Search the Community

GHunt is an OSINT tool to extract information from any Google Account using an email. It can currently extract: Owner’s name The last time the profile was edited Google ID If the account is a Hangouts Bot Activated Google services (YouTube, Photos, Maps, News360, Hangouts, etc.) Possible YouTube channel Possible other usernames Public photos (P) Phones models (P) Phones firmwares (P) Installed Softwares (P) Google Maps reviews (M) Possible physical location (M) Events from Google Calendar (C) The features marked with a (P) require the target account to have the default setting of Allow the people you share content with to download your photos and videos on the Google AlbumArchive, or if the target has ever used Picasa linked to their Google account. [hide][Hidden Content]]

MOSINT is an OSINT Tool for emails. It helps you gather information about the target email. Features: Email validation Check social accounts with Socialscan and Holehe Check data breaches and password leaks Find related emails and domains Scan Pastebin and Throwbin Dumps Google Search DNS Lookup IP Lookup Output to text file [hide][Hidden Content]]

VovSoft Download Mailbox Emails – Download all emails inside your mailbox into EML files. You get the emails from your Gmail, Hotmail or any private email account. Enter your login credentials and click Connect button. Then select the mailboxes you need to download and click Start Download button. The application will download all emails as EML files into the directory you wish. You can further investigate all your emails by having them in local. [Hidden Content] [hide][Hidden Content]]

[Hidden Content] [Hidden Content]

Features - Add any SMTP - Mass mailer, send multiple emails per second - Add Single/List - Remove Single/List - Validate Email List - Ensure Emails Are Legit - Plain text/HTML - Add any attachment [hide][Hidden Content]] * Detected because its Obfuscated / itsMe

Since the beginning of this year, many well-known companies around the world have been attacked by hackers, such as McDonald’s, a world-renowned fast-food brand. Hackers stole part of McDonald’s data in the United States, South Korea, and Taiwan, including information about employees and restaurants. Kaseya, a developer of remote IT service management software, also suffered a large-scale ransomware attack, the hacker organization REvil used the vulnerability to access Kaseya’s server, and then posted a post on the dark web, demanding a ransom from Kaseya, asking the other party to pay a ransom of $70 million in exchange for repairing the data. Saudi Aramco, the world’s largest oil producer, also encountered a large amount of data theft, and the hackers demanded a ransom of $50 million. What is more familiar to the majority of DIY enthusiasts is that board card manufacturers were stolen by hackers of confidential documents, and data related to many unreleased products of Intel and AMD were leaked. Although similar incidents have occurred from time to time in the past, this year’s hacking attacks have been larger and more frequent. The victims are also large global multinational corporations. After a period of silence, some industry giants recently broke out similar incidents. This unfortunately the Swedish furniture brand IKEA was affected. According to HotHardware, IKEA has recently encountered continuous attacks by hackers. After hacking the e-mail system, stealing information, hackers took over the employee’s e-mail account and then pretended to be the employee to send e-mails to relevant IKEA partners for phishing. This method works very well because the recipient sees that the sender is a trusted IKEA staff member and has a good chance of downloading or opening the link in the email. What’s more difficult is that it’s still not clear whether hackers hacked into IKEA’s employee account or entered IKEA’s internal Microsoft Exchange server. Out of prudent consideration, IKEA has shut down some functions of the email system and increased the network alert level to avoid further risk of data leakage, and to investigate the relevant situation. Source

SocialPwned SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks like Instagram, Linkedin, and Twitter to find the possible credential leaks in PwnDB. The purpose of this tool is to facilitate the search for vulnerable targets during the phase of Footprinting in Ethical Hacking. It is common for employees of a company to publish their emails in social networks, either professional or personal, so if these emails have their credentials leaked, it is possible that the passwords found have been reused in the environment to be audited. If it’s not the case, at least you would have an idea of the patterns that follow this target to create the passwords and be able to perform other attacks with a higher level of effectiveness. SocialPwned uses different modules: Instagram: Making use of the unofficial Instagram API from @LevPasha, different methods were developed to obtain the emails published by users. An Instagram account is required. Linkedin: Using @tomquirk’s unofficial Linkedin API, different methods were developed to obtain a company’s employees and their contact information (email, twitter or phone). In addition, it is possible to add the employees found to your contacts, so that you can later have access to their network of contacts and information. A Linkedin account is required. Twint: Using Twint from @twintproject you can track all the Tweets published by a user looking for some email. A Twitter account is not necessary. PwnDB: Inspired by the tool PwnDB created by @davidtavarez a module has been developed that searches for all credential leaks from the emails found. In addition, for each email, a POST request is made to HaveIBeenPwned to find out the source of the leak. Changelog v2.0 Docker Implementation GHunt Module Dehashed Module Output Enhancement Web Scraping Fix in HaveIBeenPwned Fixed several bugs [hide][Hidden Content]]

Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This program also alerts you to the presence of a data leak for the found emails. Features Domain TLD (.com, .org, .net, etc…) Emails Data leaks Emails Social Instagram Facebook Twitter Tiktok Linktr.ee MySpace Flickr Programming Github Pastebin LessWrong Forum Hackernews Jeuxvideo.com Web Hosting AboutMe [hide][Hidden Content]]

Profil3r Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This program also alerts you to the presence of a data leak for the found emails. Features Emails Data leaks Emails Social Instagram Facebook Twitter Tiktok Music Soundcloud Programming Github Forum 0x00sec.org Jeuxvideo.com Tchat Skype [hide][Hidden Content]]

[Hidden Content]

MOSINT is an OSINT Tool for emails. It helps you gather information about the target email. Features: Verification Service { Check if email exist } Check social accounts with Socialscan Check data breaches [need API] Find related emails Find related phone numbers Find related domains Scan Pastebin Dumps Google Search DNS Lookup [hide][Hidden Content]]

GHunt is an OSINT tool to extract information from any Google Account using an email. It can currently extract: Owner’s name The last time the profile was edited Google ID If the account is a Hangouts Bot Activated Google services (YouTube, Photos, Maps, News360, Hangouts, etc.) Possible YouTube channel Possible other usernames Public photos (P) Phones models (P) Phones firmwares (P) Installed Softwares (P) Google Maps reviews (M) Possible physical location (M) Events from Google Calendar (C) The features marked with a (P) require the target account to have the default setting of Allow the people you share content with to download your photos and videos on the Google AlbumArchive, or if the target has ever used Picasa linked to their Google account. More info here. Those marked with a (M) require the Google Maps reviews of the target to be public (they are by default). Those marked with a (C) requires user to have Google Calendar set on public (default it is closed) [hide][Hidden Content]]

SocialPwned SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks like Instagram, Linkedin, and Twitter to find the possible credential leaks in PwnDB. The purpose of this tool is to facilitate the search for vulnerable targets during the phase of Footprinting in Ethical Hacking. It is common for employees of a company to publish their emails in social networks, either professional or personal, so if these emails have their credentials leaked, it is possible that the passwords found have been reused in the environment to be audited. If it’s not the case, at least you would have an idea of the patterns that follow this target to create the passwords and be able to perform other attacks with a higher level of effectiveness. [HIDE][Hidden Content]]

Hi all, I was reading RFCs and am now wondering how to use the '*' wildcard char to send emails to all the users mailboxes of a given server with the IP I use IPs instead of domain names for efficiency and the domain name gets translated to IP anyways using DSN and the IP approche lets me get exhaustive list of IPs. Or coarse there are reserved/excluded IPs such as 127.0.0.1 (loopback). For example mail *@1.0.0.1 < email.txt => sends email.txt to all users of [Hidden Content] this approche has several advantages, first its exhaustive. don't need to input all domain names, second you don't get "mail undelivered" email messages bouncing back to mailbox for non existing users. third for stealth (using Tor or coarse) make you email untracable. The only thing the receiving end user sees is "*@*" in "From:" I have tried different approches for *@1.0.0.1 but the command fails even when using mutt, pine, etc any ideas ? thank's

Am in need of good IP SMTP senders please can anyone including the administrator help me out with where i can get good IP SMTP senders? Your help will be appreciated. Thanks!

Free SMTP check for Mail Corp. Works without proxy [HIDE][Hidden Content]]