h8mail v2.3 release

on
3 minute read

Abstract

h8mail 2.3 has been released. In this blog post, we’ll be having an overview of all the new features.

Table of Content


Updating

  • If you installed h8mail using pip, simply use
$ pip3 install --upgrade h8mail

Use --user at the end if getting a permission message from pip

  • If you installed h8mail using the setup.py file, remove h8mail with
$ pip3 uninstall h8mail

And re-install it by cloning the repository and running the following inside the folder

$ python3 setup.py install

Add --user if getting a permission message.


TL;DR

  • Added HIBP v3
  • Switch to emailrep.io as default for breach checks, since haveibeenpwned has discontinued their free tier API.
  • Implemented username & password & ip search for all API providers
  • Implemented hash, domain search
  • Check if running latest version
  • Fix breachcomp separator issues
  • Generate template config file in CWD (gen-config)
  • Added more related emails from API services
  • Rewrote chasing (recursive)
  • Added ‘power-chasing’ for additional related emails targeting (related emails found using WeLeakInfo, Snusbase or Leak-Lookup)
  • Added –debug output

h8mail 2.3 features

Search Operators Summary

  username domain hash password ip
WeLeakInfo yes yes yes yes yes
LeakLookup yes yes   yes yes
Snusbase yes   yes yes yes

Generate a blank configuration file

You can now generate a blank configuration file to add your API keys. It will have all available fields commented using ;.
Simply use --gen-config or -g. It will generate a configuration file called h8mail_config.ini in the current working directory & exit.

Be careful as it will overwrite existing h8mail_config.ini file. To remove a comment, remove the ; at the beginning of the file.

HaveIBeenPwned v3

Troy Hunt has announced that starting on the 18/08/2019, HIBP will only support authenticated requests.

You can purchase your API key here.

Once you have your API key, add it to the hibp line, and uncomment the line.

Pass the configuration file using -c h8mail_config.ini

h8mail will be relying on emailrep.io’s free API to identify breaches for emails.

Debug output

To dump incoming and outgoing requests, simply add --debug to your command.

New search queries

This was probably the most requested feature since h8mail v2 release. View the table to see which provider supports what.
You can now use the following keywords with -q to tell h8mail what to query:

  • username
  • password
  • ip
  • hash
  • domain

Typically:

  • to search for all breaches for the username bob.smith:
    $ h8mail -t bob.smith -q username -c h8mail_config.ini
    
  • to search for all breaches for the ip 80.90.100.110, output to CSV:
    $ h8mail -t 80.90.100.110 -q ip -c h8mail_config.ini -o results.csv
    

(links contain refs)
You can purchase API keys for:

Power-chasing

Since h8mail now supports broader queries (such as domain) you can use breach services to add related emails to target, instead of relying on hunter.io only.

This is activated by adding --power-chase to a chasing h8mail command:

$ h8mail -t evilcorp.com -q domain -c h8mail_config.ini -ch 2 --power-chase

powerchase


Hope y’all have fun and do good deeds.

Cheers!

h8mail, OSINT, password, breach, haveibeenpwned, leak, docker, username