Awesome Open Source
Awesome Open Source

platforms PyPI version PyPI - Python Version Downloads travis
Docker Pulls
h8mail is an email OSINT and breach hunting tool using different breach and reconnaissance services, or local breaches such as Troy Hunt's "Collection1" and the infamous "Breach Compilation" torrent.

📖 Table of Content

🍊 Features

  • 🔎 Email pattern matching (reg exp), useful for reading from other tool outputs
  • 🌍 Pass URLs to directly find and target emails in pages
  • 💫 Loosey patterns for local searchs ("john.smith", "evilcorp")
  • 📦 Painless install. Available through pip, only requires requests
  • ✅ Bulk file-reading for targeting
  • 📝 Output to CSV file or JSON
  • 💪 Compatible with the "Breach Compilation" torrent scripts
  • 🏠 Search cleartext and compressed .gz files locally using multiprocessing
    • 🌀 Compatible with "Collection#1"
  • 🔥 Get related emails
  • 🐲 Chase related emails by adding them to the ongoing search
  • 👑 Supports premium lookup services for advanced users
  • 🏭 Custom query premium APIs. Supports username, hash, ip, domain and password and more
  • 📚 Regroup breach results for all targets and methods
  • 👀 Includes option to hide passwords for demonstrations
  • 🌈 Delicious colors

📦 pip3 install h8mail


Service Functions Status
HaveIBeenPwned(v3) Number of email breaches ✅ 🔑
HaveIBeenPwned Pastes(v3) URLs of text files mentioning targets ✅ 🔑 - Public Number of related emails ✅ - Service (free tier) Cleartext related emails, Chasing ✅ 🔑
Snusbase - Service Cleartext passwords, hashs and salts, usernames, IPs - Fast ⚡️ ✅ 🔑
Leak-Lookup - Public Number of search-able breach results ✅ (🔑)
Leak-Lookup - Service Cleartext passwords, hashs and salts, usernames, IPs, domain ✅ 🔑 - Service (free) Last seen in breaches, social media profiles ✅ 🔑 - Service (free) Cleartext passwords, hashs and salts, usernames, IPs, domain 🚧 - Service Cleartext passwords, hashs and salts, usernames, IPs, domain ✅ 🔑 - Service (free trial) Cleartext passwords, hashs and salts, usernames, IPs, domain, Bitcoin Wallets, IBAN ✅ 🔑
🆕 - Service (free) Cleartext passwords, hashs and salts, usernames, domain ✅ 🔑

🔑 - API key required

🍊 Usage

usage: h8mail [-h] [-t USER_TARGETS [USER_TARGETS ...]]
              [-u USER_URLS [USER_URLS ...]] [-q USER_QUERY] [--loose]
              [-c CONFIG_FILE [CONFIG_FILE ...]] [-o OUTPUT_FILE]
              [-j OUTPUT_JSON] [-bc BC_PATH] [-sk]
              [-k CLI_APIKEYS [CLI_APIKEYS ...]]
              [-lb LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...]]
              [-gz LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...]] [-sf]
              [-ch [CHASE_LIMIT]] [--power-chase] [--hide] [--debug]

Email information and password lookup tool

optional arguments:
  -h, --help            show this help message and exit
                        Either string inputs or files. Supports email pattern
                        matching from input or file, filepath globing and
                        multiple arguments
                        Either string inputs or files. Supports URL pattern
                        matching from input or file, filepath globing and
                        multiple arguments. Parse URLs page for emails.
                        Requires http:// or https:// in URL.
  -q USER_QUERY, --custom-query USER_QUERY
                        Perform a custom query. Supports username, password,
                        ip, hash, domain. Performs an implicit "loose" search
                        when searching locally
  --loose               Allow loose search by disabling email pattern
                        recognition. Use spaces as pattern seperators
                        Configuration file for API keys. Accepts keys from
                        Snusbase, WeLeakInfo, Leak-Lookup, HaveIBeenPwned,
                        Emailrep, Dehashed and hunterio
                        File to write CSV output
                        File to write JSON output
  -bc BC_PATH, --breachcomp BC_PATH
                        Path to the breachcompilation torrent folder. Uses the
               script included in the torrent
  -sk, --skip-defaults  Skips Scylla and HunterIO check. Ideal for local scans
                        Pass config options. Supported format: "K=V,K=V"
                        Local cleartext breaches to scan for targets. Uses
                        multiprocesses, one separate process per file, on
                        separate worker pool by arguments. Supports file or
                        folder as input, and filepath globing
                        Local tar.gz (gzip) compressed breaches to scans for
                        targets. Uses multiprocesses, one separate process per
                        file. Supports file or folder as input, and filepath
                        globing. Looks for 'gz' in filename
  -sf, --single-file    If breach contains big cleartext or tar.gz files, set
                        this flag to view the progress bar. Disables
                        concurrent file searching for stability
  -ch [CHASE_LIMIT], --chase [CHASE_LIMIT]
                        Add related emails from to ongoing target
                        list. Define number of emails per target to chase.
                        Requires private API key if used without
  --power-chase         Add related emails from ALL API services to ongoing
                        target list. Use with --chase
  --hide                Only shows the first 4 characters of found passwords
                        to output. Ideal for demonstrations
  --debug               Print request debug information
  --gen-config, -g      Generates a configuration file template in the current
                        working directory & exits. Will overwrite existing
                        h8mail_config.ini file

