The idea comes from all of the unchecked mail/pass combinations that I have found in my temp mailboxes couple days ago. Well, I was a little out of the road at that time so I did harassed a lot of websites with SQLi and exploited their databases for couple good things.
So I pasted them into my Email Checker (written in Python but i have an improvised version which is not published - Link: https://github.com/nguyenph88/Email-Checker ) and surprisingly most of them are still live (LIVE means it's valid, yay)
With that being said, i tried to expand the tool a little bit with an good understanding that most of people usually use the same password for most of their online accounts. The result turns out so shocking that most of the combination can be used for at least another online account (Facebook, Twitter, Instagram, Viddy, Vine, and even their messenger)
I make this tool with a purpose of testing how many percentages that somebody uses the same password again.
Mass Account Checker
- I used the same idea for checking email, got a little problem with Hotmail since some functions need to be enabled by the owners to make the checker works, yahoo and gmail work fine.
- Facebook has the highest security measure since it checks for a lot of thing before one can claim the ownership of the account.
- Steam needs a lot of verification steps but since one has control of the mailbox, he can do everything.
- Instagram and mostly others are easy to bypass.
* I used mostly HttpUrlConnection and Selenium, HttpUnit to test.
The download version below is limited, also need an account from me to actually get it work (Well I was a little into real tool at the moment so i try to make real :) )