logo
 
  1. IT-Security >
  2. Cyber Security Nachrichten >
  3. H8Mail v2.0 - Email OSINT And Password Breach Hunting


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

H8Mail v2.0 - Email OSINT And Password Breach Hunting

IT Security Nachrichten vom | Direktlink: feedproxy.google.com Nachrichten Bewertung


Powerful and user-friendly password finder.
Use h8mail to find passwords through different breach and reconnaissance services, or using local breaches such as Troy Hunt's "Collection1" or the infamous "Breach Compilation" torrent.

Features
  • Email pattern matching (reg exp), useful for reading from other tool outputs
  • Loosey patterns for local searchs ("john.smith", "evilcorp")
  • Painless install. Available through pip, only requires requests
  • Small and fast Alpine Dockerfile available
  • CLI or Bulk file-reading for targeting
  • Output to CSV file
  • Compatible with the "Breach Compilation" torrent scripts
  • Search .txt and .gz files locally using multiprocessing
    • Compatible with "Collection#1"
  • Get related emails
  • Chase and target related emails in ongoing search
  • Supports premium lookup services for advanced users
  • Regroup breach results for all targets and methods
  • Includes option to hide passwords for demonstrations
  • Delicious colors

pip3 install h8mail

Demo

Out of the box


With API services, local breach search & chasing enabled


APIs
Service Functions Status
HaveIBeenPwned Number of email breaches yes
Hunter.io - Public Number of related emails yes
Hunter.io - Service (free tier) Cleartext related emails yes
WeLeakInfo - Public Number of search-able breach results no
WeLeakInfo - Service Cleartext passwords, hashs and salts no
Snusbase - Service Cleartext passwords, hashs and salts - Fast yes
Leak-Lookup - Public Number of search-able breach results yes
Leak-Lookup - Service Cleartext passwords, hashs and salts yes

Install

Requirements
h8mail 2.0 only requires requests to run.

Stable release (best)
To install h8mail, run this command in your terminal:
$ pip3 install h8mail
And that's basically it.
This is the preferred method to install h8mail, as it will always install the most recent stable release.
Please note:
If you don't have pip installed, this Python installation guide can guide you through the process.
For h8mail specific troubleshooting, check the Troubleshooting section.



The above illustration showcases installing h8mail using --user

From sources
The sources for h8mail can be downloaded from the Github repo.
You can either clone the public repository:
$ git clone git://github.com/khast3x/h8mail
Or download the tarball:
$ curl  -OL https://github.com/khast3x/h8mail/tarball/master
Next, decompress the downloaded archive.
Once you have a copy of the source, you can install it with:
$ cd h8mail/
$ python setup.py install
$ h8mail -h
Or just running it as a module:
$ cd h8mail/
$ python -m h8mail -h

Docker
$ docker run -ti kh4st3x00/h8mail -h

Usage
usage: h8mail [-h] -t TARGET_EMAILS [TARGET_EMAILS ...] [--loose]
[-c CONFIG_FILE [CONFIG_FILE ...]] [-o OUTPUT_FILE]
[-bc BC_PATH] [-sk] [-k CLI_APIKEYS [CLI_APIKEYS ...]]
[-lb LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...]]
[-gz LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...]] [-sf]
[-ch [CHASE_LIMIT]]

Email information and password lookup tool

optional arguments:
-h, --help show this help message and exit
-t TARGET_EMAILS [TARGET_EMAILS ...], --targets TARGET_EMAILS [TARGET_EMAILS ...]
Either string inputs or files. Supports email pattern
matching from input or file, filepath globing and
multiple arguments
--loose Allow loose search by disabling email pattern
recognition. Use spaces as pattern seperators
-c CONFIG_FILE [CONF IG_FILE ...], --config CONFIG_FILE [CONFIG_FILE ...]
Configuration file for API keys. Accepts keys from
Snusbase, (WeLeakInfo, Citadel.pw), hunterio
-o OUTPUT_FILE, --output OUTPUT_FILE
File to write CSV output
-bc BC_PATH, --breachcomp BC_PATH
Path to the breachcompilation torrent folder. Uses the
query.sh script included in the torrent.
https://ghostbin.com/paste/2cbdn
-sk, --skip-defaults Skips HaveIBeenPwned and HunterIO check. Ideal for
local scans
-k CLI_APIKEYS [CLI_APIKEYS ...], --apikey CLI_APIKEYS [CLI_APIKEYS ...]
Pass config options. Supported format: "K=V,K=V"
-lb LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...], --local-bre ach LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...]
Local cleartext breaches to scan for targets. Uses
multiprocesses, one separate process per file, on
separate worker pool by arguments. Supports file or
folder as input, and filepath globing
-gz LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...], --gzip LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...]
Local tar.gz (gzip) compressed breaches to scans for
targets. Uses multiprocesses, one separate process per
file. Supports file or folder as input, and filepath
globing. Looks for 'gz' in filename
-sf, --single-file If breach contains big cleartext or tar.gz files, set
this flag to view the progress bar. Disables
concurrent file searching for stability
-ch [CHASE_LIMIT], --c hase [CHASE_LIMIT]
Add related emails from HunterIO to ongoing target
list. Define number of emails per target to chase.
Requires hunter.io private API key

