EMAGNET Find Leaked Databases and Bruteforce
EMAGNET Find Leaked Databases and Bruteforce

EMAGNET: Find Leaked Databases + Bruteforce


Before you using emagnet, please remember that with great power comes great responsibility.


Pastebin found the vulnerability I used to get recent uploads from https://pastebin.com/archive and fixed this issue.

At the moment it is not possible to get the recent uploaded files anymore as before, you are now limited to all syntaxes exempt the default one (95% get’s uploaded as ‘text’ and this is removed from all recent upload lists).

Currently working on a new way to share all recent uploads for free.

Read their terms of service here before this decision

4. Services Usage Limits
You agree not to reproduce, duplicate, copy, sell, resell or exploit any portion of the Service, use of the Service, or access to the Service without Pastebin's express written permission. 

Scraping refers to extracting data from our Website via an automated process, such as a bot or webcrawler. It does not refer to the collection of information through Pastebin's API. You may scrape the website for the following reasons:

 Researchers may scrape public, non-personal information from Pastebin for research purposes, only if any publications resulting from that research are open access.
Archivists may scrape Pastebin for public data for archival purposes.
You may not scrape Pastebin for spamming purposes, including for the purposes of selling Pastebin users' personal information, such as to recruiters, headhunters, and job boards.

All use of Pastebin data gathered through scraping must comply with the Pastebin Privacy Statement. 

Emagnet users are archivists! Right?

We didnt get the recent uploads from scrape.pastebin.com, we used pastebin.com/archive, this means we never was under the privacy statements.

Whatever, this means that the emagnet project has ended up in a pause phase as we will not go much further until this changes, but just wait. Soon the greed will come and they will open the pro section again. They can not run this service for free, too long.

About Emagnet v3.4.3 (2020-07-19)

Emagnet is a very powerful tool for it’s purpose wich is to capture email addresses and passwords from leaked databases uploaded on pastebin. It’s almost impossible to find leaked passwords when they are out of list on pastebin.com. Either they have been deleted by pastebin’s techs or the uploads is just one in the crowd. To be honest it’s easier to find a needle in a haystack then find outdated uploads on pastebin w

  • Parallel downloading! More than twice as fast as previous version.
  • 555 files downloaded, over ~20.000 accounts found to auto brute-force by one command that toke ~4.51 seconds (see proof below)
  • Incredibly good results for successful attacks.
  • There is no other tool nearby that has more successful attempts than Emagnet.
  • Emagnet is quick, easy, unique and awesome!
  • Google used Emagnet source for analyze their own site for ~1year ago, this is how people trying to attack accounts today.
  • No skills needed, even your grandmother can use emagnet.
  • Bruteforce ssh targets, Microsoft Remote Desktop – We portscanning extremely fast for choose our targets with X port open (netcat/xargs)
  • Super easy to add your own tools using inotifywait with emagnet – See script example 
  • ./emagnet -g gmail will automate the attack for gmail/google accounts only – We skip the rest!
    • Read more on googles security blog and automated-tools(emagnet)
    • Emagnet is 1 year after the analyze from google still the best tool for it’s purpose (2020-07-19) (7% using 2FA)
    • If the user does not have 2FA enable, you will succeed!
    • URL To google security blog (This was for try 2FA security): Google.com – Security Blog
    • Remember,bruteforce accounts without the owner’s approval violates the law.


Emagnet for Spotify
Emagnet for Spotify
Emagnet for SSH
Emagnet for SSH
Emagnet for GMail
Emagnet for GMail

Getting Started

git clone https://github.com/wuseman/emagnet
chmod +x emagnet/emagnet.sh
bash emagnet/emagnet.sh --emagnet

System Requirements

  • Bash – Find more info about bash here
  • Gsed – Find more info about gsed here
  • Gawk – Find more info about gawk here
  • Wget – Find more info about wget here
  • Curl – Find more info about curl here

Wiki Sections


Attacking different kinds of accounts via emagnet that you have not been granted or allowed to attack is strictly prohibited and it breaks the law. The punishment is hard and you can even get into prison in some countries just for trying to attack for intrusion. With this said, it’s important that all users is aware of this and when you have cloned or downloaded it’s fully up to every user to take responsibility over their own actions. wuseman cannot be held responsible for the actions of any user, all users using Emagnet on their own responsibility.

Developer: “All my previews where a brute force attack has been done is under controlling forms with 100% fully permissions by the owners. If you have any questions about this then you are welcome to contact me or the owner.”

Dark Mode

EMAGNET (this link opens in a new window) by wuseman (this link opens in a new window)

Automated hacking tool that will find leaked databases with 97.1% accurate to grab mail + password together from recent uploads from https://pastebin.com. Bruteforce support for spotify accounts, instagram accounts, ssh servers, microsoft rdp clients and gmail accounts