Bleed.Cloud: Reverse the Bleed
Simple tools for checking your exposure to cloud bleed.
Option 1: Check several domains quickly
Option 2: Scan your gmail account
For security reasons, we recommend you use a temporary gmail password
- Go to your App Passwords
- At the bottom click Select App in the bottom left and other
- Enter bleed.cloud (or well anything)
- Copy the pasword in yellow
- Enter your username and the password below
- Click submit
- When complete, delete the temp password
- Injoy
This could take a minute

Results
Domain |
{{key}} |
Option 3: Run a python script locally
Check accounts Via Gmail
Another option is to find all of the domains with which you have accounts via scanning your gmail. To do so just run the python script below. It will ask you for your username and password.
As you can see it only contacts gmail and does not send the info anywhere else.
- Take the contents below (download) and paste into a file like bleed.py
- Go to your gmail and click your avatar in the top right
- Click My Account
- Click Sign In & Security
- Click Signing in to Google
- Click App Passwords
- At the bottom click Select App in the bottom left and other
- Enter bleed.cloud (or well anything)
- Copy the pasword in yellow
- Execute the file with python, eg python bleed.py
- Enter your username and the password
- It will scan the "from" addresses of your last 4 years of inbox email.
- Copy all of the domain names from there and paste into the box in Option 1
- Once it runs you can delete the google app password.
import imaplib, re def group(lst, n): for i in range(0, len(lst), n): val = lst[i:i+n] if len(val) == n: yield tuple(val) print("Gmail Address:") username = sys.stdin.readline() print("Temp Password:") password = sys.stdin.readline() m = imaplib.IMAP4_SSL("imap.gmail.com", 993) rc, resp = m.login(username, password) print(rc) print(resp) status, count = m.select("INBOX") count = count[0] typ, data = m.search(None, 'ALL') domains = set() r = re.compile("<.+@(.+)>") ids = data[0].split() for idg in group(ids, 1000): print("{}/{}".format(idg[-1], count)) result, data = m.fetch(",".join(idg), '(BODY[HEADER.FIELDS (FROM)])') for i in data: if len(i) == 0: continue if type(i) == str: continue frm = i[1] match = r.search(frm) if not match: continue domain = match.group(1) domain = domain.lower() domain = ".".join(domain.split(".")[-2:]) if domain in domains: continue domains.add(domain) domains = sorted(domains) print("Found {} Domains".format(len(domains))) for domain in domains: print(domain)
Privacy Notice
We log the contents of the domain field, but that's it. No identifying information except what you put in the box.