Skip to content

Running

Jump to bottom
Maksim Radaev edited this page Mar 21, 2026 · 3 revisions

Running Leaker

Learn about running leaker with practical examples and expected output

For all flags and options, see the Usage page. This page covers common workflows with example commands and output.

Basic Usage

Search by Email

leaker email user@example.com
   __           __
  / /___  ____ _/ /_____  _____
 / / _ \/ __ \/ //_/ _ \/ ___/
/ /  __/ /_/ / ,< /  __/ /
\___/\__,_/_/|_|\___/_/    v1.4.0

        vflame6

Use with caution. You are responsible for your actions.
Developers assume no liability and are not responsible for any misuse or damage.

[INF] Enumerating leaks for user@example.com
email:user@example.com, password:hunter2, database:Collection1
email:user@example.com, username:johndoe, hash:5f4dcc3b5aa765d61d8327deb882cf99, database:LinkedIn2012
[INF] Found 2 leaks for user@example.com in 4.231s

Search by Username

leaker username johndoe

Search by Domain

Find all leaked credentials for a domain:

leaker domain example.com

Search by Keyword

Search for any keyword across breach databases:

leaker keyword "company name"

Search by Phone Number

leaker phone 1234567890

Source Selection

Use Specific Sources

leaker email user@example.com -s leakcheck,dehashed

Exclude Sources

Use -s with only the sources you want. To see all available sources:

leaker -L
[INF] Current list of available sources. [12]
[INF] Sources marked with an * require key(s) or token(s) to work.
[INF] You can modify /home/user/.config/leaker/provider-config.yaml to configure your keys/tokens.

breachdirectory *
dehashed *
hudsonrock
intelx *
leakcheck *
leaklookup *
leaksight *
osintleak *
proxynova
snusbase *
weleakinfo *
whiteintel *

Output Options

Save to File

leaker email user@example.com -o results.txt

If the file already exists, use --overwrite to replace it:

leaker email user@example.com -o results.txt --overwrite

JSONL Output

Output results as one JSON object per line - ideal for parsing and pipeline integration:

leaker email user@example.com -j
{"source":"leakcheck","target":"user@example.com","email":"user@example.com","password":"hunter2","database":"Collection1"}
{"source":"dehashed","target":"user@example.com","email":"user@example.com","username":"johndoe","hash":"5f4dcc3b5aa765d61d8327deb882cf99","database":"LinkedIn2012"}

Combine JSONL with file output:

leaker email user@example.com -j -o results.jsonl

Verbose Output

Show which source each result came from:

leaker email user@example.com -v
[leakcheck] email:user@example.com, password:hunter2, database:Collection1
[dehashed] email:user@example.com, username:johndoe, hash:5f4dcc3b5aa765d61d8327deb882cf99, database:LinkedIn2012

Quiet Mode

Suppress the banner and info messages - print only results:

leaker email user@example.com -q
email:user@example.com, password:hunter2, database:Collection1
email:user@example.com, username:johndoe, hash:5f4dcc3b5aa765d61d8327deb882cf99, database:LinkedIn2012

Credential Verification

Use -V to enrich results with HIBP breach counts and hash type identification:

leaker email user@example.com -V
email:user@example.com, password:hunter2, database:Collection1, hibp_count:17043, hash_type:unknown
email:user@example.com, hash:5f4dcc3b5aa765d61d8327deb882cf99, database:LinkedIn2012, hash_type:md5

The verification feature:

  • HIBP password check - queries the Pwned Passwords API using k-anonymity (only the first 5 chars of the SHA-1 hash are sent). Returns how many times the password has appeared in known breaches.
  • Hash identification - identifies the hash algorithm by format. Supports: md5, sha1, sha256, sha512, bcrypt, md5crypt, sha256crypt, sha512crypt, and argon2.

Pipeline Integration

Pipe Input via STDIN

echo "user@example.com" | leaker email

Pipe Results to Other Tools

Chain leaker with other tools for automated workflows:

leaker domain example.com -q -j | jq -r '.password // empty' | sort -u > passwords.txt

Extract unique emails from a domain search:

leaker domain example.com -q -j | jq -r '.email // empty' | sort -u

Use with Proxy

Route all traffic through an HTTP proxy (e.g., Burp Suite):

leaker email user@example.com --proxy http://127.0.0.1:8080

For proxies with self-signed certificates:

leaker email user@example.com --proxy http://127.0.0.1:8080 --insecure

Disabling Filters

No Deduplication

By default, leaker removes duplicate results across sources. To keep all results:

leaker email user@example.com --no-deduplication

No Filtering

By default, leaker filters out results that don't contain the target string. To include all results returned by sources:

leaker email user@example.com --no-filter

Docker

Run leaker in a Docker container:

docker build -t leaker .
docker run leaker email user@example.com

Mount your provider config:

docker run -v $HOME/.config/leaker:/home/app/.config/leaker leaker email user@example.com

Clone this wiki locally