🍊 Usage examples

Query for a single target
$ h8mail -t [email protected]
Query for list of targets, indicate config file for API keys, output to pwned_targets.csv
$ h8mail -t targets.txt -c config.ini -o pwned_targets.csv
Query a list of targets against local copy of the Breach Compilation, pass API key for Snusbase from the command line
$ h8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -k "snusbase_token=$snusbase_token"
Query without making API calls against local copy of the Breach Compilation
$ h8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -sk
Search every .gz file for targets found in targets.txt locally, skip default checks
$ h8mail -t targets.txt -gz /tmp/Collection1/ -sk
Check a cleartext dump for target. Add the next 10 related emails to targets to check. Read keys from CLI
$ h8mail -t [email protected] -lb /tmp/4k_Combo.txt -ch 10 -k "hunterio=ABCDE123"
Query username. Read keys from CLI
$ h8mail -t JSmith89 -q username -k "[email protected]" "dehashed_key=ABCDE123"
Query IP. Chase all related targets. Read keys from CLI
$ h8mail -t -q ip -c h8mail_config_priv.ini -ch 2 --power-chase
Fetch URL content (CLI + file). Target all found emails
$ h8mail -u "" "list_of_urls.txt"

🍊 Thanks & Credits

💜 h8mail can be found in:

🍊 Related open source projects

🍊 Notes

  • Service providers that wish being integrated can send me an email at k at khast3x dot club (PGP friendly)
  • h8mail is maintained on my free time. Feedback and war stories are welcomed.
  • Licence is BSD 3 clause
  • My code is signed with my Keybase PGP key. You can get it using:
# curl + gpg pro tip: import ktx's keys
curl | gpg --import

# the Keybase app can push to gpg keychain, too
keybase pgp pull ktx

If you wish to stay updated on this project:

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Python (1,142,969) 
Email (2,591) 
Hacking (2,447) 
Password (1,647) 
Osint (753) 
Recon (305) 
Kali (231) 
Related Projects
Advertising 📦 9
All Projects
Application Programming Interfaces 📦 120
Applications 📦 181
Artificial Intelligence 📦 72
Blockchain 📦 70
Build Tools 📦 111
Cloud Computing 📦 79
Code Quality 📦 28
Collaboration 📦 30
Command Line Interface 📦 48
Community 📦 81
Companies 📦 60
Compilers 📦 60
Computer Science 📦 74
Configuration Management 📦 39
Content Management 📦 167
Control Flow 📦 197
Data Formats 📦 77
Data Processing 📦 266
Data Storage 📦 132
Economics 📦 60
Frameworks 📦 198
Games 📦 122
Graphics 📦 103
Hardware 📦 148
Integrated Development Environments 📦 47
Learning Resources 📦 147
Legal 📦 28
Libraries 📦 119
Lists Of Projects 📦 21
Machine Learning 📦 336
Mapping 📦 61
Marketing 📦 15
Mathematics 📦 55
Media 📦 228
Messaging 📦 97
Networking 📦 304
Operating Systems 📦 84
Operations 📦 120
Package Managers 📦 52
Programming Languages 📦 229
Runtime Environments 📦 96
Science 📦 42
Security 📦 375
Social Media 📦 26
Software Architecture 📦 70
Software Development 📦 68
Software Performance 📦 57
Software Quality 📦 127
Text Editors 📦 45
Text Processing 📦 131
User Interface 📦 310
User Interface Components 📦 465
Version Control 📦 29
Virtualization 📦 68
Web Browsers 📦 38
Web Servers 📦 25
Web User Interface 📦 194