Emails and Breached Data

Hunting Emails and Breached Data

theHarvester: github.com/laramies/theHarvester

It performs open source intelligence (OSINT) gathering to help determine a domain’s external threat landscape. The tool gathers names, emails, IPs, subdomains, and URLs by using multiple public resources

Note: - Some websites may start to block you if you are hitting them too much, such as google.com might block you if you are searching too much with theHarvester or other tools like this.

 theHarvester -h              
*******************************************************************
*  _   _                                            _             *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __|  _ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* theHarvester 4.3.0                                              *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* cmartorella@edge-security.com                                   *
*                                                                 *
*******************************************************************
usage: theHarvester [-h] -d DOMAIN [-l LIMIT] [-S START] [-p] [-s] [--screenshot SCREENSHOT] [-v] [-e DNS_SERVER] [-t]
                    [-r [DNS_RESOLVE]] [-n] [-c] [-f FILENAME] [-b SOURCE]

theHarvester is used to gather open source intelligence (OSINT) on a company or domain.

options:
  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
                        Company name or domain to search.
  -l LIMIT, --limit LIMIT
                        Limit the number of search results, default=500.
  -S START, --start START
                        Start with result number X, default=0.
  -p, --proxies         Use proxies for requests, enter proxies in proxies.yaml.
  -s, --shodan          Use Shodan to query discovered hosts.
  --screenshot SCREENSHOT
                        Take screenshots of resolved domains specify output directory: --screenshot output_directory
  -v, --virtual-host    Verify host name via DNS resolution and search for virtual hosts.
  -e DNS_SERVER, --dns-server DNS_SERVER
                        DNS server to use for lookup.
  -t, --take-over       Check for takeovers.
  -r [DNS_RESOLVE], --dns-resolve [DNS_RESOLVE]
                        Perform DNS resolution on subdomains with a resolver list or passed in resolvers, default False.
  -n, --dns-lookup      Enable DNS server lookup, default False.
  -c, --dns-brute       Perform a DNS brute force on the domain.
  -f FILENAME, --filename FILENAME
                        Save the results to an XML and JSON file.
  -b SOURCE, --source SOURCE
                        anubis, baidu, bevigil, binaryedge, bing, bingapi, bufferoverun, brave, censys, certspotter, criminalip, crtsh,
                        dnsdumpster, duckduckgo, fullhunt, github-code, hackertarget, hunter, hunterhow, intelx, otx, pentesttools,
                        projectdiscovery, rapiddns, rocketreach, securityTrails, sitedossier, subdomainfinderc99, threatminer, urlscan,
                        virustotal, yahoo, zoomeye

theHarvester -d tesla.com -b all -l 50

theHarvester -d tesla.com -b yahoo -l 50

breach-parse: github.com/hmaverickadams/breach-parse

A tool for parsing breached passwords

Install: `sudo ./install.sh`

Download breached password list from magnet located here: `magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3&dn=BreachCompilation&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fglotorrents.pw%3A6969&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337`

If you don't store the password list (BreachCompilation) in `/opt/breach-parse`, specify the location like:

`breach-parse @gmail.com gmail.txt "~/Downloads/BreachCompilation/data"`

Run `breach-parse` for instructions

The breach compilation database is around 44GB. You have to download it and place it in the breach-parse directory.

h8mail github.com/khast3x/h8mail

h8mail is an email OSINT and breach hunting tool using different breach and reconnaissance services, or local breaches such as Troy Hunt’s “Collection1” and the infamous “Breach Compilation” torrent.

Requires API-keys and a lot of them are paid. You also can use that same breach compilation database with h8mail. One problem is that it can’t run a search that’s based on just a domain.

 pip3 install h8mail              
Defaulting to user installation because normal site-packages is not writeable
Collecting h8mail
  Downloading h8mail-2.5.6-py3-none-any.whl (34 kB)
Requirement already satisfied: requests in /usr/lib/python3/dist-packages (from h8mail) (2.31.0)
Installing collected packages: h8mail
Successfully installed h8mail-2.5.6

h8mail -t target@example.com

h8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -sk

h8mail -t targets.txt -gz /tmp/Collection1/ -sk

EmailHarvester: github.com/maldevel/EmailHarvester