Determine age, region, source of leaked credentials using RadioCarbon

RadioCarbon is an interesting tool developed by Florian Roth, focused on checking age and origin of a credential leak:

Typically you get leaked credentials in form of list of email addresses or user names, cleartext passwords or password hashes, and you have no idea how relevant they are and who to inform about the leak: for example, usually you don’t have information about the origin of the leaked credential, and these data could be obsolete.

RadioCarbon is based on the fact that the users of a service provides indicators for the origin and the age of the leak by choosing certain passwords or email addresses:

  • Users include the current year in their passwords (e.g. stephan2017, Mercedes17!, pass2016)
  • Users typically don’t include a year in the password that is in the future (e.g. pass2022, website2045)
  • Users include the name of the website/service in their passwords (e.g. website1234, pass4website)
  • Users use one time email addresses for the registration (e.g. [email protected], [email protected])
  • Users can use the “+” character to easily create new email aliases for certain purposes (e.g. [email protected])


The project is in the first stage of development, and it has some issues:

– If the user field contains a nickname and no email address, the region analysis fails
– If the password field contains a password hash and not a clear text password, the analysis is strongly hindered

More technical information and downloads

Related posts

  1. pySchö: algorithmic music composition
  2. Social Engineering in penetration tests: my point of view and my own custom tool
  3. SpiderFoot 3.0: OSINT reconnaissance tool
  4. Playing with the cat (in the command line)
  5. PEpper: a python script to perform malware static analysis on Portable Executable format