{"id":13510782,"url":"https://github.com/khast3x/h8mail","last_synced_at":"2025-05-13T20:21:32.368Z","repository":{"id":37493165,"uuid":"137433290","full_name":"khast3x/h8mail","owner":"khast3x","description":"Email OSINT \u0026 Password breach hunting tool, locally or using premium services. Supports chasing down related email","archived":false,"fork":false,"pushed_at":"2023-08-15T10:50:34.000Z","size":3572,"stargazers_count":4388,"open_issues_count":29,"forks_count":534,"subscribers_count":124,"default_branch":"master","last_synced_at":"2025-04-02T02:06:05.953Z","etag":null,"topics":["breach","breach-compilation","email","hacking","haveibeenpwned","hibp","kali","leak","osint","password","recon","theharvester"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/khast3x.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-06-15T02:47:00.000Z","updated_at":"2025-04-02T00:53:10.000Z","dependencies_parsed_at":"2024-06-18T16:32:39.273Z","dependency_job_id":"172ba94a-ee89-4504-878a-f36679c8aa84","html_url":"https://github.com/khast3x/h8mail","commit_stats":{"total_commits":319,"total_committers":10,"mean_commits":31.9,"dds":0.5768025078369906,"last_synced_commit":"ee31c8ff6d148580047ae5048fea2234decb5932"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/khast3x%2Fh8mail","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/khast3x%2Fh8mail/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/khast3x%2Fh8mail/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/khast3x%2Fh8mail/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/khast3x","download_url":"https://codeload.github.com/khast3x/h8mail/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247968274,"owners_count":21025821,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["breach","breach-compilation","email","hacking","haveibeenpwned","hibp","kali","leak","osint","password","recon","theharvester"],"created_at":"2024-08-01T02:01:53.833Z","updated_at":"2025-04-09T03:06:40.711Z","avatar_url":"https://github.com/khast3x.png","language":"Python","funding_links":["https://www.buymeacoffee.com/Eiw47ImnT"],"categories":["Tools","1. [↑](#-content) OSINT","Security","\u003ca id=\"a76463feb91d09b3d024fae798b92be6\"\u003e\u003c/a\u003e侦察\u0026\u0026信息收集\u0026\u0026子域名发现与枚举\u0026\u0026OSINT","Python","Python (1887)","扫描器_资产收集_子域名","[↑](#-table-of-contents) E-mail Search / E-mail Check","[↑](#-Table-of-Contents) E-mail Search / E-mail Check","[](#table-of-contents) Table of contents","[↑](#contents) E-mail Search / E-mail Check","hacking","osint","\u003ca id=\"170048b7d8668c50681c0ab1e92c679a\"\u003e\u003c/a\u003e工具","[↑](#-table-of-contents) Email addresses","[↑](#-table-of-contents) Email Search / Email Check","Pentesting","📦 Legacy \u0026 Inactive Projects","Table of Contents"],"sub_categories":["OSINT","Packages","\u003ca id=\"05ab1b75266fddafc7195f5b395e4d99\"\u003e\u003c/a\u003e未分类-OSINT","资源传输下载","[↑](#-table-of-contents) Telegram","[↑](#-Table-of-Contents) Telegram","[](#warc)Tools for working with WARC (WebARChive) files","[↑](#contents) LinkedIn","[↑](#contents) Telegram","[↑](#-table-of-contents) GitHub","OSINT - Open Source INTelligence","🕵️ OSINT"],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003ca href=\"https://github.com/khast3x/h8mail/releases/\"\u003e\u003cimg src=\"https://i.postimg.cc/LXR6Jq8Y/logo-transparent.png\" width=\"420\" title=\"h8maillogo\"\u003e\u003c/a\u003e\n\u003c/h1\u003e\n\n[![platforms](https://img.shields.io/badge/platforms-Windows%20%7C%20Linux%20%7C%20OSX-success.svg)](https://pypi.org/project/h8mail/) [![PyPI version](https://badge.fury.io/py/h8mail.svg)](https://badge.fury.io/py/h8mail)\n[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/h8mail.svg)](https://pypi.org/project/h8mail/) [![Downloads](https://pepy.tech/badge/h8mail)](https://pepy.tech/project/h8mail)    [![travis](https://img.shields.io/travis/khast3x/h8mail.svg)](https://travis-ci.org/khast3x/h8mail)   \n[![Docker Pulls](https://img.shields.io/docker/pulls/kh4st3x00/h8mail.svg)](https://hub.docker.com/r/kh4st3x00/h8mail)    \n**h8mail** is an email OSINT and breach hunting tool using [different breach and reconnaissance services](#apis), or local breaches such as Troy Hunt's \"Collection1\" and the infamous \"Breach Compilation\" torrent.  \n\n----\n\n\n\u003ch1 align=\"center\"\u003e\n  \u003ca href=\"https://github.com/khast3x/h8mail/wiki?ref=readmebutton\"\u003e\u003cimg src=\"https://i.postimg.cc/htg6xGmm/button.png\" width=\"420\" title=\"To the Wiki!\"\u003e\u003c/a\u003e\n\u003c/h1\u003e\n\n\n\n----\n\n\n## :book: Table of Content\n\n- [Table of Content](#book-Table-of-Content)\n- [Features](#tangerine-Features)\n    - [APIs](#APIs)\n- [Usage](#tangerine-Usage)\n- [Usage examples](#tangerine-Usage-examples)\n- [Thanks \u0026 Credits](#tangerine-Thanks--Credits)\n- [Related open source projects](#tangerine-Related-open-source-projects)\n\n\n----\n\n\n##  :tangerine: Features\n\n* :mag_right: Email pattern matching (reg exp), useful for reading from other tool outputs\n* :earth_africa: Pass URLs to directly find and target emails in pages\n* :dizzy: Loosey patterns for local searchs (\"john.smith\", \"evilcorp\")\n* :package: Painless install. Available through `pip`, only requires `requests`\n* :white_check_mark: Bulk file-reading for targeting\n* :memo: Output to CSV file or JSON\n* :muscle: Compatible with the \"Breach Compilation\" torrent scripts\n* :house: Search cleartext and compressed .gz files locally using multiprocessing\n  * :cyclone: Compatible with \"Collection#1\"\n* :fire: Get related emails\n* :dragon_face: Chase related emails by adding them to the ongoing search\n* :crown: Supports premium lookup services for advanced users\n* :factory: Custom query premium APIs. Supports username, hash, ip, domain and password and more\n* :books: Regroup breach results for all targets and methods\n* :eyes: Includes option to hide passwords for demonstrations\n* :rainbow: Delicious colors\n\n---\n\n### :package: `pip3 install h8mail`\n\n-----\n\n\n####  APIs\n| Service | Functions | Status |\n|-|-|-|\n| [HaveIBeenPwned(v3)](https://haveibeenpwned.com/) | Number of email breaches | :white_check_mark: :key: |\n| [HaveIBeenPwned Pastes(v3)](https://haveibeenpwned.com/Pastes) | URLs of text files mentioning targets | :white_check_mark: :key: |\n| [Hunter.io](https://hunter.io/) - Public | Number of related emails | :white_check_mark: |\n| [Hunter.io](https://hunter.io/) - Service (free tier) | Cleartext related emails, Chasing | :white_check_mark: :key: |\n| [Snusbase](https://api.snusbase.com/admin/purchase) - Service | Cleartext passwords, hashs and salts, usernames, IPs - Fast :zap: | :white_check_mark: :key: |\n| [Leak-Lookup](https://leak-lookup.com/) - Public | Number of search-able breach results | :white_check_mark: (:key:) |\n| [Leak-Lookup](https://leak-lookup.com/) - Service | Cleartext passwords, hashs and salts, usernames, IPs, domain | :white_check_mark: :key: |\n| [Emailrep.io](https://emailrep.io/) - Service (free) | Last seen in breaches, social media profiles | :white_check_mark: :key: |\n| [scylla.so](https://scylla.so/) - Service (free) | Cleartext passwords, hashs and salts, usernames, IPs, domain | :construction: |\n| [Dehashed.com](https://dehashed.com/) - Service | Cleartext passwords, hashs and salts, usernames, IPs, domain | :white_check_mark: :key: |\n| [IntelX.io](https://intelx.io/signup) - Service (free trial) | Cleartext passwords, hashs and salts, usernames, IPs, domain, Bitcoin Wallets, IBAN | :white_check_mark: :key: |\n| :new: [Breachdirectory.org](https://breachdirectory.org) - Service (free) | Cleartext passwords, hashs and salts, usernames, domain | :construction: :key: |\n\n*:key: - API key required*  \n\n\n\n\n-----\n\n##  :tangerine: Usage\n\n```bash\nusage: h8mail [-h] [-t USER_TARGETS [USER_TARGETS ...]]\n              [-u USER_URLS [USER_URLS ...]] [-q USER_QUERY] [--loose]\n              [-c CONFIG_FILE [CONFIG_FILE ...]] [-o OUTPUT_FILE]\n              [-j OUTPUT_JSON] [-bc BC_PATH] [-sk]\n              [-k CLI_APIKEYS [CLI_APIKEYS ...]]\n              [-lb LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...]]\n              [-gz LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...]] [-sf]\n              [-ch [CHASE_LIMIT]] [--power-chase] [--hide] [--debug]\n              [--gen-config]\n\nEmail information and password lookup tool\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -t USER_TARGETS [USER_TARGETS ...], --targets USER_TARGETS [USER_TARGETS ...]