Information Gatheringosintemailbreachhuntingreconnaissance

h8mail

Email open source intelligence and breach hunting tool that queries different breach and reconnaissance services or local breaches like Troy Hunt’s Collection1 and Breach Compilation torrent.

Description

h8mail is an email OSINT and breach hunting tool designed to search for compromised email credentials across various online breach services and local breach databases. It supports inputs like direct email targets, URL parsing for emails, and local breach files, making it useful for security researchers and penetration testers investigating potential data exposures.

Use cases include reconnaissance during security assessments, verifying if specific email addresses appear in known breaches, and gathering intelligence on targets by checking against massive collections like the Breach Compilation torrent. The tool emphasizes responsible use, as indicated in its ASCII art banner.

It integrates with services for real-time breach lookups and handles local files in formats like BC_PATH or GZIP_SRC, providing outputs in standard or JSON formats for further analysis.

How It Works

h8mail operates by accepting email targets, URLs to parse for emails, or queries, then querying remote breach and reconnaissance services or scanning local breach databases such as Troy Hunt’s Collection1 and Breach Compilation files. It supports pattern matching for emails from inputs or files, URL page parsing, globbing for file paths, and options for chasing related data with limits. Outputs can be directed to files or JSON, with configurations loaded from files or CLI API keys for service access.

Installation

bash

sudo apt install h8mail

Flags

-h, --helpshow this help message and exit

-t, --targets USER_TARGETS [USER_TARGETS ...]Either string inputs or files. Supports email pattern matching from input or file, filepath globing and multiple arguments

-u, --url USER_URLS [USER_URLS ...]Either string inputs or files. Supports URL pattern multiple arguments. Parse URLs page for emails.

-q USER_QUERYUser query for searching

--looseUse loose matching

-c CONFIG_FILE [CONFIG_FILE ...]Configuration file(s)

-o OUTPUT_FILEOutput file

-j OUTPUT_JSONOutput JSON

-bc BC_PATHLocal breach source path

-skSkip keys

-k CLI_APIKEYS [CLI_APIKEYS ...]CLI API keys

-lb LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...]Local breach sources

-gz LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...]Local GZIP sources

-sfSafe mode

-ch [CHASE_LIMIT]Chase limit

--power-chasePower chase mode

--hideHide output

--debugDebug mode

--gen-configGenerate config

Examples

Display the full help message and usage information for h8mail

h8mail -h

Search for breaches related to a single email target using string input

h8mail -t target@example.com

Process email targets from a file, supporting pattern matching and globbing

h8mail -t targets.txt

Hunt breaches for multiple email targets provided as arguments

h8mail -t target1@example.com target2@example.com

Parse a URL page for emails and perform breach lookup on found emails

h8mail -u https://example.com

Parse emails from multiple URLs in a file and save breach results to an output file

h8mail -u urls.txt -o output.txt

Scan a local breach file for targets

h8mail -bc /path/to/breach.file

Generate a configuration file for h8mail

h8mail --gen-config

Updated 2026-04-16kali.org ↗