### Install h8mail from source Source: https://github.com/khast3x/h8mail/wiki/Install Install h8mail after cloning or downloading the source code. Navigate to the directory and run the setup script. ```bash cd h8mail/ python3 setup.py install ``` -------------------------------- ### h8mail Configuration File Example Source: https://github.com/khast3x/h8mail/wiki/Using-APIs Example of the h8mail configuration file format. Uncomment lines and add your API keys to activate services. Some keys may require both public and private values. ```ini [h8mail] ; h8mail will automatically detect present keys & launch services accordingly ; Uncomment to activate ;hunterio = ;snusbase_token = ;;weleakinfo_priv = ;;weleakinfo_pub = ;hibp = ;leak-lookup_pub = 1bf94ff907f68d511de9a610a6ff9263 ;leak-lookup_priv = ;emailrep = ;dehashed_email = ;dehashed_key = ;intelx_key = ;intelx_maxfile = 10 ;breachdirectory_user = ;breachdirectory_pass = ``` -------------------------------- ### Execute complete workflow Source: https://context7.com/khast3x/h8mail/llms.txt A multi-step example demonstrating configuration, reconnaissance, and local data searching. ```bash # Step 1: Generate config and add API keys h8mail -g # Edit h8mail_config.ini with your API keys # Step 2: Initial reconnaissance h8mail -t target@company.com -c h8mail_config.ini -o initial_scan.csv # Step 3: Domain-wide search with chasing h8mail -t company.com -q domain -c h8mail_config.ini --chase 3 --power-chase -o domain_results.csv # Step 4: Search local breach data h8mail -t targets.txt -lb /data/breaches/ -gz /data/Collection1/ -sk -o local_results.csv # Step 5: Combined search with all sources h8mail -t targets.txt \ -c h8mail_config.ini \ -lb /data/local_breaches/ \ -bc /data/BreachCompilation/ \ --chase 2 \ --power-chase \ -o comprehensive_results.csv \ -j comprehensive_results.json ``` -------------------------------- ### h8mail Demonstration Output Example Source: https://github.com/khast3x/h8mail/wiki/Demonstrations Example output from an h8mail demonstration run, showing leaked credentials, social media presence, and last seen dates for a target email. Passwords are partially hidden due to the `--hide` flag. ```shell [>] Showing results for jane.smith@fcorp.com EMAILREP_LEAKS | jane.smith@fcorp.com > 46 leaked credentials EMAILREP_SOCIAL| jane.smith@fcorp.com > Pinterest EMAILREP_SOCIAL| jane.smith@fcorp.com > Foursquare EMAILREP_SOCIAL| jane.smith@fcorp.com > Twitter EMAILREP_SOCIAL| jane.smith@fcorp.com > Spotify EMAILREP_LASTSN| jane.smith@fcorp.com > 10/16/2019 SCYLLA_SOURCE | jane.smith@fcorp.com > exploit.in SCYLLA_PASSWORD| jane.smith@fcorp.com > weki******** SCYLLA_SOURCE | jane.smith@fcorp.com > exploit.in SCYLLA_PASSWORD| jane.smith@fcorp.com > jane******** SCYLLA_SOURCE | jane.smith@fcorp.com > exploit.in SCYLLA_PASSWORD| jane.smith@fcorp.com > smit******** ``` ```shell [>] Showing results for john.smith@fcorp.com EMAILREP_LEAKS | john.smith@fcorp.com > 103 leaked credentials EMAILREP_SOCIAL| john.smith@fcorp.com > Vimeo EMAILREP_SOCIAL| john.smith@fcorp.com > Pinterest EMAILREP_SOCIAL| john.smith@fcorp.com > Aboutme EMAILREP_SOCIAL| john.smith@fcorp.com > Foursquare EMAILREP_SOCIAL| john.smith@fcorp.com > Spotify EMAILREP_SOCIAL| john.smith@fcorp.com > Lastfm EMAILREP_SOCIAL| john.smith@fcorp.com > Twitter EMAILREP_LASTSN| john.smith@fcorp.com > 10/16/2019 SCYLLA_SOURCE | john.smith@fcorp.com > dropbox.com SCYLLA_PASSWORD| john.smith@fcorp.com > john******** SCYLLA_USERNAME| john.smith@fcorp.com > 1645673 SCYLLA_PASSWORD| john.smith@fcorp.com > john******** SCYLLA_USERNAME| john.smith@fcorp.com > 1645673 SCYLLA_SOURCE | john.smith@fcorp.com > exploit.in SCYLLA_PASSWORD| john.smith@fcorp.com > 1203******** SCYLLA_SOURCE | john.smith@fcorp.com > exploit.in SCYLLA_PASSWORD| john.smith@fcorp.com > 8772******** SCYLLA_SOURCE | john.smith@fcorp.com > exploit.in SCYLLA_PASSWORD| john.smith@fcorp.com > 4599******** ``` -------------------------------- ### Windows Installation and Execution Source: https://github.com/khast3x/h8mail/wiki/Troubleshooting Commands for managing Python environments and running h8mail as a module on Windows. ```bash # Check python version, should be 3.6+ C:> python --version # To have python handle installation of pip C:> python -m ensurepip # To launch pip as a module C:> python -m pip install h8mail # To launch h8mail as a module C:> python -m h8mail --help ``` -------------------------------- ### Install and Verify h8mail Source: https://context7.com/khast3x/h8mail/llms.txt Install h8mail using pip and verify the installation by checking the help and version information. ```bash pip3 install h8mail ``` ```bash h8mail --help ``` ```bash h8mail --version ``` -------------------------------- ### Install h8mail Source: https://github.com/khast3x/h8mail/wiki/Getting Started Install h8mail using pip. Ensure you have Python 3 and pip installed. ```bash pip3 install h8mail ``` -------------------------------- ### Run h8mail from source as module Source: https://github.com/khast3x/h8mail/wiki/Install Execute h8mail directly as a Python module after installing from source. ```bash cd h8mail/ python3 -m h8mail -h ``` -------------------------------- ### Install h8mail via pip Source: https://github.com/khast3x/h8mail/wiki/Troubleshooting Install the h8mail package using pip, including the --user flag to avoid permission errors. ```bash $ pip3 install --user h8mail ``` -------------------------------- ### Perform Local Breach Searches Source: https://github.com/khast3x/h8mail/wiki/Local Search Examples of searching for targets in local files, folders, and using glob patterns. ```bash $ h8mail -t john.smith@fcorp.com -lb ./Leaks/2019-* -sk ``` ```bash $ h8mail -t john.smith@fcorp.com -gz ../Collection1/ ../Collection2/EU_* -sk ``` ```bash $ h8mail -t targets.txt -gz dump/*.tar.gz -sk ``` ```bash $ h8mail -t fcorp.com -gz ../Collection1/ -sk --loose ``` ```bash $ h8mail -t targets.txt -lb ../Collection99/ -c h8mail_config.ini -o search_output.csv ``` -------------------------------- ### Verify Python Version Source: https://github.com/khast3x/h8mail/wiki/Troubleshooting Check the currently installed Python version to ensure compatibility with h8mail. ```bash $ python --version ``` ```bash C:> python --version ``` -------------------------------- ### Import GPG keys Source: https://github.com/khast3x/h8mail/blob/master/README.md Commands to import PGP keys for verifying signed commits. ```bash curl https://keybase.io/ktx/pgp_keys.asc | gpg --import keybase pgp pull ktx ``` -------------------------------- ### Run h8mail with Configuration File Source: https://github.com/khast3x/h8mail/wiki/Using-APIs Specify the configuration file to use with the -c flag when running h8mail. This allows h8mail to load your API keys from the specified file. ```shell $ h8mail -t john.smith@fcorp.com -c h8mail_config.ini ``` -------------------------------- ### Power-Chasing with Username and Config Source: https://github.com/khast3x/h8mail/wiki/Chasing Enable power-chasing to broaden the search scope to include usernames, hashes, IPs, passwords, and domains. Specify the chase limit and configuration file. ```bash $ h8mail -t jsmith99 -q username -c h8mail_config.ini --chase 4 --power-chase ``` -------------------------------- ### Run h8mail Demonstration Source: https://github.com/khast3x/h8mail/wiki/Demonstrations Execute h8mail against a list of emails using a configuration file. Use the `--hide` flag to obscure sensitive password characters in the output. ```shell $ h8mail -t emails.txt -c h8mail_config.ini --hide ``` -------------------------------- ### Standard Chasing with Hunter.io Source: https://github.com/khast3x/h8mail/wiki/Chasing Use standard chasing with a specified chase limit and Hunter.io API key. Ensure you have a valid Hunter.io API key. ```bash $ h8mail -t john.smith@fcorp.com --chase 2 -k "hunterio:abc1234" ``` -------------------------------- ### Basic h8mail Usage and IntelX Integration Source: https://context7.com/khast3x/h8mail/llms.txt Demonstrates basic h8mail usage with IntelX API, including limiting downloaded files and enabling debug mode. Supports various data types for IntelX. ```bash h8mail -t target@example.com -k "intelx_key=YOUR_KEY" "intelx_maxfile=5" ``` ```bash h8mail -t target@example.com -k "intelx_key=YOUR_KEY" --debug ``` ```bash h8mail -t bitcoin_address -k "intelx_key=YOUR_KEY" ``` -------------------------------- ### Query multiple targets with config and output file Source: https://github.com/khast3x/h8mail/blob/master/README.md Queries a list of targets from a file, uses a specified configuration file for API keys, and directs CSV output to `pwned_targets.csv`. ```bash $ h8mail -t targets.txt -c config.ini -o pwned_targets.csv ``` -------------------------------- ### Power-Chasing with Domain Search Source: https://github.com/khast3x/h8mail/wiki/Chasing Perform power-chasing using a domain search, leveraging services like Scylla. Set the chase limit and enable power-chasing. ```shell $ h8mail -t fcorp.com -q domain --power-chase --chase 2 ``` -------------------------------- ### Query by IP address Source: https://github.com/khast3x/h8mail/blob/master/README.md Query an IP address using a configuration file and enable power-chase mode to find related targets. ```bash $ h8mail -t 42.202.0.42 -q ip -c h8mail_config_priv.ini -ch 2 --power-chase ``` -------------------------------- ### h8mail