h8mail is an email OSINT and password breach-hunting tool. It can be used to find email addresses and passwords leaked in breaches. H8mail can search public databases and local files. It can also chase down related email addresses. Some features are finding email addresses in URLs and searching compressed files. Additionally, users can provide API keys to access premium services.
Features
- Email pattern matching (reg exp), useful for reading from other tool outputs
- Pass URLs to directly find and target emails in pages
- Loosey patterns for local searchs (“john.smith”, “evilcorp”)
- Painless install. Available through
pip, only requiresrequests - Bulk file-reading for targeting
- Output to CSV file or JSON
- Compatible with the “Breach Compilation” torrent scripts
- Search cleartext and compressed .gz files locally using multiprocessing
- Compatible with “Collection#1”
- Get related emails
- Chase related emails by adding them to the ongoing search
- Supports premium lookup services for advanced users
- Custom query premium APIs. Supports username, hash, ip, domain and password and more
- Regroup breach results for all targets and methods
- Includes option to hide passwords for demonstrations
- Delicious colors
Installation
📦 pip3 install h8mail
APIs
- HaveIBeenPwned(v3)
Number of email breaches - HaveIBeenPwned Pastes(v3)
URLs of text files mentioning targets - Hunter.io – Public
Number of related emails - Hunter.io – Service (free tier)
Cleartext related emails, Chasing - Snusbase – Service
Cleartext passwords, hashs and salts, usernames, IPs – Fast - Leak-Lookup – Public
Number of search-able breach results - Leak-Lookup – Service
Cleartext passwords, hashs and salts, usernames, IPs, domain - Emailrep.io – Service (free)
Last seen in breaches, social media profiles - scylla.so – Service (free)
Cleartext passwords, hashs and salts, usernames, IPs, domain - Dehashed.com – Service
Cleartext passwords, hashs and salts, usernames, IPs, domain - IntelX.io – Service (free trial)
Cleartext passwords, hashs and salts, usernames, IPs, domain, Bitcoin Wallets, IBAN - Breachdirectory.org – Service (free)
Cleartext passwords, hashs and salts, usernames, domain
Usage
usage: h8mail [-h] [-t USER_TARGETS [USER_TARGETS ...]]
[-u USER_URLS [USER_URLS ...]] [-q USER_QUERY] [--loose]
[-c CONFIG_FILE [CONFIG_FILE ...]] [-o OUTPUT_FILE]
[-j OUTPUT_JSON] [-bc BC_PATH] [-sk]
[-k CLI_APIKEYS [CLI_APIKEYS ...]]
[-lb LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...]]
[-gz LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...]] [-sf]
[-ch [CHASE_LIMIT]] [--power-chase] [--hide] [--debug]
[--gen-config]
Email information and password lookup tool
optional arguments:
-h, --help show this help message and exit
-t USER_TARGETS [USER_TARGETS ...], --targets USER_TARGETS [USER_TARGETS ...]
Either string inputs or files. Supports email pattern
matching from input or file, filepath globing and
multiple arguments
-u USER_URLS [USER_URLS ...], --url USER_URLS [USER_URLS ...]
Either string inputs or files. Supports URL pattern
matching from input or file, filepath globing and
multiple arguments. Parse URLs page for emails.
Requires http:// or https:// in URL.
-q USER_QUERY, --custom-query USER_QUERY
Perform a custom query. Supports username, password,
ip, hash, domain. Performs an implicit "loose" search
when searching locally
--loose Allow loose search by disabling email pattern
recognition. Use spaces as pattern seperators
-c CONFIG_FILE [CONFIG_FILE ...], --config CONFIG_FILE [CONFIG_FILE ...]
Configuration file for API keys. Accepts keys from
Snusbase, WeLeakInfo, Leak-Lookup, HaveIBeenPwned,
Emailrep, Dehashed and hunterio
-o OUTPUT_FILE, --output OUTPUT_FILE
File to write CSV output
-j OUTPUT_JSON, --json OUTPUT_JSON
File to write JSON output
-bc BC_PATH, --breachcomp BC_PATH
Path to the breachcompilation torrent folder. Uses the
query.sh script included in the torrent
-sk, --skip-defaults Skips Scylla and HunterIO check. Ideal for local scans
-k CLI_APIKEYS [CLI_APIKEYS ...], --apikey CLI_APIKEYS [CLI_APIKEYS ...]
Pass config options. Supported format: "K=V,K=V"
-lb LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...], --local-breach LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...]
Local cleartext breaches to scan for targets. Uses
multiprocesses, one separate process per file, on
separate worker pool by arguments. Supports file or
folder as input, and filepath globing
-gz LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...], --gzip LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...]
Local tar.gz (gzip) compressed breaches to scans for
targets. Uses multiprocesses, one separate process per
file. Supports file or folder as input, and filepath
globing. Looks for 'gz' in filename
-sf, --single-file If breach contains big cleartext or tar.gz files, set
this flag to view the progress bar. Disables
concurrent file searching for stability
-ch [CHASE_LIMIT], --chase [CHASE_LIMIT]
Add related emails from hunter.io to ongoing target
list. Define number of emails per target to chase.
Requires hunter.io private API key if used without
power-chase
--power-chase Add related emails from ALL API services to ongoing
target list. Use with --chase
--hide Only shows the first 4 characters of found passwords
to output. Ideal for demonstrations
--debug Print request debug information
--gen-config, -g Generates a configuration file template in the current
working directory & exits. Will overwrite existing
h8mail_config.ini file 