legs/areyougay
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
lets see if you're gay
3 commits 1 branch 0 tags 60 KiB
  • Python 100%
Find a file
Exact
legs 57b07ecfeb Update README.md
2026-05-31 07:10:53 -04:00
.gitignore add project files 2026-05-31 11:10:27 +00:00
AreYouGay.py add project files 2026-05-31 11:10:27 +00:00
LICENSE add project files 2026-05-31 11:10:27 +00:00
README.md Update README.md 2026-05-31 07:10:53 -04:00
requirements.txt add project files 2026-05-31 11:10:27 +00:00

README.md

AreYouGay

AreYouGay is a command-line exposure intelligence console for authorized security research. It combines credential exposure checks, password compromise checks, breach catalog analysis, and passive enrichment from public no-key sources.

Capabilities

  • Search public credential-combo exposure through ProxyNova.
  • Check passwords against Have I Been Pwned Pwned Passwords using k-anonymity.
  • Score password quality locally before any network check.
  • Query the Have I Been Pwned breach catalog and inspect breach metadata.
  • Produce breach statistics and repeated-domain analytics.
  • Export first-page credential search results to CSV or JSON.
  • Batch-audit password files without printing plaintext passwords.
  • Discover domain names through Certificate Transparency via crt.sh.
  • Enrich IP addresses through Shodan InternetDB.
  • Check hosts and URLs against URLHaus malware URL intelligence.
  • Run a small automatic passive enrichment workflow with dossier.

Data Sources

Source Used for Authentication
ProxyNova COMB API Public credential-combo search None
Have I Been Pwned Pwned Passwords Password compromise checks None
Have I Been Pwned Breach API Breach catalog metadata None for implemented endpoints
crt.sh Certificate Transparency host discovery None
Shodan InternetDB Passive IP exposure profile None
URLHaus Host and URL malware reputation None

Installation

Python 3.7 or newer is required.

git clone https://git.nadeko.net/legs/areyougay.git
cd areyougay
python3 -m pip install -r requirements.txt

Run the interactive console:

python3 AreYouGay.py

Run a single command:

python3 AreYouGay.py about

Interactive Console

The prompt is intentionally plain text:

areyou@gay >

The prompt does not contain ANSI escape sequences. This keeps terminal editing behavior, including backspace and cursor movement, reliable across common Linux terminals, macOS terminals, and Windows terminal emulators.

Use help or ? inside the console to show the command deck. Bare email addresses or usernames are treated as credential searches.

Command Reference

Exposure

Command Description
search <query> Search the credential exposure index.
s <query> Alias for search.
`export [csv json]`
<query> Quick search when no command is matched.

Passwords

Command Description
checkpw <password> Run local password scoring and HIBP compromise check.
pw <password> Alias for checkpw.
securepw Prompt without echo, then run local scoring and HIBP check.
strength <password> Run local-only password scoring.
auditpw <file> Batch-check newline-delimited passwords without printing plaintext.

Breaches

Command Description
breaches List high-impact breach catalog records.
breaches <domain> Filter HIBP breach records by domain.
breach <name> Show detailed metadata for a named breach.
latest Show the latest HIBP breach catalog addition.

Analytics

Command Description
stats Summarize breach catalog volume, flags, data classes, and largest events.
domains [limit] Rank domains by repeated breach appearances.

Passive Enrichment

Command Description
ct <domain> Discover hostnames from Certificate Transparency logs.
ip <address> Enrich an IP address with Shodan InternetDB.
`urlhaus <host url>`
`dossier <domain ip

System

Command Description
about Show tool, author, repository, Python version, and history file.
help Show command deck.
? Alias for help.
clear Redraw the console.
exit, quit, q Exit the console.

CLI Examples

Search for exposed credentials:

python3 AreYouGay.py search john@example.com

Check a password with local scoring and HIBP k-anonymity:

python3 AreYouGay.py checkpw 'CorrectHorseBatteryStaple42!'

Prompt for a password without echo:

python3 AreYouGay.py securepw

Batch-audit passwords from a file:

python3 AreYouGay.py auditpw passwords.txt

List breach records:

python3 AreYouGay.py breaches

Inspect one breach:

python3 AreYouGay.py breach Adobe

Summarize the breach catalog:

python3 AreYouGay.py stats

Rank repeatedly breached domains:

python3 AreYouGay.py domains 25

Discover hostnames through Certificate Transparency:

python3 AreYouGay.py ct example.com

Enrich an IP address:

python3 AreYouGay.py ip 1.1.1.1

Check URLHaus reputation:

python3 AreYouGay.py urlhaus example.com

Run automatic passive enrichment:

python3 AreYouGay.py dossier example.com

Export search results:

python3 AreYouGay.py export john@example.com hits.csv csv
python3 AreYouGay.py export john@example.com hits.json json

Output Model

The console uses labeled event rows and compact tables. Example password check:

strength      Excellent (5/5)
entropy       184 bits
range         querying HIBP k-anonymity API
verdict       not present in HIBP range response
note          absence is not a strength guarantee

Example credential search:

search    credential index query: john@example.com
hits      156 possible matches

 credential hits --------------------------------------------------------------
 idx  principal                                      secret
   1  john@example.com                              password123
   2  john@example.com                              qwerty2020

Privacy Notes

  • checkpw, pw, securepw, and auditpw use the HIBP k-anonymity model. Only the first five characters of the SHA-1 password hash are sent to HIBP.
  • strength is local-only and performs no network requests.
  • auditpw prints SHA-1 prefixes, strength labels, and HIBP counts. It does not print plaintext password values.
  • search and export send the search query to ProxyNova.
  • ct, ip, urlhaus, and dossier send the requested target to the named public enrichment source.

Limitations

  • ProxyNova may reject or rate-limit pagination after the first result page. AreYouGay retries transient failures, but persistent upstream blocking is expected.
  • HIBP email-account breach search requires a paid API key and is not implemented.
  • Passive enrichment results are source-dependent and may be incomplete, stale, or temporarily unavailable.
  • A password that is absent from HIBP is not automatically strong or safe.

Responsible Use

This tool is for authorized security research only. Use it only for credentials, domains, IP addresses, and systems that you own or are explicitly authorized to assess.

Do not use discovered credentials for unauthorized access. Do not perform credential stuffing. Do not publish sensitive credential material. Handle findings through appropriate disclosure, remediation, and reporting processes.

License

MIT License. See LICENSE.