khast3x / h8mail
Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
AI Architecture Analysis
This repository is indexed by RepoMind. By analyzing khast3x/h8mail in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.
Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context on-demand, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.
Embed this Badge
Showcase RepoMind's analysis directly in your repository's README.
Repository Overview (README excerpt)
Crawler view**h8mail** is an email OSINT and breach hunting tool using different breach and reconnaissance services, or local breaches such as Troy Hunt's "Collection1" and the infamous "Breach Compilation" torrent. ---- ---- :book: Table of Content • Table of Content • Features • APIs • Usage • Usage examples • Thanks & Credits • Related open source projects ---- :tangerine: Features • :mag_right: Email pattern matching (reg exp), useful for reading from other tool outputs • :earth_africa: Pass URLs to directly find and target emails in pages • :dizzy: Loosey patterns for local searchs ("john.smith", "evilcorp") • :package: Painless install. Available through , only requires • :white_check_mark: Bulk file-reading for targeting • :memo: Output to CSV file or JSON • :muscle: Compatible with the "Breach Compilation" torrent scripts • :house: Search cleartext and compressed .gz files locally using multiprocessing • :cyclone: Compatible with "Collection#1" • :fire: Get related emails • :dragon_face: Chase related emails by adding them to the ongoing search • :crown: Supports premium lookup services for advanced users • :factory: Custom query premium APIs. Supports username, hash, ip, domain and password and more • :books: Regroup breach results for all targets and methods • :eyes: Includes option to hide passwords for demonstrations • :rainbow: Delicious colors --- :package: ----- APIs | Service | Functions | Status | |-|-|-| | HaveIBeenPwned(v3) | Number of email breaches | :white_check_mark: :key: | | HaveIBeenPwned Pastes(v3) | URLs of text files mentioning targets | :white_check_mark: :key: | | Hunter.io - Public | Number of related emails | :white_check_mark: | | Hunter.io - Service (free tier) | Cleartext related emails, Chasing | :white_check_mark: :key: | | Snusbase - Service | Cleartext passwords, hashs and salts, usernames, IPs - Fast :zap: | :white_check_mark: :key: | | Leak-Lookup - Public | Number of search-able breach results | :white_check_mark: (:key:) | | Leak-Lookup - Service | Cleartext passwords, hashs and salts, usernames, IPs, domain | :white_check_mark: :key: | | Emailrep.io - Service (free) | Last seen in breaches, social media profiles | :white_check_mark: :key: | | scylla.so - Service (free) | Cleartext passwords, hashs and salts, usernames, IPs, domain | :construction: | | Dehashed.com - Service | Cleartext passwords, hashs and salts, usernames, IPs, domain | :white_check_mark: :key: | | IntelX.io - Service (free trial) | Cleartext passwords, hashs and salts, usernames, IPs, domain, Bitcoin Wallets, IBAN | :white_check_mark: :key: | | :new: Breachdirectory.org - Service (free) | Cleartext passwords, hashs and salts, usernames, domain | :construction: :key: | *:key: - API key required* ----- :tangerine: Usage ----- :tangerine: Usage examples Query for a single target Query for list of targets, indicate config file for API keys, output to Query a list of targets against local copy of the Breach Compilation, pass API key for Snusbase from the command line Query without making API calls against local copy of the Breach Compilation Search every .gz file for targets found in targets.txt locally, skip default checks Check a cleartext dump for target. Add the next 10 related emails to targets to check. Read keys from CLI Query username. Read keys from CLI Query IP. Chase all related targets. Read keys from CLI Fetch URL content (CLI + file). Target all found emails ----- :tangerine: Thanks & Credits • Snusbase for being developer friendly • kodykinzie for making a nice introduction and walkthrough article and video on installing and using h8mail • Leak-Lookup for being developer friendly • Dehashed for being developer friendly • h8mail's Pypi integration is strongly based on the work of audreyr's CookieCutter PyPackage • Logo generated using Hatchful by Shopify • Jake Creps for his h8mail v2 introduction • Alejandro Caceres for making scylla.so available. Be sure to support him if you can • IntelX for being developer friendly • Breachdirectory.tk for being developer friendly :purple_heart: **h8mail can be found in:** • BlackArch Linux • Tsurugi DFIR VM • CSI Linux • Trace Labs OSINT VM ----- :tangerine: Related open source projects • WhatBreach by Ekultek • HashBuster by s0md3v • BaseQuery by g666gle • LeakLooker by woj-ciech • buster by sham00n • Scavenger by ndinfosecguy • pwndb by davidtavarez ----- :tangerine: Notes • Service providers that wish being integrated can send me an email at (PGP friendly) • h8mail is maintained on my free time. Feedback and war stories are welcomed. • Licence is BSD 3 clause • My code is signed with my Keybase PGP key. You can get it using: ___ *If you wish to stay updated on this project:*