H8mail is an email OSINT and breach hunting tool using different breach and reconnaissance services, or local breaches such as Troy Hunt’s “Collection1” and the infamous “Breach Compilation” torrent.
Install h8mail:
apt install python3-pip
Create the configuration file:
python3 h8mail -g
Input your API-keys in the config and uncomment the line to activate (and SAVE):
mousepad /home/kali/.local/bin/h8mail_config.ini
Search the emailaddresses in dumps with:
python3 ./h8mail -t your@domain.com -c /home/kali/.local/bin/h8mail_config.ini
Save the results to an txt file:
python3 ./h8mail -t your@domain.com -c /home/kali/.local/bin/h8mail_config.ini -o results.txt
Other examples:
Query for a single targeth8mail -t target@example.com
Query for list of targets, indicate config file for API keys, output to pwned_targets.csvh8mail -t targets.txt -c config.ini -o pwned_targets.csv
Query a list of targets against local copy of the Breach Compilation, pass API key for Snusbase from the command lineh8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -k "snusbase_token=$snusbase_token"
Query without making API calls against local copy of the Breach Compilationh8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -sk
Search every .gz file for targets found in targets.txt locally, skip default checksh8mail -t targets.txt -gz /tmp/Collection1/ -sk
Check a cleartext dump for target. Add the next 10 related emails to targets to check. Read keys from CLIh8mail -t admin@evilcorp.com -lb /tmp/4k_Combo.txt -ch 10 -k "hunterio=ABCDE123"
Query username. Read keys from CLIh8mail -t JSmith89 -q username -k "dehashed_email=user@email.com" "dehashed_key=ABCDE123"
Query IP. Chase all related targets. Read keys from CLIh8mail -t x.x.x.x -q ip -c h8mail_config_priv.ini -ch 2 --power-chase
Fetch URL content (CLI + file). Target all found emailsh8mail -u "https://pastebin.com/raw/kQ6WNKqY" "list_of_urls.txt"
