{"id":27086705,"url":"https://github.com/balestek/hashtray","last_synced_at":"2025-04-06T05:36:42.017Z","repository":{"id":236203858,"uuid":"790484995","full_name":"balestek/hashtray","owner":"balestek","description":"hashtray is an OSINT (Open Source Intelligence) tool designed to find a Gravatar account associated with an email address and to locate an email address using a Gravatar account username or hash.","archived":false,"fork":false,"pushed_at":"2024-12-01T15:09:50.000Z","size":1019,"stargazers_count":45,"open_issues_count":0,"forks_count":6,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-15T16:47:13.443Z","etag":null,"topics":["gravatar","hash","information-gathering","investigation","md5","md5-hash","open-source-intelligence","osint","osint-gravatar","osint-python","osint-tool","osint-tools","pip","pipenv","pipx","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/balestek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-04-23T00:55:59.000Z","updated_at":"2025-01-30T19:45:42.000Z","dependencies_parsed_at":"2024-04-26T04:32:22.589Z","dependency_job_id":"42281a98-39fe-4b4a-975c-816f6741f5fa","html_url":"https://github.com/balestek/hashtray","commit_stats":null,"previous_names":["balestek/hashtray"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/balestek%2Fhashtray","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/balestek%2Fhashtray/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/balestek%2Fhashtray/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/balestek%2Fhashtray/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/balestek","download_url":"https://codeload.github.com/balestek/hashtray/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247440955,"owners_count":20939233,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gravatar","hash","information-gathering","investigation","md5","md5-hash","open-source-intelligence","osint","osint-gravatar","osint-python","osint-tool","osint-tools","pip","pipenv","pipx","python"],"created_at":"2025-04-06T05:36:41.537Z","updated_at":"2025-04-06T05:36:41.987Z","avatar_url":"https://github.com/balestek.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# hashtray\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/balestek/hashtray/master/media/hashtray-logo.png\"\u003e\n\u003c/p\u003e\n\n[![PyPI version](https://badge.fury.io/py/hashtray.svg)](https://badge.fury.io/py/hashtray)\n![Python minimum version](https://img.shields.io/badge/Python-3.8%2B-brightgreen)\n[![Downloads](https://pepy.tech/badge/hashtray)](https://pepy.tech/project/hashtray)\n[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)\n[![License](https://img.shields.io/github/license/balestek/medor.svg)](https://github.com/\u003cbalestek\u003e/medor/blob/master/LICENSE)\n\n## Intro\n_hashtray_ is an OSINT (Open Source Intelligence) tool designed to find a Gravatar account associated with an email address and to locate an email address using a Gravatar account username or hash. A Gravatar account can provide substantial information for pivoting purposes.\n\n## Features\n_hashtray_ comes with the following features:\n+ [X] Find a Gravatar account using an email address \n+ [x] Locate the primary email associated with a Gravatar account using a Gravatar username or hash\n+ [x] Display Gravatar account information\n\nIf the profile is public and the information available, the following can be retrieved:\n\n- Hash\n- Profile URL\n- Avatar\n- Activity (Last profile edit)\n- Location\n- Preferred username\n- Pronunciation\n- Display name\n- Given name\n- Family name\n- Pronouns\n- Bio (About)\n- Job title\n- Company\n- Contact information\n- Emails\n- Phone numbers\n- Verified accounts (Instagram, Twitter, Facebook, TikTok,...)\n- Payment information (PayPal, Venmo,...)\n- Wallets (Bitcoin, Ethereum,...)\n- Photos\n- Interests (Links)\n\n## Installation\n\nPython 3.8+ is required.\n\n### pipx (recommended)\n```bash\npipx install hashtray\n```\n\n### pipenv\n```bash\npipenv install hashtray\n```\n\n### pip\n```bash\npip install hashtray\n```\n\n## Usage\n\n### Find Gravatar account with an email\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/balestek/hashtray/master/media/hashtray-email.png\"\u003e\n\u003c/p\u003e\n\nPretty straightforward. The command is `email` .\n\nIt converts the email address into its MD5 hash. _hashtray_ then checks if a public profile associated with the hash exists on Gravatar. If found, it displays the profile information.\n\n```bash\nhashtray email user@domain.com\n```\n\nIn some cases, the email hash may not match the one found on the Gravatar profile, yet a profile is still displayed. This is because Gravatar profiles only show the hash of the primary email address. Consequently, the email address used for the search is not the primary one but is registered as a secondary email. This indicates that there is at least one more email address associated with the Gravatar account to be found.\n\nIn such cases, _hashtray_ alerts you. You can then attempt to find the primary email address using its second command, `account`.\n\n### Find an email from a Gravatar username or hash\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/balestek/hashtray/master/media/hashtray-account.png\"\u003e\n\u003c/p\u003e\n\nTo find an email address associated with a Gravatar username or hash, use the account command.\n\nhashtray creates a list of possible email addresses using data from the Gravatar profile.