H8mail | Data Breach Password Checker | Password Hunting Tool

Powerful and user-friendly password hunting tool.

Use h8mail to find passwords through different breach and reconnaissance services, or local breaches such as Troy Hunt’s “Collection1” and the infamous “Breach Compilation” torrent.
First Anniversary update, feedback and pull requests are welcomed :heart: :birthday:

:tangerine: Features

  • :mag_right: Email pattern matching (reg exp), useful for reading from other tool outputs
  • :dizzy: Loosey patterns for local searchs (“john.smith”, “evilcorp”)
  • :package: Painless install. Available through pip , only requires requests
  • :white_check_mark: CLI or Bulk file-reading for targeting
  • :memo: Output to CSV file
  • :muscle: Compatible with the “Breach Compilation” torrent scripts
  • :house: Search cleartext and compressed .gz files locally using multiprocessing
    • :cyclone: Compatible with “Collection#1”
  • :fire: Get related emails
  • :dragon_face: Chase related emails by adding them to the ongoing search
  • :crown: Supports premium lookup services for advanced users
  • :factory: Custom query premium APIs. Supports username, hash, ip, domain and password
  • :books: Regroup breach results for all targets and methods
  • :eyes: Includes option to hide passwords for demonstrations
  • :rainbow: Delicious colors

:package: pip3 install h8mail


Out of the box


With API services & chasing enabled


Searching using username with API service, power chasing enabled


It’s easy to install and the developer has been kind enough to provide a plethora of demos for clarity, understanding, and use case. It’s really designed for the absolute OSINT beginner in mind. It leverages 10 APIs including HaveIBeenPwned and Hunter for its data set.

Data Breaches

It seems like every week there is news of a massive data breach or leak: Yahoo, Experian, Marriot, you name it. What you don’t hear about are the seemingly infinite number of minor data breaches/leaks and the various ways it is exposed on the internet. You can find these dumps on Pastebin, in Discord channels, on dark web marketplaces, Twitter, and more. Identifying when your information has been breached, whether at a personal or enterprise level is of great importance and the risk only continues to rise. h8mail lets you begin the process of identifying that exposure, mitigating risk, and protecting your assets.

h8mail Setup

h8mail has made it very simple to get up and running. You only need a few things: clone the repo, install the requirements (pip), configure your API keys (config.ini), and test. If you’re an experienced OSINT collector, analyst, or investigator, you likely already have the required API keys from previous use cases. If not, they’re free and easy to obtain. h8mail has been tested on Linux, Mac, and Windows for ease of operation among a variety of users. The developer is very responsive on Twitter if you have any questions.

Use Cases

Query for a single target

$ h8mail -t [email protected]

Query for list of targets, indicate config file for API keys, output to pwned_targets.csv

$ h8mail -t targets.txt -c config.ini -o pwned_targets.csv

Query a list of targets against local copy of the Breach Compilation, pass API keys for Snusbase from the command line

$ h8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -k "snusbase_url=$snusbase_url,snusbase_token=$snusbase_token"

Query without making API calls against local copy of the Breach Compilation

$ h8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -sk

Search every .gz file for targets found in targets.txt locally

$ h8mail -t targets.txt -gz /tmp/Collection1/ -sk

Check a cleartext dump for target. Add the next 10 related emails to targets to check. Read keys from cli

$ h8mail -t [email protected] -lb /tmp/4k_Combo.txt -ch 10 -k "hunterio=ABCDE123"

OSINT Insight

h8mail is an out of the box solution for finding passwords in breach or reconnaissance services. Whether your new to OSINT tools or an advanced user, you will find value using it. When it comes to data collection at scale, the larger and more robust your data set, the more opportunity for analysis. h8mail’s ability to read from a .txt, output to a .csv, find similar emails, and retarget using its output enables you to massively grow your database and OSINT capability.

Combining h8mail with the output of other tools, such as Scavenger, buster, or BaseQuery, allows you to develop a free, powerful, in-house credential threat hunting program. Try building a data set using a username:password dump from the Scavenger Twitter page and running it through h8mail. If you want to take this to scale, use Twint to scrape all tweets from Scavenger that contain “username:password”, mine the data from each connected Pastebin and output into a .txt, then run that through h8mail. Check out this detailed write up to get started immediately.

GitHub Link: https://github.com/khast3x/h8mail