{"id":15116087,"url":"https://github.com/mlcsec/huntsman","last_synced_at":"2026-04-01T17:17:40.018Z","repository":{"id":251048801,"uuid":"836244632","full_name":"mlcsec/huntsman","owner":"mlcsec","description":"Email enumerator, username generator, and context validator for hunter.io, snov.io, and skrapp.io","archived":false,"fork":false,"pushed_at":"2024-08-05T14:55:13.000Z","size":712,"stargazers_count":83,"open_issues_count":0,"forks_count":5,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-28T01:30:16.834Z","etag":null,"topics":["bugbounty-tools","email-scraper","hunter-io","redteaming-tools","skrapp-io","snov-io","username-generator"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mlcsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-31T12:50:58.000Z","updated_at":"2026-03-01T13:39:37.000Z","dependencies_parsed_at":"2024-08-05T17:01:41.614Z","dependency_job_id":null,"html_url":"https://github.com/mlcsec/huntsman","commit_stats":null,"previous_names":["mlcsec/huntsman"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mlcsec/huntsman","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mlcsec%2Fhuntsman","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mlcsec%2Fhuntsman/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mlcsec%2Fhuntsman/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mlcsec%2Fhuntsman/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mlcsec","download_url":"https://codeload.github.com/mlcsec/huntsman/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mlcsec%2Fhuntsman/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31290537,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty-tools","email-scraper","hunter-io","redteaming-tools","skrapp-io","snov-io","username-generator"],"created_at":"2024-09-26T01:44:09.138Z","updated_at":"2026-04-01T17:17:40.001Z","avatar_url":"https://github.com/mlcsec.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# huntsman\n\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"./.github/huntsman.png\" /\u003e\n\u003c/p\u003e\n\nEmail enumerator, username generator, and context validator providing detailed coverage of the hunter.io, snov.io, and skrapp.io APIs with several enhancements to streamline processing for engagements.\n\n## Features\n\n- [x] Confirms email and first/last name context within source URIs to create realistic pretexts for phishing or SE \n- [x] Identifies social media accounts associated with target email addresses\n- [x] Generates usernames based on common first and last name combinations for targetting corporate logins, brute forcing web apps, password reset user enum, etc. \n- [x] Automatically validates emails with Entra ID (Azure AD) using python implementation of AADInternal's Invoke-UserEnumerationAsOutsider\n- [x] Confirms validity of source URIs and the presence of emails or user related information\n- [x] Detailed hunter.io and snov.io API coverage\n - [x] Limited skrapp.io coverage\n- [x] Asynchronously resolves source URIs\n\n\n## Demo\n\n[huntsman.webm](https://github.com/user-attachments/assets/c8293d01-4e4f-4c57-8c59-72c972bc3a70)\n\n\n## Installation\n\nInstall from PyPI with pip:\n```\npip install huntsman\n```\nOR git clone and install:\n```\ngit clone https://github.com/mlcsec/huntsman.git\ncd huntsman\npip install .\nhuntsman -h\n```\nYou can upgrade with:\n```\npip install --upgrade huntsman\n```\n\n## Setup\n\nRun `huntsman setup` and enter the required API key(s) when prompted or manually update `.huntsman.conf`\n\n## Usage\n\n```\nusage: huntsman.py [-h] ...\n\npositional arguments:\n\n setup API key(s) setup for huntsman\n hunterio hunter.io commands\n snovio snov.io commands\n skrappio skrapp.io commands\n\noptions:\n -h, --help show this help message and exit\n```\nTo view available commands for each of the services:\n```\nhuntsman hunterio -h\n```\nTo view available options for each subcommand:\n```\nhuntsman hunterio domain-search -h\n```\n\n## Options\n\nThe optional arguments include all flags and parameters available from the API documentation. The 'company' option has been removed from hunter.io commands as the documentation states that specifying the domain returns better results.