Skip to main content
Donate to the Python Software Foundation or Purchase a PyCharm License to Benefit the PSF! Donate Now

Email OSINT and password breach hunting. Use h8mail to find passwords through different breach and reconnaissance services, or the infamous Breached Compilation torrent

Project description

platforms PyPI - Python Version Downloads travis
Docker Pulls MicroBadger Size (tag)

Powerful and user-friendly password finder.
Use h8mail to find passwords through different breach and reconnaissance services, or local breaches such as Troy Hunt's "Collection1" and the infamous "Breach Compilation" torrent.
First Anniversary update, feedback and pull requests are welcomed :heart: :birthday:

:book: Table of Content

:tangerine: Features

  • :mag_right: Email pattern matching (reg exp), useful for reading from other tool outputs
  • :dizzy: Loosey patterns for local searchs ("john.smith", "evilcorp")
  • :package: Painless install. Available through pip, only requires requests
  • :whale: Small and fast Alpine Dockerfile available
  • :white_check_mark: CLI or Bulk file-reading for targeting
  • :memo: Output to CSV file
  • :muscle: Compatible with the "Breach Compilation" torrent scripts
  • :house: Search .txt and .gz files locally using multiprocessing
    • :cyclone: Compatible with "Collection#1"
  • :fire: Get related emails
  • :dragon_face: Chase and target related emails in ongoing search
  • :crown: Supports premium lookup services for advanced users
  • :books: Regroup breach results for all targets and methods
  • :eyes: Includes option to hide passwords for demonstrations
  • :rainbow: Delicious colors

:package: pip3 install h8mail


Out of the box


With API services, local breach search & chasing enabled



Service Functions Status
HaveIBeenPwned Number of email breaches :white_check_mark:
HaveIBeenPwned Pastes :new: URLs of text files mentioning targets :white_check_mark: - Public Number of related emails :white_check_mark: - Service (free tier) Cleartext related emails, Chasing :white_check_mark: :key:
WeLeakInfo - Public :new: Number of search-able breach results :white_check_mark: :key:
WeLeakInfo - Service :new: Cleartext passwords, hashs and salts, usernames, IPs :white_check_mark: :key:
Snusbase - Service Cleartext passwords, hashs and salts, usernames, IPs - Fast :zap: :white_check_mark: :key:
Leak-Lookup - Public :new: Number of search-able breach results :white_check_mark: (:key:)
Leak-Lookup - Service :new: Cleartext passwords, hashs and salts, usernames, IPs :white_check_mark: :key: - :new: Last seen in breaches, social media profiles :white_check_mark:

:key: - API key required
:new: - new in h8mail v2+

:tangerine: Install


h8mail 2.0 only requires the python requests module to run.

Stable release (best)

To install h8mail, run this command in your terminal:

$ pip3 install h8mail

And that's basically it.
This is the preferred method to install h8mail, as it will always install the most recent stable release.

Please note:
If you don't have pip installed, this Python installation guide can guide you through the process.
For troubleshooting, check the Troubleshooting section.

h8mail-install.gif The above illustration showcases installing h8mail using --user

From sources

The sources for h8mail can be downloaded from the Github repo.

You can either clone the public repository:

$ git clone git://

Or download the tarball:

$ curl  -OL

Next, decompress the downloaded archive.
Once you have a copy of the source, you can install it with:

$ cd h8mail/
$ python install
$ h8mail -h

Or just running it as a module:

$ cd h8mail/
$ python -m h8mail -h


$ pip3 install --upgrade h8mail

Use --user at the end if getting a permission message from pip


$ docker run -ti kh4st3x00/h8mail -h

:tangerine: Usage

usage: h8mail [-h] -t TARGET_EMAILS [TARGET_EMAILS ...] [--loose]
              [-c CONFIG_FILE [CONFIG_FILE ...]] [-o OUTPUT_FILE]
              [-bc BC_PATH] [-sk] [-k CLI_APIKEYS [CLI_APIKEYS ...]]
              [-lb LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...]]
              [-gz LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...]] [-sf]
              [-ch [CHASE_LIMIT]] [--hide]