Demonstration Session Recap Source: https://github.com/khast3x/h8mail/wiki/Demonstrations Summary of the h8mail demonstration run, indicating which targets had breaches found and the number of elements discovered. Includes total execution time. ```shell Session Recap: Target | Status __________________________________________________________________________________________ jane.smith@fcorp.com | Breach Found (63 elements) __________________________________________________________________________________________ john.smith@fcorp.com | Breach Found (153 elements) __________________________________________________________________________________________ Execution time (seconds): 13.989517450332642 Done ``` -------------------------------- ### Query List of Targets with Config and Output Source: https://github.com/khast3x/h8mail/wiki/Getting Started Query h8mail for a list of targets from a file, specifying a configuration file for API keys and an output file for results. ```bash h8mail -t targets.txt -c config.ini -o pwned_targets.csv ``` -------------------------------- ### Run h8mail with Command-Line Keys Source: https://github.com/khast3x/h8mail/wiki/Using-APIs Pass API keys directly from the command line using the -k option. Keys should be in a 'K=V' format, and multiple keys can be provided as separate arguments or a comma-separated string. ```shell $ h8mail -t john.smith@fcorp.com -k "K=V, K=V" "K=V" $ h8mail -t john.smith@fcorp.com -k "leak-lookup_pub=1bf94ff907f68d511de9a610a6ff9263" ``` -------------------------------- ### IntelX API Integration Source: https://context7.com/khast3x/h8mail/llms.txt Query Intelligence X for breach data from various file types. The tool auto-detects the data type. ```bash h8mail -t target@example.com -k "intelx_key=YOUR_KEY" ``` -------------------------------- ### Search for hashes from a file with configuration Source: https://github.com/khast3x/h8mail/wiki/Targeting-Beyond-Email Processes a file of hashes using API keys defined in a configuration file. ```shell $ h8mail -t my_hashs.txt -q hash -c h8mail_config.ini ``` -------------------------------- ### Query by username Source: https://github.com/khast3x/h8mail/blob/master/README.md Perform a username query using API keys provided via the command line. ```bash $ h8mail -t JSmith89 -q username -k "dehashed_email=user@email.com" "dehashed_key=ABCDE123" ``` -------------------------------- ### h8mail Command-Line Usage Source: https://github.com/khast3x/h8mail/blob/master/README.md Displays the help message and lists all available command-line arguments for the h8mail tool. Use this to understand the full range of options for targeting, configuration, output, and data sources. ```bash usage: h8mail [-h] [-t USER_TARGETS [USER_TARGETS ...]] [-u USER_URLS [USER_URLS ...]] [-q USER_QUERY] [--loose] [-c CONFIG_FILE [CONFIG_FILE ...]] [-o OUTPUT_FILE] [-j OUTPUT_JSON] [-bc BC_PATH] [-sk] [-k CLI_APIKEYS [CLI_APIKEYS ...]] [-lb LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...]] [-gz LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...]] [-sf] [-ch [CHASE_LIMIT]] [--power-chase] [--hide] [--debug] [--gen-config] Email information and password lookup tool optional arguments: -h, --help show this help message and exit -t USER_TARGETS [USER_TARGETS ...], --targets USER_TARGETS [USER_TARGETS ...] Either string inputs or files. Supports email pattern matching from input or file, filepath globing and multiple arguments -u USER_URLS [USER_URLS ...], --url USER_URLS [USER_URLS ...] Either string inputs or files. Supports URL pattern matching from input or file, filepath globing and multiple arguments. Parse URLs page for emails. Requires http:// or https:// in URL. -q USER_QUERY, --custom-query USER_QUERY Perform a custom query. Supports username, password, ip, hash, domain. Performs an implicit "loose" search when searching locally --loose Allow loose search by disabling email pattern recognition. Use spaces as pattern seperators -c CONFIG_FILE [CONFIG_FILE ...], --config CONFIG_FILE [CONFIG_FILE ...] Configuration file for API keys. Accepts keys from Snusbase, WeLeakInfo, Leak-Lookup, HaveIBeenPwned, Emailrep, Dehashed and hunterio -o OUTPUT_FILE, --output OUTPUT_FILE File to write CSV output -j OUTPUT_JSON, --json OUTPUT_JSON File to write JSON output -bc BC_PATH, --breachcomp BC_PATH Path to the breachcompilation torrent folder. Uses the query.sh script included in the torrent -sk, --skip-defaults Skips Scylla and HunterIO check. Ideal for local scans -k CLI_APIKEYS [CLI_APIKEYS ...], --apikey CLI_APIKEYS [CLI_APIKEYS ...] Pass config options. Supported format: "K=V,K=V" -lb LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...], --local-breach LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...] Local cleartext breaches to scan for targets. Uses multiprocesses, one separate process per file, on separate worker pool by arguments. Supports file or folder as input, and filepath globing -gz LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...], --gzip LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...] Local tar.gz (gzip) compressed breaches to scans for targets. Uses multiprocesses, one separate process per file. Supports file or folder as input, and filepath globing. Looks for 'gz' in filename -sf, --single-file If breach contains big cleartext or tar.gz files, set this flag to view the progress bar. Disables concurrent file searching for stability -ch [CHASE_LIMIT], --chase [CHASE_LIMIT] Add related emails from hunter.io to ongoing target list. Define number of emails per target to chase. Requires hunter.io private API key if used without power-chase --power-chase Add related emails from ALL API services to ongoing target list. Use with --chase --hide Only shows the first 4 characters of found passwords to output. Ideal for demonstrations --debug Print request debug information --gen-config, -g Generates a configuration file template in the current working directory & exits. Will overwrite existing h8mail_config.ini file ``` -------------------------------- ### Skip default providers Source: https://context7.com/khast3x/h8mail/llms.txt Use the -sk flag to disable default services like Scylla and Hunter.io for local or specific API-only searches. ```bash # Skip defaults for local-only search h8mail -t targets.txt -lb /data/breaches/ -sk # Skip defaults when using only specific APIs h8mail -t target@example.com -k "hibp=KEY" -sk # Essential for offline/air-gapped environments h8mail -t targets.txt -bc /data/BreachCompilation/ -sk ``` -------------------------------- ### Query targets against local Breach Compilation with API key Source: https://github.com/khast3x/h8mail/blob/master/README.md Queries targets from a file against a local copy of the Breach Compilation. It also passes an API key for Snusbase directly from the command line. ```bash $ h8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -k "snusbase_token=$snusbase_token" ``` -------------------------------- ### API Key Configuration for h8mail Source: https://context7.com/khast3x/h8mail/llms.txt Configure API keys using a configuration file, directly from the command line, or a combination of both. ```bash h8mail -t target@example.com -c h8mail_config.ini ``` ```bash h8mail -t target@example.com -k "snusbase_token=abc123" "hunterio=xyz789" ``` ```bash h8mail -t targets.txt -c h8mail_config.ini -k "dehashed_email=user@email.com" "dehashed_key=KEY123" ``` ```bash h8mail -t target@example.com -k "leak-lookup_pub=KEY1,hibp=KEY2" ``` -------------------------------- ### Generate h8mail Configuration File Source: https://context7.com/khast3x/h8mail/llms.txt Generate a template configuration file (h8mail_config.ini) to store API keys for various services. Uncomment and fill in your keys. ```bash h8mail -g ``` ```ini [h8mail] ; Uncomment and add your keys ;hunterio = YOUR_HUNTER_API_KEY ;snusbase_token = YOUR_SNUSBASE_TOKEN ;hibp = YOUR_HIBP_API_KEY ;leak-lookup_pub = YOUR_LEAK_LOOKUP_PUBLIC_KEY ;leak-lookup_priv = YOUR_LEAK_LOOKUP_PRIVATE_KEY ;emailrep = YOUR_EMAILREP_KEY ;dehashed_email = YOUR_DEHASHED_EMAIL ;dehashed_key = YOUR_DEHASHED_API_KEY ;intelx_key = YOUR_INTELX_KEY ;intelx_maxfile = 10 ;breachdirectory_user = YOUR_USER ;breachdirectory_pass = YOUR_PASS ``` -------------------------------- ### Run via Docker Source: https://context7.com/khast3x/h8mail/llms.txt Execute h8mail within a containerized environment for isolation. ```bash # Pull official Docker image docker pull kh4st3x00/h8mail # Run with target docker run -it kh4st3x00/h8mail -t target@example.com # Run with mounted config and data docker run -it \ -v $(pwd)/h8mail_config.ini:/app/h8mail_config.ini \ -v $(pwd)/targets.txt:/app/targets.txt \ -v $(pwd)/output:/app/output \ kh4st3x00/h8mail \ -t /app/targets.txt \ -c /app/h8mail_config.ini \ -o /app/output/results.csv ``` -------------------------------- ### Enable debug mode Source: https://context7.com/khast3x/h8mail/llms.txt Use the --debug flag to view verbose request and response details for troubleshooting. ```bash # Enable debug output h8mail -t target@example.com -c config.ini --debug # Debug shows: # - Full request headers sent # - Request URLs and parameters # - Full response headers received # - Response body content # - IntelX files are kept instead of deleted ``` -------------------------------- ### Target URLs for email patterns Source: https://github.com/khast3x/h8mail/wiki/Targeting