Email OSINT and password finder.
Use h8mail to find passwords through different breach and reconnaissance services, or the infamous "Breach Compilation" torrent.
Early release, feedback and pull requests are welcomed ❤️
- 🔎 Email pattern matching (reg exp), useful for all those raw HTML files
- 🐳 Small and fast Alpine Dockerfile available
- ✅ CLI or Bulk file-reading for targeting
- 📝 Output to CSV file
- ➿ Reverse DNS + Open Ports
- 👮 CloudFlare rate throttling avoidance
- Execution flow remains synchronous and throttled according to API usage guidelines written by service providers
- 🔥 Query and group results from different breach service providers
- 🔥 Query a local copy of the "Breach Compilation"
- 🔥 Get related emails
- 🌈 Delicious colors
| Service | Functions | Status |
|---|---|---|
| HaveIBeenPwned | Number of email breachs | ✅ |
| Shodan | Reverse DNS, Open ports | ✅ |
| Hunter.io - Public | Number of related emails | ✅ |
| Hunter.io - Service (free tier) | Cleartext related emails | ✅ |
| WeLeakInfo - Public | Number of search-able breach results | 🛃 |
| WeLeakInfo - Service | Cleartext passwords, hashs and salts | 🔜 |
| Snusbase - Service | Cleartext passwords, hashs and salts - Fast ⚡ | ✅ |
If you're using Docker, make sure to add your targets.txt and your API keys in the configuration file before building
NodeJS is required to ensure CloudFlare bypassing. You can find out how to install it for your distribution here
apt-get install nodejs
git clone https://github.com/khast3x/h8mail.git
cd h8mail
pip install -r requirements.txt
python h8mail.py -hgit clone https://github.com/khast3x/h8mail.git
cd h8mail
docker build -t h8mail .
docker run -ti h8mail -h> python h8mail.py --help
usage: h8mail.py [-h] -t TARGET_EMAILS [-c CONFIG_FILE] [-o OUTPUT_FILE]
[-bc BC_PATH] [-v] [-l] [-k CLI_APIKEYS]
Email information and password finding tool
optional arguments:
-h, --help show this help message and exit
-t TARGET_EMAILS, --targets TARGET_EMAILS
Either single email, or file (one email per line).
REGEXP
-c CONFIG_FILE, --config CONFIG_FILE
Configuration file for API keys
-o OUTPUT_FILE, --output OUTPUT_FILE
File to write output
-bc BC_PATH, --breachcomp BC_PATH
Path to the breachcompilation Torrent.
https://ghostbin.com/paste/2cbdn
-v, --verbose Show debug information
-l, --local Run local actions only
-k CLI_APIKEYS, --apikey CLI_APIKEYS
Pass config options. Format is "K:V,K:V"
python h8mail.py -t target@example.compython h8mail.py -t targets.txt -c config.ini -o pwned_targets.csvQuery a list of targets against local copy of the Breach Compilation, pass API keys for Snusbase from the command line
python h8mail.py -t targets.txt -bc ../Downloads/BreachCompilation/ -k "snusbase_url:$snusbase_url,snusbase_token:$snusbase_token"python h8mail.py -t targets.txt -bc ../Downloads/BreachCompilation/ --local- Read API keys from CLI
- Integrate WeLeakInfo Service API
- Silent output (email:password only)
- JSON output
- Maltego Transform
- BurpSuit Extension
- Post-gathering modules capability
- post-gathering: WeLeakInfo hash API
- post-gathering: Hashs to hashcat
- post-gathering: SMTP credentials tests
- post-gathering: Generate dictionary for bruteforce + permutations
- post-gathering: Send email to victims with templated warning
- post-gathering: Re-run with hunterio related emails
- post-gathering: Update local Breach Compilation with new email:pass
- Service providers that wish being integrated can send me an email at
k at khast3x dot club(Protonmail encryption friendly) - Special thanks to Snusbase for being developer friendly