OSINT: Finding Email Passwords in Dumps with h8mail

Often as OSINT investigators, pentesters and hackers, we need to determine if a email address of the target exits and, if so, whether it has been compromised. There are a multitude of locations where compromised emails and passwords are stored and not all of them contain all the latest dumps. Now we have a tool that can search through all of these databases and determine whether an email has been compromised and which data dump compromised it!

h8mail is a tool for finding compromised email addresses and their passwords from these data breaches. When you combine this tool with others such as TheHarvester or the crosslinked tool, you can harvest email addresses from an organization and then test to see if they have been compromised

Although there are numerous tools to do so, h8mail may be the best!

In this tutorial, we’ll examine how to use h8mail to quickly and effectively find an email in these data dump databases that may contain a current password or hash of the password.