Email OSINT and password breach hunting. Use h8mail to find passwords through different breach and reconnaissance services, or the infamous Breached Compilation torrent.
Also Read: Burp Suite Extension – Turbo Intruder To Perform Security Testing on Web Applications
If you’re using Docker, make sure to add your targets.txt and your API keys in the configuration file before building.
Locally
NodeJS is required to ensure CloudFlare bypassing. You can find out how to install it for your distribution here
These instructions assume you are running Python3 as default. If unsure, please check the troubleshooting section
apt-get install nodejs
git clone https://github.com/khast3x/h8mail.git
cd h8mail
pip install -r requirements.txt
python h8mail.py -h
Docker
git clone https://github.com/khast3x/h8mail.git
cd h8mail
docker build -t h8mail .
docker run -ti h8mail -h
Usage
python h8mail.py –help
usage: h8mail.py [-h] -t TARGET_EMAILS [-c CONFIG_FILE] [-o OUTPUT_FILE]
[-bc BC_PATH] [-v] [-l] [-k CLI_APIKEYS]
Email information and password finding tool
optional arguments:
-h, –help show this help message and exit
-t TARGET_EMAILS, –targets TARGET_EMAILS
Either single email, or file (one email per line).
REGEXP
-c CONFIG_FILE, –config CONFIG_FILE
Configuration file for API keys
-o OUTPUT_FILE, –output OUTPUT_FILE
File to write output
-bc BC_PATH, –breachcomp BC_PATH
Path to the breachcompilation Torrent.
https://ghostbin.com/paste/2cbdn
-v, –verbose Show debug information
-l, –local Run local actions only
-k CLI_APIKEYS, –apikey CLI_APIKEYS
Pass config options. Format is “K:V,K:V”
Query for a single target
python h8mail.py -t target@example.com
Query for list of targets, indicate config file for API keys, output to pwned_targets.csv
python h8mail.py -t targets.txt -c config.ini -o pwned_targets.csv
Query a list of targets against local copy of the Breach Compilation, pass API keys for Snusbase from the command line
python h8mail.py -t targets.txt -bc ../Downloads/BreachCompilation/ -k “snusbase_url:$snusbase_url,snusbase_token:$snusbase_token”
Query without making API calls against local copy of the Breach Compilation
python h8mail.py -t targets.txt -bc ../Downloads/BreachCompilation/ –local
Python version & Kali
The above instructions assume you are running python3 as default. If unsure, type:
python –version
in your terminal. It should be either Python 3.* or Python 2.*.
If you are running python2 as default :
Make sure you have python3 installed, then replace python commands with explicit python3 calls:
apt-get install nodejs
git clone https://github.com/khast3x/h8mail.git
cd h8mail
pip3 install -r requirements.txt
python3 h8mail.py -h
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…