the “master” file, which contains both usernames and passwords, the “users” file, which contains usernames only, and the “passwords” file, which contains passwords only. Each of these datasets can be useful, as I’ll examine below.

Figure 2: Breach-Parse Files

The “master” file, which contains both parts of the credential pair:

Figure 3: Username / Password Pairs

It’s unlikely that any of these credential pairs are recent enough to work, as it’s unclear when the catalogued breaches occurred. However, examining this list can help identify users who may be may not practice good password hygiene, and who can then be attacked using a dictionary attack. In addition, these passwords can be used to build a password dictionary for future attacks.

Figure 4: Incrementing Digits Example

In this image, the top two users are possibly incrementing the digits on the ends of the password. It is possible that by continuing to increment the number, an attacker could compromise that account. The third account appears to be using a date. If that user continues to use dates as passwords, researching that user could revel other relevant dates, leading to a compromise.

The “users” file can be used for phishing attacks, as it is an easily accessible list of email addresses associated with the domain or for discovering usernames for other login portals.

Figure 5: Users File

Finally, using the “passwords” file can help identify commonly used or default passwords, and can result in the compromise of accounts that have not changed passwords since being created.

Figure 6: Passwords File

If you’d like to check your organization’s data that is contained in Breach-Parse, installation instructions can be found at the GitHub link above. One wrinkle worth mentioning is that downloading the magnet: link for the breach database requires a BitTorrent client.

If you’d like a demonstration on how to install or use this tool, please let us know.

Share this post
Cybersecurity
Cybersecurity
Compliance

IT/OT Convergence | What we can learn from Healthcare

Kevin Thomas
March 22, 2024
Cybersecurity

RESponDER | The tool that won't die

March 20, 2024
Cybersecurity
TechAdvantage24

TechAdvantage 2024

Slade Griffin
February 27, 2024
Cybersecurity

Why are you asking to be whitelisted?

Slade Griffin
February 9, 2024
Cybersecurity

SMB | The Pentester's Best Friend

December 18, 2023
Cybersecurity

The Contextual Security Solutions Company “Pen Set”

Kevin Thomas
December 8, 2023
Cybersecurity

Breach-Parse Basics

November 1, 2023

Get an Actionable Blueprint for Your Compliance & Cyber Security

Schedule a Discovery Call