Live credential intelligence from active exploitation.
Real passwords captured from real attacks hitting our global honeypot network. Cross-protocol coverage: SSH, FTP, MySQL, Redis, PostgreSQL, MongoDB, Telnet, SMB, and more.
Not breach data. Not leaked databases. Active exploitation capture — the passwords attackers are typing right now against live targets across 13 protocols.
Use Cases
Operational security teams use this feed to validate assumptions and catch exposure earlier.
Password Policy Validation
See the weak defaults, naming conventions, and credential patterns attackers try first against exposed services.
Breach Detection
Spot your internal usernames, tenant names, or reused secrets appearing in live attack traffic before an incident escalates.
Threat Hunting
Pivot from usernames and passwords into actor infrastructure, timing, and protocol choices for targeted hunt workflows.
Captured Across Core Protocols
Coverage spans the services attackers still hit first when credential stuffing and opportunistic scans begin.
13 protocols total across the BlackDome sensor network, including SMTP, DNS, HTTP, HTTPS, and RDP.
Simple Pricing
One plan for teams that need live credential intelligence now.
Credential Intel
Real-time credential capture and analysis from active attacks.
- Live credential feed
- API access for enrichment and alerting
- Password pattern analysis
- Credential reuse tracking
- Actor-linked correlation context
Live credential capture, with passwords masked
This table is pulled from the real BlackDome credential dataset and refreshed from the most recent hour of capture activity.
| Username | Password | Protocol | Source Country | Captured |
|---|---|---|---|---|
| sol | **** | ssh | Unknown | 24 seconds ago |
| root | **** | ssh | Unknown | 36 seconds ago |
| root | **** | ssh | Unknown | 1 minute ago |
| root | **** | ssh | Unknown | 2 minutes ago |
| sol | **** | ssh | Unknown | 3 minutes ago |
See what attackers are trying right now
Use active attack telemetry to validate password exposure, enrich detections, and hunt reused credentials before they become incidents.