Basics Use the -u or --url flag to specify a URL to search for email patterns. This can be a direct URL or a file containing URLs. ```shell $ h8mail -u fcorp.com/contacts ``` ```shell $ h8mail -u my_extracted_urls.txt ``` -------------------------------- ### Emailrep.io API Integration Source: https://context7.com/khast3x/h8mail/llms.txt Query Emailrep.io for reputation scoring, social profiles, and breach history using a free API key. ```bash h8mail -t target@example.com -k "emailrep=YOUR_FREE_KEY" ``` -------------------------------- ### Search Local .gz Files for Targets Source: https://github.com/khast3x/h8mail/wiki/Getting Started Search all .gz files in a specified directory for targets listed in a text file. The -sk flag enables searching within compressed files. ```bash h8mail -t targets.txt -gz /tmp/Collection1/ -sk ``` -------------------------------- ### Enhance Domain Search with Chasing Source: https://github.com/khast3x/h8mail/wiki/Demonstrations Utilize the '--chase' and '--power-chase' flags to automatically hunt for related emails and scan them for leaked data, providing more comprehensive results. This command requires a valid configuration file. ```shell $ h8mail -t fcorp.com -q domain --chase 4 --power-chase -c h8mail_config.ini --hide ``` -------------------------------- ### Target emails from folders Source: https://github.com/khast3x/h8mail/wiki/Targeting Basics Use the -t flag to specify a folder to search for email patterns. Globbing with '*' is supported. ```shell $ h8mail -t crawled_website/ ``` ```shell $ h8mail -t data_dump/*.sql data_dump/*.html ``` -------------------------------- ### Search Breach Compilation Source: https://github.com/khast3x/h8mail/wiki/Local Search Use the native Breach Compilation script on Linux or OSX platforms. ```bash $ h8mail -t targets.txt -bc ./BreachedCompilation/ -sk ``` -------------------------------- ### Search for a username using custom query Source: https://github.com/khast3x/h8mail/wiki/Targeting-Beyond-Email Targets a specific username using the default scylla.sh API. ```shell $ h8mail -t jsmith99 -q username ``` -------------------------------- ### Analyze cleartext dump Source: https://github.com/khast3x/h8mail/blob/master/README.md Check a cleartext dump file for a target and automatically add related emails to the target list. ```bash $ h8mail -t admin@evilcorp.com -lb /tmp/4k_Combo.txt -ch 10 -k "hunterio=ABCDE123" ``` -------------------------------- ### HaveIBeenPwned API Integration Source: https://context7.com/khast3x/h8mail/llms.txt Query the HaveIBeenPwned v3 API for breach and paste information. An API key is required for v3. Results can be output to CSV. ```bash h8mail -t target@example.com -k "hibp=YOUR_HIBP_API_KEY" ``` ```bash h8mail -t targets.txt -c config.ini -o hibp_results.csv ``` ```text [>] Found 5 breaches for target@example.com using HIBP v3 [>] Found 2 pastes for target@example.com using HIBP v3 Pastes ``` -------------------------------- ### Query Single Target Source: https://github.com/khast3x/h8mail/wiki/Getting Started Query h8mail for a single email address. This is the most basic usage command. ```bash h8mail -t target@example.com ``` -------------------------------- ### Search local .gz files Source: https://github.com/khast3x/h8mail/blob/master/README.md Search for targets within .gz files located in a specific directory while skipping default checks. ```bash $ h8mail -t targets.txt -gz /tmp/Collection1/ -sk ``` -------------------------------- ### Generate h8mail Configuration Template Source: https://github.com/khast3x/h8mail/wiki/Using-APIs Use the -g flag to generate a template configuration file in the current working directory. This file can then be edited to include your API keys. ```shell $ h8mail -g ***snip*** [>] Generated h8mail template configuration file (/home/user/h8mail_config.ini) Done ``` -------------------------------- ### Target multiple email addresses Source: https://github.com/khast3x/h8mail/wiki/Targeting Basics Provide multiple email addresses separated by spaces after the -t flag to target them in a single run. ```shell $ h8mail -t john.smith@fcorp.com alice.smith@fcorp.com ``` -------------------------------- ### Execute h8mail as a Module Source: https://github.com/khast3x/h8mail/wiki/Troubleshooting Run h8mail using the Python module flag to bypass PATH issues. ```bash $ python3 -m h8mail -h ``` -------------------------------- ### Download h8mail tarball Source: https://github.com/khast3x/h8mail/wiki/Install Download the h8mail source code as a tarball from GitHub. ```bash curl -OL https://github.com/khast3x/h8mail/tarball/master ``` -------------------------------- ### Mask passwords