Usage examples

Query for a single target
$ h8mail -t [email protected]

Query for list of targets, indicate config file for API keys, output to pwned_targets.csv
$ h8mail -t targets.txt -c config.ini -o pwned_targets.csv

Query a list of targets against local copy of the Breach Compilation, pass API keys for Snusbase from the command line
$ h8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -k "snusbase_url=$snusbase_url,snusbase_token=$snusbase_token"

Query without making API calls against local copy of the Breach Compilation
$ h8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -sk

Search every .gz file for targets found in targets.txt locally
$ h8mail -t targets.txt -gz /tmp/Collection1/ -sk

Check a cleartext dump for target. Add the next 10 related emails to targets to check. Read keys from cli
$ h8mail -t [email protected] -lb /tmp/4k_Combo.txt -ch 10 -k "hunterio=ABCDE123"

Configuration file & keys
h8mail can read keys by using a config.ini file with -c, or by passing keys from the command line directly with -k.
The configuration file format is as follows:
[h8mail]
shodan =
hunterio =
snusbase_url =
snusbase_token =
; leak-lookup_pub = 1bf94ff907f68d511de9a610a6ff9263
leak-lookup_priv =
In the above example, you'll notice a Leak-lookup public key, graciously generated for h8mail users. To activate, uncomment the line and make sure to pass to config file. The API can sometimes timeout. If that's the case, simply relaunch.
Keys and their respective values can also be passed from the command line, with the -k option. Format is like so:
$ h8mail -t [email protected] -k "K=V, K=V" "K=V"

Troubleshooting

Python version & Kali
  • The above instructions assume you are running python3 as default. If unsure, type the following in your terminal.
    It should be either Python 3.* or Python 2.* :
$ python --version
  • If you are running python2 as default :
    Make sure you have python3.6+ installed, then replace python commands with explicit python3 commands.
  • If you have not set your venvs, you might get a permission error saying Consider using the --user option or check the permissions.
    Simply add --user like so:
$ pip install --user h8mail

Windows
  • h8mail uses ANSI color escape characters. Windows doesn't know how to show the colors, and will show gibberish instead.
    Fortunately, you can use Cmder, which is an excellent Windows CMD prompt alternative
  • If you're having trouble with python and pip, chances are you need to add python to your PATH. pip will also need to be in your PATH environment variable.
  • If you're still having trouble with pip, you can do the following:
# Check python version, should be 3.6+
C:> python --version
# To have python handle installation of pip
C:> python -m ensurepip
# To launch pip as a module
C:> python -m pip install h8mail
# To launch h8mail as a module
C:> python -m h8mail --help

OSX
  • As described for Windows, you might encounter issues with python if your installation is incomplete, or pip's installation directory is not in your PATH.
  • If thats the case, you can try invoking pip and h8mail with the same command lines as Windows.
  • Make sure the python command refers to Python 3 with python --version, otherwise replace python with python3 in the instructions.
  • Basically try this if installed and not executing, check Windows instructions for further examples:
$ python3 -m h8mail -h

Thanks & Credits

Related open source projects

Notes
  • Service providers that wish being integrated can send me an email at k at khast3x dot club (PGP friendly)
  • h8mail is maintained on my free time. Feedback and war stories are welcomed.
  • My code is signed with my Keybase PGP key. You can get it using:
# curl + gpg pro tip: import ktx's keys
curl https://keybase.io/ktx/pgp_keys.asc | gpg --import

# the Keybase app can push to gpg keychain, too
keybase pgp pull ktx



...

