NEW Hawk is live. Free dark web monitoring for your domain and employee emails. Start monitoring
Free tool · by Secure Purple

Meet Hawk.
Free dark web monitoring for your business.

Stolen credentials, leaked databases and breached employee emails surface on dark-web markets and paste sites long before your team finds out. Hawk watches the dark web for mentions of your domain and emails — and alerts you the moment something appears. No signup fees. No credit card.

Start free dark web monitoring How it works
Free forever Real-time alerts Private & encrypted
What Hawk gives you

Continuous dark-web visibility. Without the price tag.

Hawk is built by our threat-intelligence team for founders, IT leads and security teams who need to know — fast — when their data shows up where it shouldn't.

Employee email monitoring

Add your domain and Hawk tracks every employee inbox against billions of known breach records and live dark-web sources.

Credential leak detection

Plaintext passwords, hashed credentials, combo-lists, stealer logs — Hawk flags new leaks and tells you which accounts are exposed.

Brand & domain mentions

Watch ransomware leak sites, darknet markets, paste sites and underground forums for mentions of your brand, products and domain.

Real-time alerts

Get notified via email the moment a match surfaces — with severity, source, first-seen timestamp and a recommended action.

Exportable reports

Download a clean, board-ready report with every exposure, source URL (where safe to share) and remediation guidance.

Private by design

Emails you submit are hashed before they're queried against external sources. We never sell, share, or repurpose your data.

Coverage

What Hawk actually monitors

No black boxes. Here's the source corpus Hawk continuously sweeps for your assets.

  • Public breach databasesBillions of records from disclosed breaches — refreshed continuously as new dumps surface.
  • Stealer logs & combo-listsInfostealer output (RedLine, Raccoon, Vidar, etc.) and credential combo-lists circulated on Telegram and forums.
  • Paste sitesPastebin, Ghostbin, Doxbin, JustPaste and similar — common drop points for leaked credentials and PII.
  • Ransomware leak sitesActive ransomware-group leak blogs (Tor) where stolen corporate data is named, shamed and dumped.
  • Darknet marketplacesListings on Tor-hosted markets selling access, credentials, source code and corporate datasets.
  • Underground forumsRussian, English and APT-adjacent forums where access brokers and threat actors trade victims.
  • Telegram & Discord channelsPrivate and semi-private channels where leaks, dumps and exploit kits are distributed.
  • Brand & typosquat domainsNewly-registered lookalike domains and certificate-transparency mentions tied to your brand.
How it works

Three steps. Sleeps so you don't have to.

Hawk is browser-based. Nothing to install. Nothing to configure.

Add your domain

Enter your company domain and the inboxes you want watched. Hawk hashes identifiers before querying external sources.

Hawk watches

Continuous sweeps across breach corpora, stealer logs, paste sites, ransomware leak blogs and darknet markets.

Get alerted

Real-time email alerts with severity, source and a recommended action. Export a full report any time.

Launch Hawk
FAQ

Questions people ask before they monitor.

Short answers. If yours isn't here, email ask@securepurple.com.

Is Hawk really free?

Yes. Hawk is genuinely free — no signup fees, no credit card, no "free trial". We built it as a community tool because dark-web monitoring shouldn't be locked behind a five-figure enterprise contract.

What data do I have to give you?

Your domain and the inboxes you want monitored. Email addresses are hashed before being queried against external sources. We do not store passwords or personal data, and we do not sell or share anything you submit.

How fast are alerts?

Most matches surface within hours of a new leak being ingested into our corpus. Confirmed exposures fire an email alert immediately — there's no batching or daily-digest delay for high-severity items.

Does this replace a managed threat-intelligence service?

No, and we'll say so openly. Hawk gives you continuous visibility into dark-web exposure for your domain and people. For attribution, threat-actor profiling, takedowns and broader brand protection, see our Threat Intelligence service.

Can I monitor a domain I don't own?

Hawk is intended for organisations watching their own assets and people. We ask that you only enable monitoring for domains and inboxes you are authorised to defend — it's the right thing to do.

What happens when you find something?

You get an email alert with the affected identifier, source category (paste site / leak blog / stealer log / etc.), first-seen timestamp, severity, and a recommended remediation step (password rotation, MFA enforcement, account lockdown).

Find out what the dark web knows about your business.

Free, hosted, and ready when you are. Add your domain and let Hawk do the watching.

Start free dark web monitoring