in output Source: https://context7.com/khast3x/h8mail/llms.txt Use the --hide flag to mask passwords in the console output for privacy. ```bash # Hide passwords (show only first 4 characters) h8mail -t target@example.com -c config.ini --hide # Example output with --hide: # [>] Password: secr**** # [>] Password: pass**** ``` -------------------------------- ### Run h8mail using Docker Source: https://github.com/khast3x/h8mail/wiki/Install Execute h8mail within a Docker container. This command runs the container and displays help information. ```bash docker run -ti kh4st3x00/h8mail -h ``` -------------------------------- ### IntelX Search Operators Source: https://github.com/khast3x/h8mail/wiki/Using-APIs List of supported search operators for the IntelX API provider. IntelX automatically recognizes data formats. Use --debug to keep downloaded files. ```plaintext email, domain, hash, URL, IP, CIDR, phone number, bitcoin address, MAC address, credit card number, social security number, IBAN ``` -------------------------------- ### Query for a single target email Source: https://github.com/khast3x/h8mail/blob/master/README.md Basic usage to query for information about a single email address. No additional configuration or output files are specified. ```bash $ h8mail -t target@example.com ``` -------------------------------- ### Run h8mail Docker with target email Source: https://github.com/khast3x/h8mail/wiki/Install Execute h8mail within a Docker container to check a specific email address. ```bash docker run -ti kh4st3x00/h8mail -t john.smith@fcorp.com ``` -------------------------------- ### Custom Query Types Source: https://context7.com/khast3x/h8mail/llms.txt Search for various data types beyond email addresses using custom query operators like username, password, IP, hash, and domain. ```bash h8mail -t jsmith99 -q username ``` ```bash h8mail -t "password123" -q password ``` ```bash h8mail -t 192.168.1.1 -q ip ``` ```bash h8mail -t "5f4dcc3b5aa765d61d8327deb882cf99" -q hash ``` ```bash h8mail -t company.com -q domain ``` ```bash h8mail -t company.com -q domain -c h8mail_config.ini -o domain_breaches.csv ``` -------------------------------- ### Query local Breach Compilation Source: https://github.com/khast3x/h8mail/blob/master/README.md Perform a search against a local Breach Compilation directory without making external API calls. ```bash $ h8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -sk ``` -------------------------------- ### Target emails from files Source: https://github.com/khast3x/h8mail/wiki/Targeting Basics Specify text files or HTML files containing email addresses or patterns to search within using the -t flag. ```shell $ h8mail -t my_targets.txt more_targets.html ``` -------------------------------- ### Breach Compilation Search Source: https://context7.com/khast3x/h8mail/llms.txt Use the native Breach Compilation torrent search script. Can be combined with other data sources and API services. ```bash h8mail -t target@example.com -bc /path/to/BreachCompilation/ -sk ``` ```bash h8mail -t targets.txt -bc /data/BreachCompilation/ -c h8mail_config.ini ``` ```bash h8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -k "snusbase_token=$TOKEN" ``` -------------------------------- ### Target a single email address Source: https://github.com/khast3x/h8mail/wiki/Targeting Basics Use the -t flag to specify a single email address as a target. ```shell $ h8mail -t john.smith@fcorp.com ``` -------------------------------- ### Loose Pattern Search Source: https://context7.com/khast3x/h8mail/llms.txt Search for non-email patterns in local files using the --loose flag. Implicit with custom queries. ```bash h8mail -t "john.smith" "evilcorp" --loose -lb /data/breaches/ -sk ``` ```bash h8mail -t fcorp.com -gz ../Collection1/ -sk --loose ``` ```bash h8mail -t jsmith99 -q username -lb /data/breaches/ -sk ``` -------------------------------- ### Fetch URL content Source: https://github.com/khast3x/h8mail/blob/master/README.md Retrieve and target emails found within content from specified URLs or files containing lists of URLs. ```bash $ h8mail -u "https://pastebin.com/raw/kQ6WNKqY" "list_of_urls.txt" ``` -------------------------------- ### Export results to JSON Source: https://context7.com/khast3x/h8mail/llms.txt Save scan results to a JSON file or combine multiple output formats. ```bash # Save to JSON h8mail -t targets.txt -c config.ini -j breach_results.json # Combine CSV and JSON output h8mail -t targets.txt -c config.ini -o results.csv -j results.json ``` -------------------------------- ### Update h8mail Source: https://github.com/khast3x/h8mail/wiki/Getting Started Upgrade h8mail to the latest version using pip. Use the --user