# dehashed.py

[Dehashed](https://dehashed.com/) is pretty handy for finding creds from various leaks/breaches.

## Search using Dehashed from sm00v

Personally I like to grab [this](https://github.com/sm00v/Dehashed) repo, and then conduct a search like so:

```
dehashed.py -u you@yourdomain.com -a YOUR-API-KEY-HERE -d targetdomain.com -o
```

## Prep captured creds for spraying
```
cat *cracked* | sort -uf > company-creds.txt
```

### Clean up captured creds file (optional)
If you used the DeHashed-API-Tool to create an export of creds, you'll want to replace `,` with `:` so it's easier to feed the user:pass file to tools like [go365](/pentesting/External/go365):

```
sed -i 's/,/:/g' file-with-usernames-and-passwords.txt

```

Then you could take the `company-creds.txt` and [spray them](/pentesting/External/go365) if you so desire.