h8mail: Email OSINT and password breach hunting

h8mail

Email OSINT and password finder.
Use h8mail to find passwords through a different breach and reconnaissance services, or the infamous “Breach Compilation” torrent.

Features

  • 🔎 Email pattern matching (regexp), useful for all those raw HTML files
  • 🐳 Small and fast Alpine Dockerfile available
  • ✅ CLI or Bulk file-reading for targeting
  • 📝 Output to CSV file
  • ➿ Reverse DNS + Open Ports
  • 👮 CloudFlare rate throttling avoidance
    • Execution flow remains synchronous and throttled according to API usage guidelines written by service providers
  • 🔥 Query and group results from different breach service providers
  • 🔥 Query a local copy of the “Breach Compilation”
  • 🔥 Get related emails
  • 🌈 Delicious colors

APIs

ServiceFunctionsStatus
HaveIBeenPwnedNumber of email breaches
ShodanReverse DNS, Open Ports
Hunter.io – PublicNumber of related emails
Hunter.io – Service (free tier)Cleartext related emails
WeLeakInfo – PublicNumber of search-able breach results🛃
WeLeakInfo – ServiceCleartext passwords, hashes and salts🔜
Snusbase – ServiceCleartext passwords, hashes and salts – Fast ⚡️

Install

Local env

apt-get install nodejs
git clone https://github.com/khast3x/h8mail.git
cd h8mail
pip install -r requirements.txt
python h8mail.py -h

 

 

Docker

git clone https://github.com/khast3x/h8mail.git
cd h8mail
docker build -t h8mail .
docker run -ti h8mail -h

 

 

Usage

> python h8mail.py --help
usage: h8mail.py [-h] -t TARGET_EMAILS [-c CONFIG_FILE] [-o OUTPUT_FILE]
                 [-bc BC_PATH] [-v] [-l] [-k CLI_APIKEYS]

Email information and password finding tool

optional arguments:
  -h, --help            show this help message and exit
  -t TARGET_EMAILS, --targets TARGET_EMAILS
                        Either single email, or file (one email per line).
                        REGEXP
  -c CONFIG_FILE, --config CONFIG_FILE
                        Configuration file for API keys
  -o OUTPUT_FILE, --output OUTPUT_FILE
                        File to write output
  -bc BC_PATH, --breachcomp BC_PATH
                        Path to the breachcompilation Torrent.
                        https://ghostbin.com/paste/2cbdn
  -v, --verbose         Show debug information
  -l, --local           Run local actions only
  -k CLI_APIKEYS, --apikey CLI_APIKEYS
                        Pass config options. Format is "K:V,K:V"

 

 

examples

Query for a single target

python h8mail.py -t target@example.com

Query for the list of targets indicate config file for API keys, output to pwned_targets.csv

python h8mail.py -t targets.txt -c config.ini -o pwned_targets.csv

Query a list of targets against a local copy of the Breach Compilation, pass API keys for Snusbase from the command line

python h8mail.py -t targets.txt -bc ../Downloads/BreachCompilation/ -k “snusbase_url:$snusbase_url,snusbase_token:$snusbase_token”

Query without making API calls against a local copy of the Breach Compilation

python h8mail.py -t targets.txt -bc ../Downloads/BreachCompilation/ –local

Demos

🔓 Out of the box

1

🚀 With API services

2

💽 With the BreachedCompilation torrent

3

Author: @kh4st3x

Source: https://github.com/khast3x/

Share