A powerful password wordlist generator with email/phone validation and "Have I Been Pwned?" integration.
This project is strictly for educational and research purposes only.
- ❌ Does NOT attempt unauthorized access to any system
- ❌ Does NOT perform hacking or illegal activities
- ❌ Does NOT scrape, crawl, or abuse third-party services
- ❌ Does NOT store, sell, or misuse personal data
- ❌ Does NOT validate credentials against live systems
- ❌ Third-party API responses (like HIBP) may contain stale or inaccurate data
- ✅ Generates password combinations based on personal information (for authorized penetration testing)
- ✅ Validates email format and phone number format locally
- ✅ Queries the public "Have I Been Pwned?" database (read-only, no authentication bypass)
- ✅ Helps security researchers understand password patterns
- You must have explicit written authorization before using this tool on any system or data you do not own
- Using this tool for unauthorized access, hacking, or illegal purposes is a criminal offense
- The authors are not responsible for misuse, damages, or legal consequences
- Comply with all local, state, and federal laws
This tool is provided "AS IS" without any warranty. Users are solely responsible for ensuring compliance with applicable laws and regulations. Unauthorized access to computer systems is illegal.
- Generate thousands of password combinations from personal data
- Uses transformations: leet speak, alternating caps, vowel removal
- Supports separators and numeric patterns
- Deduplication for unique passwords only
- Random email generation with custom domain
- Keyword-based email prefixes
- Support for Greece (+30) and Turkey (+90)
- Random generation within valid ranges
Sub-options:
- Email Format Validation — Local regex validation only
- Phone Number Validation — Uses phonenumbers library
- Single Email HIBP Check — Check if email was in known breaches
- Batch Email HIBP Checking — Check multiple emails from file
- Queries the public "Have I Been Pwned?" API (with rate limiting)
- Does NOT attempt to bypass, hack, or login to HIBP
- Information is publicly available and read-only
- Respects API TOS with 2-second delays between requests
pip install -r requirements.txtpython main.pyFollow the interactive menu to choose your option.
See requirements.txt:
- requests >= 2.31.0
- phonenumbers >= 8.13.0
- tqdm >= 4.66.0
- pystyle >= 2.2.4
- CodebindPyth
Educational Use Only - See Disclaimer
Remember: This tool is for authorized security testing and education only. Always obtain proper authorization before testing any systems you do not own.