Ethical Hacking Tutorials

Ethical Hacking Tutorials, Tips and Tricks

H8Mail โ€“ Email OSINT and password breach hunting.

Use h8mail to find passwords through different breach and reconnaissance services, or the infamous Breached Compilation torrent


  • ๐Ÿ”Ž Email pattern matching (reg exp), useful for all those raw HTML files
  • ๐Ÿณ Small and fast Alpine Dockerfile available
  • โœ… CLI or Bulk file-reading for targeting
  • ๐Ÿ“ Output to CSV file
  • โžฟ Reverse DNS + Open Ports
  • ๐Ÿ‘ฎ CloudFlare rate throttling avoidance
    • Execution flow remains synchronous and throttled according to API usage guidelines written by service providers
  • ๐Ÿ”ฅ Query and group results from different breach service providers
  • ๐Ÿ”ฅ Query a local copy of the โ€œBreach Compilationโ€
  • ๐Ÿ”ฅ Get related emails
  • ๐ŸŒˆ Delicious colors


๐Ÿ”“ Out of the box


๐Ÿš€ With API services


๐Ÿ’ฝ With the BreachedCompilation torrent



Service Functions Status
HaveIBeenPwned Number of email breachs โœ…
Shodan Reverse DNS, Open ports โœ… โ€“ Public Number of related emails โœ… โ€“ Service (free tier) Cleartext related emails โœ…
WeLeakInfo โ€“ Public Number of search-able breach results ๐Ÿ›ƒ
WeLeakInfo โ€“ Service Cleartext passwords, hashs and salts ๐Ÿ”œ
Snusbase โ€“ Service Cleartext passwords, hashs and salts โ€“ Fast โšก๏ธ โœ…

๐ŸŠ Install

If youโ€™re using Docker, make sure to add your targets.txt and your API keys in the configuration file before building


NodeJS is required to ensure CloudFlare bypassing. You can find out how to install it for your distribution here

These instructions assume you are running Python3 as default. If unsure, please check the troubleshooting section

apt-get install nodejs
git clone
cd h8mail
pip install -r requirements.txt
python -h


git clone
cd h8mail
docker build -t h8mail .
docker run -ti h8mail -h

๐ŸŠ Usage

> python --help
                 [-bc BC_PATH] [-v] [-l] [-k CLI_APIKEYS]

Email information and password finding tool

optional arguments:
  -h, --help            show this help message and exit
                        Either single email, or file (one email per line).
                        Configuration file for API keys
                        File to write output
  -bc BC_PATH, --breachcomp BC_PATH
                        Path to the breachcompilation Torrent.
  -v, --verbose         Show debug information
  -l, --local           Run local actions only
                        Pass config options. Format is "K:V,K:V"

๐ŸŠ Usage examples

Query for a single target
python -t [email protected]
Query for list of targets, indicate config file for API keys, output to pwned_targets.csv
python -t targets.txt -c config.ini -o pwned_targets.csv
Query a list of targets against local copy of the Breach Compilation, pass API keys for Snusbase from the command line
python -t targets.txt -bc ../Downloads/BreachCompilation/ -k "snusbase_url:$snusbase_url,snusbase_token:$snusbase_token"
Query without making API calls against local copy of the Breach Compilation
python -t targets.txt -bc ../Downloads/BreachCompilation/ --local

๐ŸŠ Troubleshooting

Python version & Kali

The above instructions assume you are running python3 as default. If unsure, type:

in your terminal. It should be either Python 3.* or Python 2.*.

If you are running python2 as default :
Make sure you have python3 installed, then replace python commands with explicit python3 calls:

apt-get install nodejs
git clone
cd h8mail
pip3 install -r requirements.txt
python3 -h

Updated: January 12, 2019 — 12:53 am

Leave a Reply

Your email address will not be published. Required fields are marked *

Ethical Hacking Tutorials © 2018
Skip to toolbar