H8mail – Email OSINT And Password Breach Hunting

Email OSINT and password breach hunting. Use h8mail to find passwords through different breach and reconnaissance services, or the infamous Breached Compilation torrent.

H8mail Features

  • Email pattern matching (reg exp), useful for all those raw HTML files
  • Small and fast Alpine Dockerfile available
  • CLI or Bulk file-reading for targeting
  • Output to CSV file
  • Reverse DNS + Open Ports
  • CloudFlare rate throttling avoidance
    • Execution flow remains synchronous and throttled according to API usage guidelines written by service providers
  • Query and group results from different breach service providers
  • Query a local copy of the “Breach Compilation”
  • Get related emails
  • Delicious colors

Also Read: Burp Suite Extension – Turbo Intruder To Perform Security Testing on Web Applications

Installation

If you’re using Docker, make sure to add your targets.txt and your API keys in the configuration file before building.

Locally

NodeJS is required to ensure CloudFlare bypassing. You can find out how to install it for your distribution here

These instructions assume you are running Python3 as default. If unsure, please check the troubleshooting section

apt-get install nodejs
git clone https://github.com/khast3x/h8mail.git
cd h8mail
pip install -r requirements.txt
python h8mail.py -h

Docker

git clone https://github.com/khast3x/h8mail.git
cd h8mail
docker build -t h8mail .
docker run -ti h8mail -h

Usage

python h8mail.py –help
usage: h8mail.py [-h] -t TARGET_EMAILS [-c CONFIG_FILE] [-o OUTPUT_FILE]
[-bc BC_PATH] [-v] [-l] [-k CLI_APIKEYS]

Email information and password finding tool

optional arguments:

-h, –help show this help message and exit
-t TARGET_EMAILS, –targets TARGET_EMAILS
Either single email, or file (one email per line).
REGEXP
-c CONFIG_FILE, –config CONFIG_FILE
Configuration file for API keys
-o OUTPUT_FILE, –output OUTPUT_FILE
File to write output
-bc BC_PATH, –breachcomp BC_PATH
Path to the breachcompilation Torrent.
https://ghostbin.com/paste/2cbdn
-v, –verbose Show debug information
-l, –local Run local actions only
-k CLI_APIKEYS, –apikey CLI_APIKEYS
Pass config options. Format is “K:V,K:V”

Usage examples

Query for a single target

python h8mail.py -t target@example.com

Query for list of targets, indicate config file for API keys, output to pwned_targets.csv

python h8mail.py -t targets.txt -c config.ini -o pwned_targets.csv

Query a list of targets against local copy of the Breach Compilation, pass API keys for Snusbase from the command line

python h8mail.py -t targets.txt -bc ../Downloads/BreachCompilation/ -k “snusbase_url:$snusbase_url,snusbase_token:$snusbase_token”

Query without making API calls against local copy of the Breach Compilation

python h8mail.py -t targets.txt -bc ../Downloads/BreachCompilation/ –local

Troubleshooting

Python version & Kali

The above instructions assume you are running python3 as default. If unsure, type:

python –version

in your terminal. It should be either Python 3.* or Python 2.*.

If you are running python2 as default :
Make sure you have python3 installed, then replace python commands with explicit python3 calls:

apt-get install nodejs
git clone https://github.com/khast3x/h8mail.git
cd h8mail
pip3 install -r requirements.txt
python3 h8mail.py -h

R K

Recent Posts

Install MySQL on Ubuntu 20.04: Setup, Security, and Root Access

MySQL is the most popular open-source relational database management system. It is fast, reliable, and a…

6 hours ago

Install Git on Ubuntu 20.04: Apt, Source, and Configuration

Git is the most widely used version control system in the world. It was created by…

7 hours ago

Install Go on Ubuntu 20.04: Download, Setup, and First Program

Go (also called Golang) is an open-source programming language built by Google. It is designed to…

7 hours ago

Install VS Code on Ubuntu 20.04: Snap Package and Apt Guide

Visual Studio Code (VS Code) is an open-source code editor developed by Microsoft. It is one…

7 hours ago

Install Nginx on Ubuntu 20.04: Setup, Firewall, and Config Guide

Nginx (pronounced "engine x") is an open-source, high-performance web server and reverse proxy. It is used…

7 hours ago

Install Apache on Ubuntu 20.04: Setup and Virtual Host Guide

Apache is one of the most widely used open-source web servers in the world. It is…

1 day ago