A tool to request breached password from ProxyNova https://www.proxynova.com/tools/comb/ and modify them for password spray/brute-force
go build passwordnova.go
./passwordnove -u <username list file> -t
Generates passwordnova_result.txt containing the result from proxynova in format of [user email addaress]:[password]
-t remove the domain in email address. It generates password_trim.txt in format of [username]:[password]
-nonum skip the line if the password is numberonly
Output files can be used by hydra to perform combination test
hydra -C <file> <dc> <service>
go build userpasswordcount
userpasswordcount -t x
Count how many password occurence for the same user name in password_trim. -t to specify the threasold.
Find the list of password belongs to user with too many passwords and remove them from password_trim.txt
go build removepassword.go
./removepassword <user name>
Before:
After:
