Introduction
H8Mail is a free OSINT (Open Source Intelligence) tool used to find out if the email is breached or not.
This tool is used while doing a pentest on a company to find information about the company and the employees. If the employee is using an official email for personal use on the insecure or breached website.
Features
- Detecting the email pattern for reading and output from other tools.
- Passing email from pages directly by URLs.
- Simple to install.
- Generate output to CSV or JSON file.
- Find related emails to the target.
- Supports free and premium APIs for better results.
- It supports username, hash, IP addresses, domain names, passwords and more.
- Regroup breach results in table form for all targets and techniques.
- Includes a password-hiding feature for demonstrations
- Colourful
APIs used in H8mail
Other Website Using By H8Mail | Description |
---|---|
HaveIBeenPwned(v3) | List of email breaches. |
HaveIBeenPwned Pastes(v3) | Text file containing all the target URLs. |
Hunter.io – Public | Number of related emails to the target. |
Hunter.io – Service (free tier) | Chasing and related emails in cleartext. |
Snusbase – Service | Hashes and salts, usernames, and IP addresses in cleartext – Quick. |
Leak-Lookup – Public | How many searchable breach results there are? |
Leak-Lookup – Service | Hashes and salts, usernames, IP addresses, and passwords in cleartext. |
Emailrep.io – Service (free) | Social media profiles and breached lastly. |
scylla.so – Service (free) | Hashes and salts, usernames, IP addresses/domain names, and passwords in cleartext. |
Dehashed.com – Service | Hashes and salts, usernames, IP addresses/domain names, and passwords in cleartext. |
IntelX.io – Service (free trial) | Hashes and salts, usernames, IP addresses/domain names, and passwords in cleartext. |
Breachdirectory.org – Service (free) | Hashes and salts, usernames, IP addresses/domain names, and passwords in cleartext. |
How to install H8Mail in Linux?
The installation process is the same in Kali Linux, Parrot Security OS and any other Debian-based distributions.
The steps to install H8Mail are:
- Go to the H8Mail GitHub page.
- Copy the git URL of the tool and enter below command in the terminal.
git clone https://github.com/khast3x/h8mail.git
- Go to the directory and check the files of the directory in the terminal.
- Install the setup.py file.
sudo python3 setup.py install
After the installation of the setup file, now the tool is available globally on the Linux machine. The H8Mail tool is installed successfully!
How to run H8Mail in the terminal?
Running H8Mail is very simple. The default syntax is shown below:
h8mail -t <domain-name>
For demonstration purposes, all the emails shown below are temporary and not real ones.
- Running the tool with single target.
If the user has only one target then just type:
h8mail -t xifaya2563@asoflex.com
- Running the tool with multiple target.
- Running the tool with text file (containing all the targeted emails).
Conclusion
H8Mail is a good tool to know whether an email is compromised or not in the numerous data breaches. OSINT investigators and pen testers used this tool while doing penetration testing in a company. This tool can read emails from a text file and give output to a CSV file.
For more such content, visit the website.