Steamer - Import, Search, and Manage Public Password Breach Data
Import, manage, search public dumps.
Do you have massive amounts of CSV, .sql, .txt, that have credentials, passwords, and hashes inside? Use Steamer to manage them! Load them into a MongoDB database, and either uses the console directly or just use the handy web interface (complete with JSON export).
Install
- Install Go and MongoDB.
go get gopkg.in/mgo.v2 && go get github.com/gorilla/mux
go run ./importers/adobe.go
- In the mongo console, create indexes as:
- memberid: hashed
- breach: 1
- email: 1
- liame: 1
- passwordhash: 1
mongo
use steamer
db.dumps.createIndex( { memberid: "hashed"}, { background: true} )
db.dumps.createIndex( { breach: 1}, { background: true} )
db.dumps.createIndex( { email: 1}, { background: true} )
db.dumps.createIndex( { liame: 1}, { background: true} )
db.dumps.createIndex( { passwordhash: 1}, { background: true} )
Running Steamer
If you're smart, you'll consider running nginx in front of go, but we're lazy, so really just run:
go run ./steamer.go
.Write an importer
Copy the
importers/importer-template.go
file as appropriate. Fill it in with relevant code. See the other importers for examples. That template is threaded and designed for CSVs. See ./importers/linkedin2016.go
for a more complex example.If you write an importer for a public breach, please send a pull request so everyone can import it too. Please note that no public breaches are provided here in the repository itself.
Problems?
Make sure you're running MongoDB 3.0 or higher. Previous versions have had issues with indexes not working properly, and there is some new syntax which requires this version.
Performance? Try tweaking your MongoDB configuration file to turn off journaling and enabling the new database engine.
Via: www.kitploit.com
Steamer - Import, Search, and Manage Public Password Breach Data
Reviewed by Zion3R
on
11:45
Rating: