
Monitor PasteBin for Your Email or Passwords - skadamat
https://github.com/shayanjm/pasteye/
======
afreak
Whoa. Nice to see someone else doing what I am already doing.

[https://canary.pw](https://canary.pw)

New version is coming out this week that lets you search via relation.

~~~
shayanjm
That's an awesome project. Have you open sourced it?

Also, just to draw the distinction: Pasteye is for near-realtime monitor
notifications, and it seems like Canarypw is more like an archival search.

~~~
afreak
This project isn't open-sourced but there is an API in the works. I am going
to be presenting some of its abilities at BSides Vancouver next month.

[edit]

I should add that a component of it might be open-sourced but I haven't had
much time to digest the idea of doing so.

------
sneak
JUST TYPE YOUR PASSWORD INTO THIS BOX, IT'S COOL.

~~~
shayanjm
Source code is available, and you can use _any_ password.

Inb4 not reading before posting

------
twstdroot
speaking from experience ([https://github.com/bryanbrannigan/pastebin-
parser](https://github.com/bryanbrannigan/pastebin-parser)) if you are just
grabbing the pastes from the "latest" box you are missing a lot. To grab
everything we actually had to create a distributed setup or else pastebin
would start banning our IPs.

~~~
shayanjm
I ran into that issue myself. Pastebin throttling is real. I was playing
around with the idea of actually using the socks5 proxies gathered through
scraping in order to retain modularity (and eliminate the necessity of multi-
IP set ups which could easily get pricey).

It would be tough because I would have to check the health of each proxy prior
to use (so that I don't miss out on request windows), but still an interesting
concept to consider.

~~~
twstdroot
cheap VPS boxes from lowendbox.com work well for this purpose. we also had
problems just processing the queue on busy days.

------
DjangoReinhardt
Good work! Just a suggestion: You should probably look to collaborate with
this guy: [https://haveibeenpwned.com/](https://haveibeenpwned.com/)

The two of you together can help us (l)users know when we've been pwned...

~~~
shayanjm
Creator of the project here. Thanks for the suggestion! I'll look into it

------
giarc
I don't want something I have to create an account for. I want to search my
email address/name/phone number on my own accord.

~~~
shayanjm
Then feel free to fork and set up your own instance (hence, why I open sourced
it), or use canary.pw to search through archives.

------
scottlinux
Might also be of related interest:
[https://twitter.com/dumpmon](https://twitter.com/dumpmon)

~~~
jwcrux
Hi there! Author of @dumpmon here. If you are interested, the entire project
is open-sourced here: [https://github.com/jordan-
wright/dumpmon](https://github.com/jordan-wright/dumpmon)

I'm planning a solid revision sometime soon!

------
switch33
What's to prevent a hacker from compromising a computer then checking config
scripts for the monitor?

~~~
shayanjm
This is meant to be deployed as a SaaS (hence, why there are user management
features included). There are two possible scenarios here:

#1 - Hacker breaks into your production server and steals your config files

#2 - Hacker breaks into your dev computer and steals your config files

If either of these things happen, I think you have a bigger security issue
than any you might find on Pasteye.

