h8mail – Password Breach Hunting and Email OSINT Tool

h8mail is a Powerful and user-friendly password hunting tool. You can use this tool to find passwords through different breach and reconnaissance services, or local breaches such as Troy Hunt’s “Collection1” and the infamous “Breach Compilation” torrent.

h8mail - Password Breach Hunting and Email OSINT Tool
h8mail – Password Breach Hunting and Email OSINT Tool

some of the features with this tool are:

  • Email pattern matching (reg exp), useful for reading from other tool outputs
  • Loosey patterns for local searchs (“john.smith”, “evilcorp”)
  • Painless install. Available through pip, only requires requests
  • CLI or Bulk file-reading for targeting
  • Output to CSV file
  • Compatible with the “Breach Compilation” torrent scripts
  • Search cleartext and compressed .gz files locally using multiprocessing
    • Compatible with “Collection#1”
  • Get related emails
  • Chase related emails by adding them to the ongoing search
  • Supports premium lookup services for advanced users
  • Custom query premium APIs. Supports username, hash, ip, domain and password
  • Regroup breach results for all targets and methods
  • Includes option to hide passwords for demonstrations
  • Delicious colors

There are several supported API and services including:

  • HaveIBeenPwned – Number of email breaches
  • HaveIBeenPwned Pastes – URLs of text files mentioning targets
  • Hunter.io – Public – Number of related emails
  • WeLeakInfo – Number of search-able breach results
  • Snusbase – Cleartext passwords, hashs and salts, usernames, IPs – Fast
  • Leak-Lookup – Number of search-able breach results
  • Emailrep.io – Last seen in breaches, social media profiles
  • Scylla.sh – Cleartext passwords, hashs and salts, usernames, IPs, domain

You can read more and download this tool over here: https://github.com/khast3x/h8mail

Share