\n                        Either string inputs or files. Supports email pattern\n                        matching from input or file, filepath globing and\n                        multiple arguments\n  -u USER_URLS [USER_URLS ...], --url USER_URLS [USER_URLS ...]\n                        Either string inputs or files. Supports URL pattern\n                        matching from input or file, filepath globing and\n                        multiple arguments. Parse URLs page for emails.\n                        Requires http:// or https:// in URL.\n  -q USER_QUERY, --custom-query USER_QUERY\n                        Perform a custom query. Supports username, password,\n                        ip, hash, domain. Performs an implicit \"loose\" search\n                        when searching locally\n  --loose               Allow loose search by disabling email pattern\n                        recognition. Use spaces as pattern seperators\n  -c CONFIG_FILE [CONFIG_FILE ...], --config CONFIG_FILE [CONFIG_FILE ...]\n                        Configuration file for API keys. Accepts keys from\n                        Snusbase, WeLeakInfo, Leak-Lookup, HaveIBeenPwned,\n                        Emailrep, Dehashed and hunterio\n  -o OUTPUT_FILE, --output OUTPUT_FILE\n                        File to write CSV output\n  -j OUTPUT_JSON, --json OUTPUT_JSON\n                        File to write JSON output\n  -bc BC_PATH, --breachcomp BC_PATH\n                        Path to the breachcompilation torrent folder. Uses the\n                        query.sh script included in the torrent\n  -sk, --skip-defaults  Skips Scylla and HunterIO check. Ideal for local scans\n  -k CLI_APIKEYS [CLI_APIKEYS ...], --apikey CLI_APIKEYS [CLI_APIKEYS ...]\n                        Pass config options. Supported format: \"K=V,K=V\"\n  -lb LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...], --local-breach LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...]\n                        Local cleartext breaches to scan for targets. Uses\n                        multiprocesses, one separate process per file, on\n                        separate worker pool by arguments. Supports file or\n                        folder as input, and filepath globing\n  -gz LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...], --gzip LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...]\n                        Local tar.gz (gzip) compressed breaches to scans for\n                        targets. Uses multiprocesses, one separate process per\n                        file. Supports file or folder as input, and filepath\n                        globing. Looks for 'gz' in filename\n  -sf, --single-file    If breach contains big cleartext or tar.gz files, set\n                        this flag to view the progress bar. Disables\n                        concurrent file searching for stability\n  -ch [CHASE_LIMIT], --chase [CHASE_LIMIT]\n                        Add related emails from hunter.io to ongoing target\n                        list. Define number of emails per target to chase.\n                        Requires hunter.io private API key if used without\n                        power-chase\n  --power-chase         Add related emails from ALL API services to ongoing\n                        target list. Use with --chase\n  --hide                Only shows the first 4 characters of found passwords\n                        to output. Ideal for demonstrations\n  --debug               Print request debug information\n  --gen-config, -g      Generates a configuration file template in the current\n                        working directory \u0026 exits. Will overwrite existing\n                        h8mail_config.ini file\n\n```\n\n-----\n\n## :tangerine: Usage examples\n\n###### Query for a single target\n\n```bash\n$ h8mail -t target@example.com\n```\n\n###### Query for list of targets, indicate config file for API keys, output to `pwned_targets.csv`\n```bash\n$ h8mail -t targets.txt -c config.ini -o pwned_targets.csv\n```\n\n###### Query a list of targets against local copy of the Breach Compilation, pass API key