- Notifications
You must be signed in to change notification settings - Fork534
Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
License
NotificationsYou must be signed in to change notification settings
khast3x/h8mail
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
h8mail is an email OSINT and breach hunting tool usingdifferent breach and reconnaissance services, or local breaches such as Troy Hunt's "Collection1" and the infamous "Breach Compilation" torrent.
- 🔎 Email pattern matching (reg exp), useful for reading from other tool outputs
- 🌍 Pass URLs to directly find and target emails in pages
- 💫 Loosey patterns for local searchs ("john.smith", "evilcorp")
- 📦 Painless install. Available through
pip, only requiresrequests - ✅ Bulk file-reading for targeting
- 📝 Output to CSV file or JSON
- 💪 Compatible with the "Breach Compilation" torrent scripts
- 🏠 Search cleartext and compressed .gz files locally using multiprocessing
- 🌀 Compatible with "Collection#1"
- 🔥 Get related emails
- 🐲 Chase related emails by adding them to the ongoing search
- 👑 Supports premium lookup services for advanced users
- 🏭 Custom query premium APIs. Supports username, hash, ip, domain and password and more
- 📚 Regroup breach results for all targets and methods
- 👀 Includes option to hide passwords for demonstrations
- 🌈 Delicious colors
| Service | Functions | Status |
|---|---|---|
| HaveIBeenPwned(v3) | Number of email breaches | ✅ 🔑 |
| HaveIBeenPwned Pastes(v3) | URLs of text files mentioning targets | ✅ 🔑 |
| Hunter.io - Public | Number of related emails | ✅ |
| Hunter.io - Service (free tier) | Cleartext related emails, Chasing | ✅ 🔑 |
| Snusbase - Service | Cleartext passwords, hashs and salts, usernames, IPs - Fast ⚡ | ✅ 🔑 |
| Leak-Lookup - Public | Number of search-able breach results | ✅ (🔑) |
| Leak-Lookup - Service | Cleartext passwords, hashs and salts, usernames, IPs, domain | ✅ 🔑 |
| Emailrep.io - Service (free) | Last seen in breaches, social media profiles | ✅ 🔑 |
| scylla.so - Service (free) | Cleartext passwords, hashs and salts, usernames, IPs, domain | 🚧 |
| Dehashed.com - Service | Cleartext passwords, hashs and salts, usernames, IPs, domain | ✅ 🔑 |
| IntelX.io - Service (free trial) | Cleartext passwords, hashs and salts, usernames, IPs, domain, Bitcoin Wallets, IBAN | ✅ 🔑 |
| 🆕Breachdirectory.org - Service (free) | Cleartext passwords, hashs and salts, usernames, domain | 🚧 🔑 |
🔑 - API key required
usage: h8mail [-h] [-t USER_TARGETS [USER_TARGETS ...]] [-u USER_URLS [USER_URLS ...]] [-q USER_QUERY] [--loose] [-c CONFIG_FILE [CONFIG_FILE ...]] [-o OUTPUT_FILE] [-j OUTPUT_JSON] [-bc BC_PATH] [-sk] [-k CLI_APIKEYS [CLI_APIKEYS ...]] [-lb LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...]] [-gz LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...]] [-sf] [-ch [CHASE_LIMIT]] [--power-chase] [--hide] [--debug] [--gen-config]Email information and password lookup tooloptional arguments:-h, --help show thishelp message andexit-t USER_TARGETS [USER_TARGETS ...], --targets USER_TARGETS [USER_TARGETS ...] Either string inputs or files. Supports email pattern matching from input or file, filepath globing and multiple arguments-u USER_URLS [USER_URLS ...], --url USER_URLS [USER_URLS ...] Either string inputs or files. Supports URL pattern matching from input or file, filepath globing and multiple arguments. Parse URLs pagefor emails. Requires http:// or https://in URL. -q USER_QUERY, --custom-query USER_QUERY Perform a custom query. Supports username, password, ip, hash, domain. Performs an implicit"loose" search when searching locally --loose Allow loose search by disabling email pattern recognition. Use spaces as pattern seperators-c CONFIG_FILE [CONFIG_FILE ...], --config CONFIG_FILE [CONFIG_FILE ...] Configuration filefor API keys. Accepts keys from Snusbase, WeLeakInfo, Leak-Lookup, HaveIBeenPwned, Emailrep, Dehashed and hunterio-o OUTPUT_FILE, --output OUTPUT_FILE File to write CSV output -j