Email OSINT and password breach hunting. Use h8mail to find passwords through different breach and reconnaissance services, or the infamous Breached Compilation torrent
Branch: master
Clone or download
Latest commit b30f875 Feb 21, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
doc gifs Jun 17, 2018
.gitignore First commit Jun 15, 2018
.travis.yml Integrating Travis Jun 16, 2018
Dockerfile Travis + clean Jun 16, 2018
README.md Update README.md Feb 21, 2019
classes.py Integrated snusbase breach names query + show num result + show names… Jun 16, 2018
config.ini First commit Jun 15, 2018
h8mail.py fixed snusbase stat Jun 17, 2018
requirements.txt First commit Jun 15, 2018

README.md

📭 h8mail

travis

Email OSINT and password finder.
Use h8mail to find passwords through different breach and reconnaissance services, or the infamous "Breach Compilation" torrent.
Early release, feedback and pull requests are welcomed ❤️

🍊 Features

  • 🔎 Email pattern matching (reg exp), useful for all those raw HTML files
  • 🐳 Small and fast Alpine Dockerfile available
  • CLI or Bulk file-reading for targeting
  • 📝 Output to CSV file
  • Reverse DNS + Open Ports
  • 👮 CloudFlare rate throttling avoidance
    • Execution flow remains synchronous and throttled according to API usage guidelines written by service providers
  • 🔥 Query and group results from different breach service providers
  • 🔥 Query a local copy of the "Breach Compilation"
  • 🔥 Get related emails
  • 🌈 Delicious colors

Demos

🔓 Out of the box

1

🚀 With API services

2

💽 With the BreachedCompilation torrent

3

APIs

Service Functions Status
HaveIBeenPwned Number of email breachs 🔴
Shodan Reverse DNS, Open ports
Hunter.io - Public Number of related emails
Hunter.io - Service (free tier) Cleartext related emails
WeLeakInfo - Public Number of search-able breach results 🛃
WeLeakInfo - Service Cleartext passwords, hashs and salts 🔜
Snusbase - Service Cleartext passwords, hashs and salts - Fast ⚡️

🍊 Install

If you're using Docker, make sure to add your targets.txt and your API keys in the configuration file before building

Locally

NodeJS is required to ensure CloudFlare bypassing. You can find out how to install it for your distribution here

These instructions assume you are running Python3 as default. If unsure, please check the troubleshooting section

apt-get install nodejs
git clone https://github.com/khast3x/h8mail.git
cd h8mail
pip install -r requirements.txt
python h8mail.py -h

Docker

git clone https://github.com/khast3x/h8mail.git
cd h8mail
docker build -t h8mail .
docker run -ti h8mail -h

🍊 Usage

> python h8mail.py --help
usage: h8mail.py [-h] -t TARGET_EMAILS [-c CONFIG_FILE] [-o OUTPUT_FILE]
                 [-bc BC_PATH] [-v] [-l] [-k CLI_APIKEYS]

Email information and password finding tool

optional arguments:
  -h, --help            show this help message and exit
  -t TARGET_EMAILS, --targets TARGET_EMAILS
                        Either single email, or file (one email per line).
                        REGEXP
  -c CONFIG_FILE, --config CONFIG_FILE
                        Configuration file for API keys
  -o OUTPUT_FILE, --output OUTPUT_FILE
                        File to write output
  -bc BC_PATH, --breachcomp BC_PATH
                        Path to the breachcompilation Torrent.
                        https://ghostbin.com/paste/2cbdn
  -v, --verbose         Show debug information
  -l, --local           Run local actions only
  -k CLI_APIKEYS, --apikey CLI_APIKEYS
                        Pass config options. Format is "K:V,K:V"

🍊 Usage examples

Query for a single target
python h8mail.py -t target@example.com
Query for list of targets, indicate config file for API keys, output to pwned_targets.csv
python h8mail.py -t targets.txt -c config.ini -o pwned_targets.csv
Query a list of targets against local copy of the Breach Compilation, pass API keys for Snusbase from the command line
python h8mail.py -t targets.txt -bc ../Downloads/BreachCompilation/ -k "snusbase_url:$snusbase_url,snusbase_token:$snusbase_token"
Query without making API calls against local copy of the Breach Compilation
python h8mail.py -t targets.txt -bc ../Downloads/BreachCompilation/ --local

🍊 Troubleshooting

Python version & Kali

The above instructions assume you are running python3 as default. If unsure, type:

python --version

in your terminal. It should be either Python 3.* or Python 2.*.

If you are running python2 as default :
Make sure you have python3 installed, then replace python commands with explicit python3 calls:

apt-get install nodejs
git clone https://github.com/khast3x/h8mail.git
cd h8mail
pip3 install -r requirements.txt
python3 h8mail.py -h

🍊 Notes & Links

  • Service providers that wish being integrated can send me an email at k at khast3x dot club (Protonmail encryption friendly)
  • Special thanks to Snusbase for being developer friendly
  • Special thanks to kodykinzie for making a nice introduction and walktrough article and video on installing and using h8mail