flag if you encounter permission errors. ```bash pip3 install --upgrade h8mail ``` -------------------------------- ### Hunter.io API Integration Source: https://context7.com/khast3x/h8mail/llms.txt Query Hunter.io for corporate emails and domain information. Public API provides email count, while private API offers full lists. ```bash h8mail -t employee@company.com ``` ```bash h8mail -t employee@company.com -k "hunterio=YOUR_API_KEY" ``` -------------------------------- ### Snusbase API Integration Source: https://context7.com/khast3x/h8mail/llms.txt Query Snusbase for cleartext passwords, hashes, usernames, and IP addresses. Supports custom URLs for self-hosted instances and querying by username, IP, or hash. ```bash h8mail -t target@example.com -k "snusbase_token=YOUR_TOKEN" ``` ```bash h8mail -t target@example.com -k "snusbase_token=TOKEN" "snusbase_url=http://custom-api.example.com/v3/search" ``` ```bash h8mail -t jsmith99 -q username -k "snusbase_token=YOUR_TOKEN" ``` ```bash h8mail -t 192.168.1.100 -q ip -k "snusbase_token=YOUR_TOKEN" ``` ```bash h8mail -t 5f4dcc3b5aa765d61d8327deb882cf99 -q hash -k "snusbase_token=YOUR_TOKEN" ``` -------------------------------- ### Clone h8mail repository Source: https://github.com/khast3x/h8mail/wiki/Install Clone the h8mail source code repository from GitHub. ```bash git clone git://github.com/khast3x/h8mail ``` -------------------------------- ### Local Gzip Compressed Search Source: https://context7.com/khast3x/h8mail/llms.txt Search gzip-compressed breach archives. Supports single files, directories, glob patterns, and combining with other data sources. ```bash h8mail -t target@example.com -gz /data/breach.tar.gz -sk ``` ```bash h8mail -t targets.txt -gz /data/Collection1/ -sk ``` ```bash h8mail -t target@example.com -gz /data/dumps/*.tar.gz -sk ``` ```bash h8mail -t targets.txt -gz ../Collection1/ ../Collection2/EU_* -sk ``` ```bash h8mail -t targets.txt -gz /data/Collection1/ -sk -sf ``` -------------------------------- ### Export results to CSV Source: https://context7.com/khast3x/h8mail/llms.txt Save scan results to a CSV file using the -o flag. ```bash # Save to CSV h8mail -t targets.txt -c config.ini -o breach_results.csv # CSV output format: # Target,Type,Data # target@example.com,HIBP3,LinkedIn # target@example.com,SCYLLA_PASSWORD,secretpass123 # target@example.com,SCYLLA_HASH,$2a$08$xxx... # target@example.com,SNUS_USERNAME,john_doe ``` -------------------------------- ### Basic Email Targeting with h8mail Source: https://context7.com/khast3x/h8mail/llms.txt Query single or multiple email addresses. Supports targeting emails from files or using regex patterns on HTML/document content. ```bash h8mail -t target@example.com ``` ```bash h8mail -t admin@company.com user@company.com support@company.com ``` ```bash h8mail -t targets.txt ``` ```bash h8mail -t crawled_website/ scraped_data/*.html ``` -------------------------------- ### Local Cleartext Breach Search Source: https://context7.com/khast3x/h8mail/llms.txt Search local cleartext breach files using multiprocessed workers. Supports single files, directories, glob patterns, and combining with API queries. ```bash h8mail -t target@example.com -lb /path/to/breach_dump.txt -sk ``` ```bash h8mail -t targets.txt -lb /data/breaches/ -sk ``` ```bash h8mail -t target@example.com -lb ./Leaks/2019-* ./Leaks/2020-* -sk ``` ```bash h8mail -t targets.txt -lb /data/collection1/ /data/collection2/ -sk ``` ```bash h8mail -t targets.txt -lb /data/breaches/ -c h8mail_config.ini -o results.csv ``` ```bash h8mail -t target@example.com -lb /data/huge_breach.txt -sk -sf ``` -------------------------------- ### Leak-Lookup API Integration Source: https://context7.com/khast3x/h8mail/llms.txt Query Leak-Lookup using public or private API keys. Supports querying by email, username, and domain. ```bash h8mail -t target@example.com -k "leak-lookup_pub=YOUR_PUBLIC_KEY" ``` ```bash h8mail -t target@example.com -k "leak-lookup_priv=YOUR_PRIVATE_KEY" ``` ```bash h8mail -t admin_user -q username -k "leak-lookup_priv=YOUR_KEY" ``` ```bash h8mail -t company.com -q domain -k "leak-lookup_priv=YOUR_KEY" ``` -------------------------------- ### Search for breached emails by domain Source: https://github.com/khast3x/h8mail/wiki/Targeting-Beyond-Email Queries for all breached emails associated with a specific domain name. ```shell $ h8mail -t fcorp.com -q domain ``` -------------------------------- ### Dehashed API Integration Source: https://context7.com/khast3x/h8mail/llms.txt Query Dehashed for breach data including passwords, hashes, and personal information. Requires both email and API key. Supports searching by email, username, domain, and IP address. ```bash h8mail -t target@example.com -k "dehashed_email=your@email.com" "dehashed_key=YOUR_KEY" ``` ```bash h8mail -t johnsmith -q username -k "dehashed_email=your@email.com" "dehashed_key=YOUR_KEY" ``` ```bash h8mail -t company.com -q domain -k "dehashed_email=your@email.com" "dehashed_key=YOUR_KEY" ``` ```bash h8mail -t 10.0.0.1 -q ip -k "dehashed_email=your@email.com" "dehashed_key=YOUR_KEY" ``` -------------------------------- ### Target Entire Domain with h8mail Source: https://github.com/khast3x/h8mail/wiki/Demonstrations Use this command to search for all leaked emails associated with a specific domain. Ensure your h8mail configuration file is correctly set up. ```shell $ h8mail -t fcorp.com -q domain -c h8mail_config.ini --hide ***snip*** [~] Target factory started for fcorp.com [~] [fcorp.com]>[scylla.sh] __________________________________________________________________________________________ [>] Showing results for fcorp.com SCYLLA_SOURCE | fcorp.com > exploit.in SCYLLA_EMAIL | fcorp.com > ......@fcorp.com SCYLLA_PASSWORD| fcorp.com > aq1aq1aq1 SCYLLA_SOURCE | fcorp.com > exploit.in SCYLLA_EMAIL | fcorp.com > ......@fcorp.com SCYLLA_PASSWORD| fcorp.com > aq4aq4aq4 SCYLLA_EMAIL | fcorp.com > www.dirtymac01@fcorp.com,www.dirtymac01@fcorp.com,www.dirtymac01@fcorp.com SCYLLA_HASH | fcorp.com > 0x1D9E2B624FAF9DFF43A23473A589BA5B839D99CA SCYLLA_USERNAME| fcorp.com > 75445061 SCYLLA_SOURCE | fcorp.com > 000webhost.com SCYLLA_EMAIL | fcorp.com > moes@fcorp.com SCYLLA_LASTIP | fcorp.com > 82.23.109.200 SCYLLA_PASSWORD| fcorp.com > superman123 SCYLLA_SOURCE | fcorp.com > 000webhost.com SCYLLA_EMAIL | fcorp.com > fred@fcorp.com SCYLLA_LASTIP | fcorp.com > SCYLLA_PASSWORD| fcorp.com > mudfish1 ***snip*** SCYLLA_PASSWORD| fcorp.com > 1234hoedjevanpapier SCYLLA_SOURCE | fcorp.com > 000webhost.com SCYLLA_EMAIL | fcorp.com > alogan@fcorp.com SCYLLA_LASTIP | fcorp.com > 131.107.0.74 SCYLLA_PASSWORD| fcorp.com > 1secret SCYLLA_SOURCE | fcorp.com > 000webhost.com SCYLLA_EMAIL | fcorp.com > crap46@fcorp.com SCYLLA_LASTIP | fcorp.com > 213.239.192.110 SCYLLA_PASSWORD| fcorp.com > birmingham000 __________________________________________________________________________________________ Session Recap: Target | Status __________________________________________________________________________________________ fcorp.com | Breach Found (77 elements) __________________________________________________________________________________________ Execution time (seconds): 3.903327226638794 Done ``` -------------------------------- ### Chase related email addresses Source: https://context7.com/khast3x/h8mail/llms.txt Use the --chase flag to discover and target related email addresses via API services. ```bash # Chase 5 related emails from hunter.io h8mail -t admin@company.com --chase 5 -k "hunterio=YOUR_KEY" # Power chase - search all API results for related emails h8mail -t admin@company.com --chase 3 --power-chase -c h8mail_config.ini # Chase from domain search h8mail -t company.com -q domain --power-chase --chase 2 # Chase from username with full API support h8mail -t jsmith99 -q username -c h8mail_config.ini --chase 4 --power-chase ``` -------------------------------- ### Dehashed Search Operators Source: https://github.com/khast3x/h8mail/wiki/Using-APIs List of supported search operators for the Dehashed API provider. These can be used to refine your searches. ```plaintext id, email, ip, username, password, hash, hash_type, name, vin, address, phone, database_name ``` -------------------------------- ### URL Email Extraction Source: https://context7.com/khast3x/h8mail/llms.txt Extract and target emails found in web pages. Supports single URLs, multiple URLs, URL list files, and pastebin content. ```bash h8mail -u "https://company.com/about/team" ``` ```bash h8mail -u "https://company.com/contact" "https://company.com/team" ``` ```bash h8mail -u urls_to_scan.txt ``` ```bash h8mail -u "https://pastebin.com/raw/kQ6WNKqY" ``` -------------------------------- ### Snusbase Search Operators Source: https://github.com/khast3x/h8mail/wiki/Using-APIs List of supported search operators for the Snusbase API provider. These can be used to refine your searches. ```plaintext email, username, name, ip, password, hash ``` -------------------------------- ### LeakLookup Search Operators Source: https://github.com/khast3x/h8mail/wiki/Using-APIs List of supported search operators for the LeakLookup API provider. These can be used to refine your searches. ```plaintext address, address1, address2, country, email, firstname, ipaddress, lastname, middlename, mobile, number, password, phone, postcode, salt, state, userid, username, zip, zipcode ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.