crypt[dot]fi

Welcome to crypt.fi, a site focused on Privacy and OSINT. Here you'll find material written by guest writers and I. Check the Homepage for more details.

An Introduction

Sites like HaveIBeenPwned have been highlighting just how sloppy modern day companies are with security, your data is out there for the world to see. I decided i’d spend the day seeing what I could find.

I’m not a lawyer and therefore i’m just going to recommend you don’t download any of the data listed.

Whilst this is for educational purposes, i’m not going to bore you with a disclaimer, I don’t host / own / mirror / seed any of the content linked. It can all be found via a couple of google searches and scrolling.

Please email me if you need something removed for legal reasons: [email protected]

Free / Public Downloads

Perhaps the most well-known public and free download site for databases is databases.today, ran by the owner of Snusbase a paid database lookup service.

They claim to be:

“The biggest free-to-download collection of publicly available website databases for security researchers and journalists.”

Through my searching I also came across what looks to be a rip-off of databases.today, named Nuclear Leaks, following the same design and directory listing.

Forums

There’s a wide array of database sharing Forums, most of which are open to the Public, the largest seemingly being RaidForums. The jist seems to be there’s two sub-sections from the Database section one with official presumably verified ones and the other for anyone to post in, a user posts in there and other users buy them with an on-forum currency named credits, they can then use these credits to buy other peoples databases and visaversa. It also seems that alot of these sites offer a pay to win strategy to where you can buy credits directly from the Forum owner.

Some runner up Forums being DemonForums, BreachForums and MoneyTeam all following the same type of on-forum currency idea.

Incorrectly Setup Forums

There’s a fair few Forums out there which are incorrectly setup and despite normally needing credits to see their hidden links you can just goto /misc.php?action=syndication on them then generate a link for the specific sub-section and view everything for free.

CthulhuSec | Magnets

One of the most prominent Database sites used to be Cthulhu’s, whilst it’s now down, the magnet links for it are still going strong.

You can find a link to his torrent files here. You can find an old HTML page for everything here (Use web.archive.org to retrieve everything).

Both of these are courtesy of a user on Twitter

You can find CthulhuSec on twitter here

If the links provided ever go down I have archives which I can link to.

Siph0n.net

Another place for alot of Low Level leaks that I came across was Siph0n.net.

Breach Compilation

A Magnet link to a 41GB file appeared on reddit a few months back consisting of almost all Public Databases including Antipublic and Exploit.in.

magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3&dn=BreachCompilation&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fglotorrents.pw%3A6969&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337

Guron18 | Mail.ru

When looking around Forums I stumbled across a Russian one named antichat where a user by the name of Guron18 was linking to a cloud.mail.ru storage link full of Databases which didn’t seem to be circulated on other websites.

It has a main folder with about 150 Databases in, and then another folder named ‘HACK’ with another 44 or so in.

You can find the post here.