OUTPUT_JSON, --json OUTPUT_JSON File to write JSON output-bc BC_PATH, --breachcomp BC_PATH Path to the breachcompilation torrent folder. Uses the query.sh script includedin the torrent-sk, --skip-defaults Skips Scylla and HunterIO check. Idealforlocal scans-k CLI_APIKEYS [CLI_APIKEYS ...], --apikey CLI_APIKEYS [CLI_APIKEYS ...] Pass config options. Supported format:"K=V,K=V" -lb LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...], --local-breach LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...] Local cleartext breaches to scanfor targets. Uses multiprocesses, one separate process per file, on separate worker pool by arguments. Supports file or folder as input, and filepath globing-gz LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...], --gzip LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...] Local tar.gz (gzip) compressed breaches to scansfor targets. Uses multiprocesses, one separate process per file. Supports file or folder as input, and filepath globing. Looksfor'gz'in filename -sf, --single-file If breach contains big cleartext or tar.gz files,set this flag to view the progress bar. Disables concurrent file searchingfor stability -ch [CHASE_LIMIT], --chase [CHASE_LIMIT] Add related emails from hunter.io to ongoing target list. Define number of emails per target to chase. Requires hunter.io private API keyif used without power-chase --power-chase Add related emails from ALL API services to ongoing target list. Use with --chase --hide Only shows the first 4 characters of found passwords to output. Idealfor demonstrations --debug Print request debug information --gen-config, -g Generates a configuration file templatein the current working directory& exits. Will overwrite existing h8mail_config.ini file
$ h8mail -t target@example.com
$ h8mail -t targets.txt -c config.ini -o pwned_targets.csv
Query a list of targets against local copy of the Breach Compilation, pass API key forSnusbase from the command line
$ h8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -k"snusbase_token=$snusbase_token"$ h8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -sk
$ h8mail -t targets.txt -gz /tmp/Collection1/ -sk
Check a cleartext dump for target. Add the next 10 related emails to targets to check. Read keys from CLI
$ h8mail -t admin@evilcorp.com -lb /tmp/4k_Combo.txt -ch 10 -k"hunterio=ABCDE123"$ h8mail -t JSmith89 -q username -k"dehashed_email=user@email.com""dehashed_key=ABCDE123"
$ h8mail -t 42.202.0.42 -q ip -c h8mail_config_priv.ini -ch 2 --power-chase
$ h8mail -u"https://pastebin.com/raw/kQ6WNKqY""list_of_urls.txt"
- Snusbase for being developer friendly
- kodykinzie for making a niceintroduction and walkthrough article andvideo on installing and using h8mail
- Leak-Lookup for being developer friendly
- Dehashed for being developer friendly
- h8mail's Pypi integration is strongly based on the work of audreyr'sCookieCutter PyPackage
- Logo generated using Hatchful by Shopify
- Jake Creps for hish8mail v2 introduction
- Alejandro Caceres for making scylla.so available. Be sure tosupport him if you can
- IntelX for being developer friendly
- Breachdirectory.tk for being developer friendly
💜h8mail can be found in:
- WhatBreach by Ekultek
- HashBuster by s0md3v
- BaseQuery by g666gle
- LeakLooker by woj-ciech
- buster by sham00n
- Scavenger by ndinfosecguy
- pwndb by davidtavarez
- Service providers that wish being integrated can send me an email at
k at khast3x dot club(PGP friendly) - h8mail is maintained on my free time. Feedback and war stories are welcomed.
- Licence is BSD 3 clause
- My code issigned with myKeybase PGP key. You can get it using:
# curl + gpg pro tip: import ktx's keyscurl https://keybase.io/ktx/pgp_keys.asc| gpg --import# the Keybase app can push to gpg keychain, tookeybase pgp pull ktx
If you wish to stay updated on this project:
About
Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
Topics
Resources
License
Stars
Watchers
Forks
Packages0
No packages published