Skip to content

Determine if an email address exists or not on ProtonMail with NeutrOSINT

License

Notifications You must be signed in to change notification settings

Kr0wZ/NeutrOSINT

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

NeutrOSINT

Determine if an email address exists or not on ProtonMail with NeutrOSINT without alerting the target.

Alternative to ProtOSINT since the validation using the API doesn't work anymore.

This tool uses selenium to connect to ProtonMail and checks if email addresses are valid or not. The "light" mode is faster and only uses the API to determine the validity of a Protonmail email address. No need to have a Protonmail account.


What's new?

08/06/2023:
  • "x-pm-uid" is in fact valid for 24 hours. It must be generated again to perform requests. This is now fixed and every requests generate a new AUTH cookie to perform searches.
  • @OSINT_Tactical found that it was possible to determine the source address of a protonmail business domain if the catch-all functionnality is enabled for this domain. I implemented that in the code.
06/06/2023:
  • Protonmail added a new field and a cookie for API requests: "x-pm-uid" and "AUTH-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX". With the tests I've done, these values must be generated one and then can be reused over time.
  • Added regex to check emails syntax
  • Business email addresses are now detected both in light mode and with selenium. In light mode it only gives an idea if a domain is a business domain used with protonmail but can't determine if email exists. You must you the selenium version to be sure of that (with username and password).
  • Changed print format to be more python3 friendly

This 2.0 version introduces a new 'mode': Light mode.

Thanks to @Nenaff_, I knew it was possible to request the verification of an email without the use of selenium.
This is way faster but if you have a lot of email addresses to verify you'll be blocked after 100 requests (don't know precisely how much time but at least more than an hour).
The solution is either to use a proxy to bypass this limitation or use the other mode of NeutrOSINT which uses username and password (but you need to have a valid account - you can create one for free).


Notes

  • API limit with light mode: 100 requests per hour.
  • Free protonmail accounts are limited to 100 entries for 'To' field. But the tool handles this. It just takes a bit more time.
  • If the string 'None' appears in the creation date for valid accounts then it means the API limit is probably reached. Since this is not the same API as for the light mode, here we have only 16 requests per hour.
  • For some obscure reasons, sometimes selenium isn't able to get access to the 'New Email' button. In this case it is recommended to run the script again.

How to use?

Installation

You must have Chrome Browser installed on your machine:

wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
sudo apt install ./google-chrome-stable_current_amd64.deb

Tested on Ubuntu 20.04.4 LTS x64 and Kali Linux 2021.1 x64

Prerequisites

pip install -r requirements.txt

You must have a valid Protonmail account to use the selenium mode. But you can also you the light mode (-l) which uses the Protonmail API without the need to create a Protonmail account.

Usage:

Show help message:

python3 main.py -h

Run the light mode using the protonmail API:

python3 main.py -l -e 'EMAIL_TO_VERIFY' 

Run with selenium by specifying username and password.

python3 main.py -u 'USERNAME' -p 'PASSWORD' -f 'FILE_CONTAING_EMAILS.txt' 

How does it work?

The light mode calls the Protonmail API at this endpoint: https://account.proton.me/api/users/available
Depending on the status code, we can determine if an email address already exists or not.

But since May, 2023 it now needs a valid AUTH token to perform requests to the API.
This token is generated in the generate_auth_cookie function.
First, request an API access token to https://account.proton.me/api/auth/v4/sessions
Then, get a valid AUTH cookie through https://account.proton.me/api/core/v4/auth/cookies

The selenium mode uses selenium with the given credentials to connect to protonmail, go to 'New Email', then fills in the 'To' field with all the email addresses to check.


Support

Do you want to support me?

You can buy me a coffee here: Buy Me A Coffee

Thanks in advance to anyone donating ❤️

About

Determine if an email address exists or not on ProtonMail with NeutrOSINT

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages