Exporting a Domain's Credentials

Flare’s Leaked Credentials API can be used to export a domain’s leaked credentials.

This guide will explain how to export all leaked credentials for the example.com domain using the credentials/_search

endpoint.

Export Steps

Fetch one page of results

Use the credentials/_search endpoint to fetch one page of results.

If the returned page of results is empty, this means that the export is complete.

Print the results

Loop over the response’s items and print the results.

Ratelimit and go to step 1

Wait one second to avoid going over the API rate limit. Then, go back to step 1 to fetch the next page.

End-to-End Examples

These are end-to-end examples in various programming languages.

import csv
import os
import sys
import time

from flareio import FlareApiClient


api_client = FlareApiClient(
    api_key=os.environ["FLARE_API_KEY"],
)

domain_name: str = "scatterholt.com"
from_: str | None = None

writer = csv.DictWriter(
    sys.stdout,
    fieldnames=[
        "identity",
        "password",
        "source",
    ],
)

for resp in api_client.scroll(
    method="POST",
    url="/leaksdb/v2/credentials/_search",
    json={
        "query": {
            "type": "domain",
            "fqdn": "scatterholt.com",
        },
        "from": from_,
    },
):
    # Print results
    credentials = resp.json()["items"]
    for credential in credentials:
        writer.writerow(
            {
                "identity": credential["identity_name"],
                "password": credential["hash"],
                "source": credential["source"]["id"],
            },
        )

    # Rate limiting.
    time.sleep(1)

package main

import (
	"encoding/csv"
	"encoding/json"
	"fmt"
	"os"
	"strconv"
	"time"

	"github.com/Flared/go-flareio"
)

type CredentialsResponse struct {
	Items []Credential `json:"items"`
}

type CredentialSource struct {
	Id string `json:"id"`
}

type Credential struct {
	Id           int               `json:"id"`
	Source       *CredentialSource `json:"source"`
	IdentityName string            `json:"identity_name"`
	Hash         string            `json:"hash"`
}

func exportDomainCredentials(
	client *flareio.ApiClient,
	domain string,
) error {
	csvWriter := csv.NewWriter(os.Stdout)

	for result, err := range client.IterPostJson(
		"/leaksdb/v2/credentials/_search",
		nil,
		map[string]interface{}{
			"query": map[string]string{
				"type": "domain",
				"fqdn": domain,
			},
		},
	) {
		// Rate Limiting
		time.Sleep(time.Second * 1)

		if err != nil {
			return fmt.Errorf("failed to fetch page: %w", err)
		}

		var credentialsResponse CredentialsResponse
		if err := json.NewDecoder(result.Response.Body).Decode(&credentialsResponse); err != nil {
			return fmt.Errorf("failed to decode response: %w", err)
		}

		for _, credential := range credentialsResponse.Items {
			if err := csvWriter.Write(
				[]string{
					strconv.Itoa(credential.Id),
					credential.Source.Id,
					credential.IdentityName,
					credential.Hash,
				},
			); err != nil {
				return fmt.Errorf("failed to output record: %w", err)
			}
		}

		csvWriter.Flush()
		if err := csvWriter.Error(); err != nil {
			return fmt.Errorf("failed to flush writer: %w", err)
		}

		if err := result.Response.Body.Close(); err != nil {
			return fmt.Errorf("failed to close response: %w", err)
		}
	}

	return nil
}

func main() {
	client := flareio.NewApiClient(
		os.Getenv("FLARE_API_KEY"),
	)
	if err := exportDomainCredentials(client, "scatterholt.com"); err != nil {
		fmt.Println(err)
		os.Exit(1)
	}
}

Introduction

Base Concepts

SDK

Advanced

Guides

Exporting a Domain's Credentials

Export Steps

End-to-End Examples

Introduction

Base Concepts

SDK

Advanced

Guides

​Export Steps

​End-to-End Examples

Export Steps

End-to-End Examples