H8mail - E-Mail Osint As Well As Password Breach Hunting
Email OSINT too password finder.
Use h8mail to notice passwords through different breach too reconnaissance services, or the infamous "Breach Compilation" torrent.
Features
Demos
Out of the box
With API services
With the BreachedCompilation torrent
APIs
Install
If you're using Docker, brand certain to add together your
Locally
NodeJS is required to ensure CloudFlare bypassing. You tin notice out how to install it for your distribution here
These instructions assume y'all are running Python3 equally default. If unsure, delight banking firm check the troubleshooting section
Docker
Usage
Usage examples
Query for a unmarried target
Query for listing of targets, request config file for API keys, output to
Query a listing of targets against local re-create of the Breach Compilation, run yesteryear API keys for Snusbase from the ascendancy line
Query without making API calls against local re-create of the Breach Compilation
Troubleshooting
Python version & Kali
The higher upwards instructions assume y'all are running python3 equally default. If unsure, type:
inward your terminal. It should live on either
If y'all are running python2 equally default :
Make certain y'all convey python3 installed, too then supplant python commands amongst explicit python3 calls:
Notes & Links
Use h8mail to notice passwords through different breach too reconnaissance services, or the infamous "Breach Compilation" torrent.
Features
- Email blueprint matching (reg exp), useful for all those raw HTML files
- Small too fast Alpine Dockerfile available
- CLI or Bulk file-reading for targeting
- Output to CSV file
- Reverse DNS + Open Ports
- CloudFlare charge per unit of measurement throttling avoidance
- Execution menstruum remains synchronous too throttled according to API usage guidelines written yesteryear service providers
- Query too grouping results from different breach service providers
- Query a local re-create of the "Breach Compilation"
- Get related emails
- Delicious colors
Demos
Out of the box
With API services
With the BreachedCompilation torrent
APIs
| Service | Functions | Status |
|---|---|---|
| HaveIBeenPwned | Number of e-mail breachs | Yes |
| Shodan | Reverse DNS, Open ports | Yes |
| Hunter.io - Public | Number of related emails | Yes |
| Hunter.io - Service (free tier) | Cleartext related emails | Yes |
| WeLeakInfo - Public | Number of search-able breach results | Soon |
| WeLeakInfo - Service | Cleartext passwords, hashs too salts | Soon |
| Snusbase - Service | Cleartext passwords, hashs too salts - Fast | Yes |
Install
If you're using Docker, brand certain to add together your
targets.txt too your API keys inward the configuration file before buildingLocally
NodeJS is required to ensure CloudFlare bypassing. You tin notice out how to install it for your distribution here
These instructions assume y'all are running Python3 equally default. If unsure, delight banking firm check the troubleshooting section
apt-get install nodejs git clone https://github.com/khast3x/h8mail.git cd h8mail pip install -r requirements.txt python h8mail.py -hDocker
git clone https://github.com/khast3x/h8mail.git cd h8mail docker construct -t h8mail . docker run -ti h8mail -hUsage
> python h8mail.py --help usage: h8mail.py [-h] -t TARGET_EMAILS [-c CONFIG_FILE] [-o OUTPUT_FILE] [-bc BC_PATH] [-v] [-l] [-k CLI_APIKEYS] Email information too password finding tool optional arguments: -h, --help present this assist message too kicking the bucket -t TARGET_EMAILS, --targets TARGET_EMAILS Either unmarried email, or file (one e-mail per line). REGEXP -c CONFIG_FILE, --config CONFIG_FILE Configuration file for API keys -o OUTPUT_FILE, --output OUTPUT_FILE File to write output -bc BC_PATH, --breachcomp BC_PATH Path to the breachcompilation Torrent. https://ghostbin.com/paste/2cbdn -v, --verbose Show debug information -l, --local Run local actions exclusively -k CLI_APIKEYS, --apikey CLI_APIKEYS Pass config options. Format is "K:V,K:V"Usage examples
Query for a unmarried target
python h8mail.py -t target@example.comQuery for listing of targets, request config file for API keys, output to
pwned_targets.csvpython h8mail.py -t targets.txt -c config.ini -o pwned_targets.csvQuery a listing of targets against local re-create of the Breach Compilation, run yesteryear API keys for Snusbase from the ascendancy line
python h8mail.py -t targets.txt -bc ../Downloads/BreachCompilation/ -k "snusbase_url:$snusbase_url,snusbase_token:$snusbase_token"Query without making API calls against local re-create of the Breach Compilation
python h8mail.py -t targets.txt -bc ../Downloads/BreachCompilation/ --localTroubleshooting
Python version & Kali
The higher upwards instructions assume y'all are running python3 equally default. If unsure, type:
python --versionPython 3.* or Python 2.*.If y'all are running python2 equally default :
Make certain y'all convey python3 installed, too then supplant python commands amongst explicit python3 calls:
apt-get install nodejs git clone https://github.com/khast3x/h8mail.git cd h8mail pip3 install -r requirements.txt python3 h8mail.py -hNotes & Links
- Service providers that wishing beingness integrated tin ship me an e-mail at
k at khast3x point club(Protonmail encryption friendly) - Special thank y'all to Snusbase for beingness developer friendly
- Special thank y'all to kodykinzie for making a overnice introduction too walktrough article too video on installing too using h8mail