\n\nBoth the username and hash can be used with the account command. The username is the last part of the Gravatar profile page URL (e.g., https://gravatar.com/username), while the hash is the MD5 hash of the Gravatar account email.\n\nIf you come across a Gravatar avatar, you can find its MD5 hash within the avatar's URL, which follows this pattern: https://1.gravatar.com/avatar/437e4dc6d001f2519bc9e7a6b6412923. This hash represents the account hash.\n\nIt compares each of these email hashes to the account hash to locate the primary Gravatar account email.\n\nAdditionally, it also checks emails in the public profile to see if they are the primary email.\n\n```bash\nhashtray account username # with username\nhashtray account 437e4dc6d001f2519bc9e7a6b6412923 # with the hash\n```\n\n#### Options\n\n##### --domain_list\n\n`--domain_list` or `-l` to choose the domain list to use:\n- `common` : 455 domains (default)\n- `long` : 5334 domains\n- `full` : 118062 domains\n\nThe domains lists need to be refined in the future.\n\n```bash\nhashtray account jondo --domain_list long\nhashtray account 437e4dc6d001f2519bc9e7a6b6412923 -l long\n```\n\n##### --elements\n\n`--elements` or `-e` to manually provide strings for email generation instead of relying on the built-in logic. The more strings you add, the longer the hash generation process will take. Please refer to the notes for more information.\n\n```bash\nhashtray account jondo --elements john doe j d jondo 2001\nhashtray account 437e4dc6d001f2519bc9e7a6b6412923 -e john doe j d jondo 2001\n```\n\n##### --domains\n\n`--domains` or `-d` to use custom email domains instead of the built-in domain lists. This allows you to tailor the search to specific domains relevant to your investigation.\n\n```bash\nhashtray account jondo --custom_domains domain1.com domain2.com\nhashtray account 437e4dc6d001f2519bc9e7a6b6412923 -c domain1.com domain2.com\n```\n\n##### --crazy\n\n`--crazy` or `-c` to go crazy and try EVERY SINGLE combination (with any special character at any place in the combinations). See Notes.\n\n```bash\nhashtray account jondo --custom_domains domain1.com domain2.com\nhashtray account 437e4dc6d001f2519bc9e7a6b6412923 -c domain1.com domain2.com\n```\n\n#### Notes\n\n_hashtray_ retrieves emails in two ways:\n- extracting emails from the profile page, if it's available and public, and verifying if they are the emails linked to the account.\n- generating potential email addresses from the available information and comparing their MD5 hashes to the account hash.\n\nFor the latter, it uses several elements if available:\n- the username chunk of the profile page URL\n- the preferred username\n- the given name and the family name, as well as their initials\n- the display name\n- the verified accounts URL usernames chunks\n\nThe elements list is then deduplicated, and elements that can be combined from already present elements are discarded.\n\nAll possible combinations, including a few special characters (._-) and a domain list, are generated, without any repetitive element and with a unique special character per combination.\n\nThe more elements to combine, the longer the processing time will be. To give you an idea of the scale, here's a table showing the number of combinations for a single domain and 455 domains, based on different numbers of elements, for the normal mode (one unique special character allowed per combination):\n\n| elements    | 1   | 2    | 3     | 4    | 5      | 6    | 7     | 8      | 9    | 10    |\n|-------------|-----|------|-------|------|--------|------|-------|--------|------|-------|\n| 1 domain    | 1   | 10   | 51    | 244  | 1.2k   | 7.8k | 54.7k | 438.3k | 3.9M | 39.5M |\n| 455 domains | 455 | 4.5k | 23.2k | 111k | 584.6k | 3.5M | 24.9M | 199.4M | 1.7B | 17.9B |\n\nHere is the same table for the crazy mode `--crazy`, `-c` (any special characters allowed at any place per combination):\n\n| elements    | 1   | 2    | 3   | 4     | 5     | 6    | 7     | 8    | 9     | 10     |\n|-------------|-----|------|-----|-------|-------|------|-------|------|-------|--------|\n| 1 domain    | 1   | 10   | 123 | 1.97k | 39.4k | 947k | 26.5M | 848M | 30.5B | 1.22T  |\n| 455 domains | 455 | 4.5k | 56k | 897k  | 17.9M | 431M | 12.1B | 386B | 13.9T | 556T   |\n\n### Next steps for future versions\n\n- [ ] Improve the domain lists (better ranking by users) and add a \"small\" one.\n- [ ] Add an intermediate mode between normal and crazy for \"\" and any special character at any place.\n- [ ] Add multi-processing\n\n### Contributions\n\nSuggestions and contributions are welcomed, especially for the \"Next steps\" section tasks.\n\n### Credits\n\nabout the technique:\n\n- [BanPangar Twitter/X](https://twitter.com/BanPangar/status/1357805358153150467)\n- [cyb_detective medium post](https://publication.osintambition.org/4-easy-tricks-for-using-gravatar-in-osint-99c0910d933)\n\nemail domain sources:\n\n- https://github.com/derhuerst/email-providers\n- https://github.com/Kikobeats/free-email-domains\n- https://github.com/mstfknn/email-providers\n\n\\+ some personal additions\n\n## Requirements\n\n```\nhttpx\nunidecode\ntqdm\nrich\n```\n\n## License\nGPLv3\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbalestek%2Fhashtray","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbalestek%2Fhashtray","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbalestek%2Fhashtray/lists"}