Email information and password lookup tool

optional arguments:
  -h, --help            show this help message and exit
                        Either string inputs or files. Supports email pattern
                        matching from input or file, filepath globing and
                        multiple arguments
  --loose               Allow loose search by disabling email pattern
                        recognition. Use spaces as pattern seperators
                        Configuration file for API keys. Accepts keys from
                        Snusbase, (WeLeakInfo,, hunterio
                        File to write CSV output
  -bc BC_PATH, --breachcomp BC_PATH
                        Path to the breachcompilation torrent folder. Uses the
               script included in the torrent.
  -sk, --skip-defaults  Skips HaveIBeenPwned and HunterIO check. Ideal for
                        local scans
                        Pass config options. Supported format: "K=V,K=V"
                        Local cleartext breaches to scan for targets. Uses
                        multiprocesses, one separate process per file, on
                        separate worker pool by arguments. Supports file or
                        folder as input, and filepath globing
                        Local tar.gz (gzip) compressed breaches to scans for
                        targets. Uses multiprocesses, one separate process per
                        file. Supports file or folder as input, and filepath
                        globing. Looks for 'gz' in filename
  -sf, --single-file    If breach contains big cleartext or tar.gz files, set
                        this flag to view the progress bar. Disables
                        concurrent file searching for stability
  -ch [CHASE_LIMIT], --chase [CHASE_LIMIT]
                        Add related emails from HunterIO to ongoing target
                        list. Define number of emails per target to chase.
                        Requires private API key
  --hide                Only shows the first 4 characters of found passwords
                        to output. Ideal for demonstrations

:tangerine: Usage examples

Query for a single target
$ h8mail -t
Query for list of targets, indicate config file for API keys, output to pwned_targets.csv
$ h8mail -t targets.txt -c config.ini -o pwned_targets.csv
Query a list of targets against local copy of the Breach Compilation, pass API keys for Snusbase from the command line
$ h8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -k "snusbase_url=$snusbase_url,snusbase_token=$snusbase_token"
Query without making API calls against local copy of the Breach Compilation
$ h8mail -t targets.txt -bc ../Downloads/BreachCompilation/ -sk
Search every .gz file for targets found in targets.txt locally
$ h8mail -t targets.txt -gz /tmp/Collection1/ -sk
Check a cleartext dump for target. Add the next 10 related emails to targets to check. Read keys from cli
$ h8mail -t -lb /tmp/4k_Combo.txt -ch 10 -k "hunterio=ABCDE123"

:tangerine: Configuration file & keys

h8mail can read keys by using a config.ini file with -c, or by passing keys from the command line directly with -k.

The configuration file format is as follows:

hunterio =
snusbase_url =
snusbase_token =
; leak-lookup_pub = 1bf94ff907f68d511de9a610a6ff9263
leak-lookup_priv =
weleakinfo_pub =
weleakinfo_priv =

In the above example, you'll notice a Leak-lookup public key, graciously generated for h8mail users. To activate, uncomment the line and make sure to pass to config file. The API can sometimes timeout. If that's the case, simply relaunch.

Keys and their respective values can also be passed from the command line, with the -k option. Format is like so:

$ h8mail -t -k "K=V, K=V" "K=V"
$ h8mail -t -k "leak-lookup_pub=1bf94ff907f68d511de9a610a6ff9263"

:tangerine: Troubleshooting

Python version & Kali

  • The above instructions assume you are running python3 as default. If unsure, type the following in your terminal.
    It should be either Python 3.* or Python 2.* :
$ python --version
  • If you are running python2 as default :
    Make sure you have python3.6+ installed, then replace python commands with explicit python3 commands.

  • If you have not set your venvs, you might get a permission error saying Consider using the --user option or check the permissions.
    Simply add --user like so:

$ pip install --user h8mail


  • h8mail uses ANSI color escape characters. Windows doesn't know how to show the colors, and will show gibberish instead.
    Fortunately, you can use Cmder, which is an excellent Windows CMD prompt alternative
  • If you're having trouble with python and pip, chances are you need to add python to your PATH. pip will also need to be in your PATH environment variable.
  • If you're still having trouble with pip, you can do the following:
# Check python version, should be 3.6+
C:> python --version
# To have python handle installation of pip
C:> python -m ensurepip
# To launch pip as a module
C:> python -m pip install h8mail
# To launch h8mail as a module
C:> python -m h8mail --help


  • As described for Windows, you might encounter issues with python if your installation is incomplete, or pip's installation directory is not in your PATH.
  • If thats the case, you can try invoking pip and h8mail with the same command lines as Windows.
  • Make sure the python command refers to Python 3 with python --version, otherwise replace python with python3 in the instructions.
  • Basically try this if installed and not executing, check Windows instructions for further examples:
$ python3 -m h8mail -h

:tangerine: Thanks & Credits

:tangerine: Related open source projects

:tangerine: Notes

  • Service providers that wish being integrated can send me an email at k at khast3x dot club (PGP friendly)
  • h8mail is maintained on my free time. Feedback and war stories are welcomed.
  • Licence is BSD 3 clause
  • My code is signed with my Keybase PGP key. You can get it using:
# curl + gpg pro tip: import ktx's keys
curl | gpg --import

# the Keybase app can push to gpg keychain, too
keybase pgp pull ktx

If you wish to stay updated on this project:

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
h8mail-2.2.1-py2.py3-none-any.whl (24.3 kB) Copy SHA256 hash SHA256 Wheel py2.py3
h8mail-2.2.1.tar.gz (24.9 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page