Externe Webseite mit kompletten Inhalt öffnen

Kommentiere zu H8Mail v2.0 - Email OSINT And Password Breach Hunting






➤ Ähnliche Beiträge

  • 1.

    H8Mail v2.0 - Email OSINT And Password Breach Hunting

    vom 1466.26 Punkte ic_school_black_18dp
    Powerful and user-friendly password finder.Use h8mail to find passwords through different breach and reconnaissance services, or using local breaches such as Troy Hunt's "Collection1" or the infamous "Breach Compilation" torrent. Features Email pattern
  • 2.

    H8Mail - Email OSINT And Password Breach Hunting

    vom 733.42 Punkte ic_school_black_18dp
    Email OSINT and password finder.Use h8mail to find passwords through different breach and reconnaissance services, or the infamous "Breach Compilation" torrent.Features Email pattern matching (reg exp), useful for all those raw HTML files Small and fast Alpine Dockerfile available CLI or Bulk file-reading for targetin
  • 3.

    OSINT-SPY - Search using OSINT (Open Source Intelligence)

    vom 467.06 Punkte ic_school_black_18dp
    Performs OSINT scan on email/domain/ip_address/organization using OSINT-SPY. It can be used by Data Miners, Infosec Researchers, Penetration Testers and cyber crime investigator in order to find deep information about their target. OSINT-SPY Documentati
  • 4.

    Buster - Find Emails Of A Person And Return Info Associated With Them

    vom 216.59 Punkte ic_school_black_18dp
    Buster is a simple OSINT tool used to: Get social accounts from various sources(gravatar,about.me,myspace,skype,github,linkedin,avast) Get links to where the email was found using google,twitter,darksearch and paste sites Get domains registered with a
  • 5.

    pwnedOrNot v1.2.6 - OSINT Tool to Find Passwords for Compromised Email Addresses

    vom 213.96 Punkte ic_school_black_18dp
    OSINT Tool to Find Passwords for Compromised Email AccountspwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps.Featured OSINT Collection Tools for Pastebin - Jake Creps Get In Touch Twitter Telegra
  • 6.

    Using ML to Stop Latent Email Attacks That Dodge Early Detection

    vom 178.82 Punkte ic_school_black_18dp
    Editor's Note: This blog post was originally found on the Agari Email Security blog. https://i.redd.it/7c4i38jbupc31.png By Scot Kennedy When implemented effectively, real-world deployments of machine learning (ML)-based email security can block
  • 7.

    How you can share passwords safely with friends and family

    vom 164.87 Punkte ic_school_black_18dp
    http://bit.ly/366dCkG How you can share passwords safely with friends and family we’ve all been informed infinite instances to by no means proportion your passwords. now not even together with your nearest and dearest. this is tremendous recommen
  • 8.

    Fighting Breaches

    vom 143.87 Punkte ic_school_black_18dp
    I'd like to ask the community here for your solutions with fighting breaches. This year alone there have been a great number of breaches resulting in email, passwords, IPs, usernames, and other very private information being leaked. The problem I've fo
  • 9.

    Microsoft Office 365 + Agari Secure Email Cloud: All You Need in a Cloud-First World

    vom 128.69 Punkte ic_school_black_18dp
    Editor's Note: This blog post was originally found on the Agari Email Security blog. https://preview.redd.it/jrsbqks8fiy31.png?width=730&format=png&auto=webp&s=b0bd0531757494b6c9d3be1c23ed7fed9dabc10b By Doug Jones You’ve heard the sta
  • 10.

    TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors

    vom 127.51 Punkte ic_school_black_18dp
    Original release date: March 15, 2018Systems Affected Domain ControllersFile ServersEmail ServersOverview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bu
  • 11.

    Whitelisting Won't Protect You From BEC... Here's Why

    vom 117.16 Punkte ic_school_black_18dp
    Editor's Note: This blog post was originally found on the Agari Email Security blog. https://i.redd.it/y1e9f0fjcen31.png By Armen Najarian The 250% increase in business email compromise (BEC) scams over the past year should concern every organ
  • 12.

    Businesses Grow More Vulnerable to Email Attacks, Even with Improved Defenses

    vom 116.88 Punkte ic_school_black_18dp
    Editor's Note: This post can originally be found on the Agari Email Security blog. ​ https://i.redd.it/lwn4jicgn3b31.png By Patrick Peterson ​ Cybercriminals increasingly use new forms of identity deception to launch an email attack to target y