GitPedia

Leaker

Passive leak enumeration tool.

From vflame6·Updated June 24, 2026·View on GitHub·

Created by Maksim Radaev/[@vflame6](https://github.com/vflame6) The project is written primarily in Go, distributed under the MIT License license, first published in 2025. Key topics include: bugbounty, hacking, leak-detection, leaks, osint.

Latest release: v1.6.7
June 6, 2026View Changelog →
<h1 align="center"> <img src="static/icon.svg" width="36" height="36" alt="icon" style="vertical-align: middle;"/> leaker </h1> <h4 align="center">Passive leak enumeration tool.</h4> <p align="center"> <a href="https://goreportcard.com/report/github.com/vflame6/leaker" target="_blank"><img src="https://goreportcard.com/badge/github.com/vflame6/leaker"></a> <a href="https://github.com/vflame6/leaker/issues"><img src="https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat"></a> <a href="https://github.com/vflame6/leaker/releases"><img src="https://img.shields.io/github/release/vflame6/leaker"></a> <a href="https://t.me/vflame6"><img src="https://img.shields.io/badge/Follow-@vflame6-33a3e1?style=flat&logo=telegram"></a> </p> <p align="center"> <a href="#features">Features</a> • <a href="#installation">Install</a> • <a href="#configuration">Configuration</a> • <a href="#running-leaker">Usage</a> </p>

Created by Maksim Radaev/@vflame6

leaker is a leak discovery tool that returns valid credential leaks using passive online sources. It supports searching by email, username, domain, keyword, and phone number.

leaker

Features

  • 13 sources - aggregates results from multiple leak databases
  • 5 search types - email, username, domain, keyword, phone
  • Deduplication - removes duplicate results across sources
  • JSONL output - structured output for pipelines (-j)
  • Rate limiting - built-in per-source rate limits (disable with -N)
  • Proxy support - route traffic through HTTP proxy (--proxy)
  • Multiple API keys - load balancing across keys per source

Available sources

SourceAPI KeySearch TypesPricing
BreachDirectoryYesall (auto-detect)Free via RapidAPI
DeHashedYesemail, username, domain, keyword, phonePaid
Hudson RockNo*email, username, domainFree / Paid
Intelligence XYesallFree tier available
LeakCheckYesemail, username, domain, keyword, phonePaid
LeakRadarYesemail, username, domainPaid
Leak-LookupYesemail, username, domain, keyword, phonePaid
LeakSightYesemail, username, domain, keyword, phonePaid
OSINTLeakYesemail, username, domain, keyword, phonePaid
ProxyNovaNoallFree
SnusbaseYesemail, username, domain, keyword, phonePaid
WeLeakInfoYesemail, username, domain, keyword, phonePaid
WhiteIntelYesemail, username, domainPaid

Usage

shell
leaker -h

This will display help for the tool. Here are all the switches it supports.

yaml
Usage: leaker <command> [flags]

  leaker is a leak discovery tool that returns valid credential leaks for emails, using passive online sources.

Flags:
  -h, --help                      Show context-sensitive help.
  -s, --sources=online,...        Sources to use for enumeration. 
                                  online (default), all, local, or explicit source names.
  --timeout=30s                   Seconds to wait on each request before timing out
  -N, --no-rate-limit             Disable rate limiting (DANGER)
  -j, --json                      Output results as JSONL (one JSON object per line)
  --no-deduplication              Disable deduplication of results across sources
  --no-filter                     Disable results filtering, include every result
  -o, --output=STRING             File to write output to
  --overwrite                     Force overwrite of existing output file
  -V, --verify                    Verify credentials using HIBP password check and hash identification
  -p, --provider-config=STRING    Provider config file
  --proxy=STRING                  HTTP proxy to use with leaker
  -A, --user-agent=STRING         Custom user agent
  --insecure                      Disable TLS certificate verification (use with caution)
  --db=STRING                     Path to the local SQLite cache DB
  --no-write-db                   Disable writing results to the local SQLite cache
  --version                       Print version of leaker
  -q, --quiet                     Suppress output, print results only
  -v, --verbose                   Show sources in results output
  -M, --metadata                  Include metadata fields (database) in output
  -D, --debug                     Enable debug mode
  --no-color                      Disable colored output
  -L, --list-sources              List all available sources

Commands:
  domain      Search by domain name.
  email       Search by email address.
  keyword     Search by keyword.
  phone       Search by phone number.
  username    Search by username.

  Run "leaker <command> --help" for more information on a command.

Learn more about Leaker's options here: https://github.com/vflame6/leaker/wiki/Usage

Installation

leaker requires go1.24 to install successfully. Run the following command to install the latest version:

shell
go install -v github.com/vflame6/leaker@latest

Learn about more ways to install leaker here: https://github.com/vflame6/leaker/wiki/Install

Configuration

leaker can be used right after the installation, however many sources require API keys to work. Learn more here: https://github.com/vflame6/leaker/wiki/Configuration

Running Leaker

Learn about how to run Leaker here: https://github.com/vflame6/leaker/wiki/Running

Contributing

Feel free to open an issue if something does not work, or if you have any ideas to improve the tool.

Disclaimer

Read the usage disclaimer at DISCLAIMER.md.

Star History

Star History Chart

Contributors

Showing top 4 contributors by commit count.

vflame6

vflame6

133 commits

erra9x

erra9x

15 commits

dependabot[bot]

dependabot[bot]

6 commits

h0lm0

h0lm0

2 commits

View all contributors on GitHub →

This article is auto-generated from vflame6/leaker via the GitHub API.Last fetched: 6/25/2026