for [Snusbase](https://snusbase.com/) from the command line\n```bash\n$ h8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -k \"snusbase_token=$snusbase_token\"\n```\n\n###### Query without making API calls against local copy of the Breach Compilation\n```bash\n$ h8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -sk\n```\n\n###### Search every .gz file for targets found in targets.txt locally, skip default checks\n\n```bash\n$ h8mail -t targets.txt -gz /tmp/Collection1/ -sk\n```\n\n###### Check a cleartext dump for target. Add the next 10 related emails to targets to check. Read keys from CLI\n\n```bash\n$ h8mail -t admin@evilcorp.com -lb /tmp/4k_Combo.txt -ch 10 -k \"hunterio=ABCDE123\"\n```\n###### Query username. Read keys from CLI\n\n```bash\n$ h8mail -t JSmith89 -q username -k \"dehashed_email=user@email.com\" \"dehashed_key=ABCDE123\"\n```\n\n###### Query IP. Chase all related targets. Read keys from CLI\n\n\n```bash\n$ h8mail -t 42.202.0.42 -q ip -c h8mail_config_priv.ini -ch 2 --power-chase\n```\n\n###### Fetch URL content (CLI + file). Target all found emails\n\n\n```bash\n$ h8mail -u \"https://pastebin.com/raw/kQ6WNKqY\" \"list_of_urls.txt\"\n```\n\n\n-----\n\n## :tangerine: Thanks \u0026 Credits\n\n* [Snusbase](https://snusbase.com/) for being developer friendly\n* [kodykinzie](https://twitter.com/kodykinzie) for making a nice [introduction and walkthrough article](https://null-byte.wonderhowto.com/how-to/exploit-recycled-credentials-with-h8mail-break-into-user-accounts-0188600/) and [video](https://www.youtube.com/watch?v=z8G_vBBHtfA) on installing and using h8mail\n* [Leak-Lookup](https://leak-lookup.com/) for being developer friendly\n* [Dehashed](https://dehashed.com/) for being developer friendly  \n* h8mail's Pypi integration is strongly based on the work of audreyr's [CookieCutter PyPackage](https://github.com/audreyr/cookiecutter-pypackage)\n* Logo generated using Hatchful by Shopify\n* [Jake Creps](https://twitter.com/jakecreps) for his [h8mail v2 introduction](https://jakecreps.com/2019/06/21/h8mail/)  \n* [Alejandro Caceres](https://twitter.com/_hyp3ri0n) for making scylla.so available. Be sure to [support](https://www.buymeacoffee.com/Eiw47ImnT) him if you can\n* [IntelX](https://intelx.io) for being developer friendly\n* [Breachdirectory.tk](https://breachdirectory.tk) for being developer friendly\n\n:purple_heart: **h8mail can be found in:**\n* [BlackArch Linux](https://blackarch.org/recon.html)\n* [Tsurugi DFIR VM](https://tsurugi-linux.org/)\n* [CSI Linux](https://csilinux.com)  \n* [Trace Labs OSINT VM](https://www.tracelabs.org/trace-labs-osint-vm/)\n\n\n-----\n\n## :tangerine: Related open source projects\n* [WhatBreach](https://github.com/Ekultek/WhatBreach) by Ekultek\n* [HashBuster](https://github.com/s0md3v/Hash-Buster) by s0md3v\n* [BaseQuery](https://github.com/g666gle/BaseQuery) by g666gle\n* [LeakLooker](https://github.com/woj-ciech/LeakLooker) by woj-ciech\n* [buster](https://github.com/sham00n/buster) by sham00n\n* [Scavenger](https://github.com/rndinfosecguy/Scavenger) by ndinfosecguy\n* [pwndb](https://github.com/davidtavarez/pwndb) by davidtavarez\n\n\n-----\n\n## :tangerine: Notes\n\n* Service providers that wish being integrated can send me an email at `k at khast3x dot club` (PGP friendly)\n* h8mail is maintained on my free time. Feedback and war stories are welcomed.\n* Licence is BSD 3 clause\n* My code is [signed](https://help.github.com/en/articles/signing-commits) with my [Keybase](https://keybase.io/ktx) PGP key. You can get it using:  \n```bash\n# curl + gpg pro tip: import ktx's keys\ncurl https://keybase.io/ktx/pgp_keys.asc | gpg --import\n\n# the Keybase app can push to gpg keychain, too\nkeybase pgp pull ktx\n```\n___\n\n*If you wish to stay updated on this project:*\n\n\n\u003ch1 align=\"center\"\u003e\n  \u003ca href=\"https://twitter.com/kh4st3x\"\u003e\u003cimg src=\"https://i.imgur.com/S79Nimd.png\" width=\"420\" title=\"Twitter\"\u003e\u003c/a\u003e\n\u003c/h1\u003e\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkhast3x%2Fh8mail","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkhast3x%2Fh8mail","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkhast3x%2Fh8mail/lists"}