\n\n\u003e _\"Note that you'll get better results by supplying the domain name as we won't have to find it. If you send a request with both the domain and the company name, we'll use the domain name. It doesn't need to be in lowercase.\"_\n\nThe following options are the main features of huntsman for gathering actionable data for engagements.\n\n### --uri-confirm\n\nConfirm positive HTTP responses for hunter.io source URIs and the presence of emails and user information. Does NOT provide any context (see `--uri-context`):\n\n![](https://github.com/mlcsec/huntsman/blob/main/.github/confirm-email-uris.png)\n\n### --uri-context\n\nConfirm positive HTTP responses, presence of email address, first name, last name, and the surrounding context for the user information identified in hunter.io source URIs. This aids in confirming the validity of the account information as I have encountered false positives in the past. \n\nThe primary purpose of this functionality is identifying the context the email or user information was used in to create realistic pretexts for phishing or SE. The example below demonstrates this as the `lisa@stripe.com` email should be used for emailing CVs. This provides us with a 'pre-configured' pretext for the user as opposed to blindly creating one based on a list of emails for the target company. \n\n![](https://github.com/mlcsec/huntsman/blob/main/.github/context-cv-email-pretext.png)\n\nAnother example identified a personal GitHub account associated with the email through source URI context validation:\n\n![](https://github.com/mlcsec/huntsman/blob/main/.github/context-github-found.png)\n\nPersonal user accounts and usernames for external services such as betalist, hackernews, and nomadlist were discovered in this example:\n\n![](https://github.com/mlcsec/huntsman/blob/main/.github/uri-context-edwin.png)\n\n### --socials\n\nIdentify social media accounts associated with supplied user emails (LinkedIn/Twitter primarily):\n\n![](https://github.com/mlcsec/huntsman/blob/main/.github/socials.png)\n\n### --usergen\n\nGenerate common usernames from gathered first and last name combinations using the formats specified below. Automates the generation of username lists for targeting corporate logins, brute forcing company web apps, password reset user enumeration, etc. \n\n```python\n{first}.{last}\n{first}_{last}\n{first}{last}\n{first}{last_initial}\n{first}_{last_initial}\n{first}.{last_initial}\n{first_initial}.{last}\n{first_initial}_{last}\n{first_initial}{last}\n{first_three}{last_three}\n{last}.{first}\n{last}_{first}\n{last}{first}\n{last}{first_initial}\n{last}_{first_initial}\n{last}.{first_initial}\n{last_initial}.{first}\n{last_initial}_{first}\n{last_initial}{first}\n{last_three}{first_three}\n```\n\n![](https://github.com/mlcsec/huntsman/blob/main/.github/username-gen.png)\n\n\n### --entraid\n\nAutomatically confirm gathered emails against Entra ID (Azure AD) using AADInternal's user enumeration as outsider port from [Graphpython](https://github.com/mlcsec/Graphpython/wiki/Demos#invoke-userenumerationasoutsider):\n\n![](https://github.com/mlcsec/huntsman/blob/main/.github/entraid.png)\n\n## Commands\n\n### hunter.io\n```\nhuntsman hunterio [COMMAND] [OPTIONS] [-h] \n\n domain-search Perform a domain name search\n email-finder Find email addresses for domain\n email-verifier Verify email addresses\n email-count Get email count for a domain\n account-info Get information about your hunter.io account\n```\n### snov.io\n```\nhuntsman snovio [COMMAND] [OPTIONS] [-h] \n\n domain-search Perform a domain name search\n get-profile Get profile information for email addresses\n email-verifier Verify email addresses\n email-count Get email count for a domain\n get-balance Get your snov.io credit balance\n```\n### skrapp.io\n```\nhuntsman skrappio [COMMAND] [OPTIONS] [-h] \n\n company-search Dump and explore the employment details of company members\n account-data Get information about your skrapp.io account\n```\n\n## References\n\n- [hunter.io API documentation](https://hunter.io/api-documentation/v2)\n- [snov.io API documentation](https://snov.io/api)\n- [skrapp.io API documentation](https://skrapp.io/api)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmlcsec%2Fhuntsman","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmlcsec%2Fhuntsman","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmlcsec%2Fhuntsman/lists"}