loading
loading
OSINT
Search for strings in paste sites.
overview
pastos searches paste sites for the strings you give it, which makes it an OSINT tool for catching leaked data that ends up on pastebins. Hand it a comma-separated list of terms, such as a domain, an email pattern, or a product name, and it returns the pastes where those terms appear.
It is a monitoring play as much as a one-off search. Run the same term list on a schedule and you turn pastos into a tripwire for credentials, API keys, and source fragments that leak to public paste services, often the first public sign of a breach.
Wire pastos with a search list and an optional API key; it writes a file and a folder of matches. Use it in an OSINT or breach-monitoring workflow alongside other leak-hunting tools, routing hits into the same triage path as the rest of your findings.
use cases
Search paste sites for your domain and email patterns to catch credentials and keys that have been dumped publicly.
Run a term list for product names and internal identifiers to surface pastes that reference your organization.
Run the same search list on a schedule so new pastes mentioning your terms get flagged as they appear.
Route paste matches into the same triage and reporting flow as other leak-hunting tools for one view of exposure.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| search | STRING | --search | Comma-separated list of terms to search for in paste sites. |
| api-key | STRING | --api-key | API key for paste-site access. |
| debug | BOOLEAN | --debug | Enable debug output. |
Showing key inputs. pastos exposes 3 inputs in total.
example
# search paste sites for domain and API host mentionspastos --search example.com,api.example.com --api-key "$PASTOS_API_KEY"[+] Searching: example.com,api.example.com[+] Match: paste mentions example.com admin reset link[+] Match: paste lists api.example.com bearer token fragment[+] Match: paste dumps mail.example.com SMTP creds[+] Match: paste references staging.example.com config[+] Match: paste cites app.example.com session cookie[+] Done: 5 paste hits for search termsguidance
Reach for pastos when you want to catch your data on public paste sites, such as leaked credentials or mentions of your assets. It searches pastes by string. For email-based breach lookups, pair it with h8mail; for secrets in repos, use a git secret scanner.
Hunts breached credentials by email across leaks. pastos focuses on live paste-site search by string.
Searches for leaked secrets across sources. pastos targets paste sites specifically by term.
Finds secrets committed to repos. pastos watches public paste sites instead of source control.
faq
related
Look up DNS records on DNSDumpster.
Look up a host on DNSDumpster.
Find lookalike domains adversaries use for typosquatting, phishing, and brand impersonation.
List all public repositories for valid GitHub usernames.
Look up the real IP of a host starting from its favicon and using Shodan.
Gather email account intelligence from public sources and check it against breach data.
A list of search terms feeds pastos, which scans paste sites and writes the pastes that mention your strings as a queryable output.
Facts on this page come from the live Trickest tool library.