Open-source OSINT email intelligence tool
Project description
MailAccess
Self-hostable OSINT platform for investigating email addresses. Fan out across breach databases, social networks, DNS records, and the open web — get back a unified exposure score and structured findings you can export or pipe into Maltego.
Built for security researchers, OSINT analysts, and penetration testers operating under authorization. Read DISCLAIMER.md before use.
Install
CLI only (fastest)
pip install mailaccess
# or (recommended)
pipx install mailaccess
Full self-hosted stack
git clone https://github.com/YOUR_USERNAME/mailaccess
cd mailaccess
docker compose up -d
Usage
mailaccess investigate you@example.com
mailaccess investigate you@example.com --format json
mailaccess investigate you@example.com --modules hibp,gravatar,social
mailaccess history
Features
- Concurrent module execution — all modules run in parallel, results stream as they arrive
- WebSocket streaming — partial results arrive in real time without polling
- REST API + web UI + CLI — use whatever interface fits your workflow
- Plugin module system — drop a
.pyfile inbackend/modules/and it auto-registers; no wiring required - 6 export formats: JSON, CSV, PDF, Markdown, STIX 2.1, Maltego XML
- Maltego local transform server — run investigations directly from the Maltego desktop app
- Webhook notifications — Slack, Discord, or any HTTP endpoint
- Exposure score (0–100) with risk label: low / medium / high / critical
- SQLite by default; PostgreSQL optional via Docker Compose profile
Quick Start
cp .env.example .env # all API keys are optional
docker compose up # backend :8000 · frontend :3000
Open http://localhost:3000 in your browser.
Modules
| Module | What it checks | Requires key |
|---|---|---|
hibp |
Known data breaches via the HIBP v3 API | Yes — HIBP_API_KEY |
emailrep |
Reputation score, risk flags, linked profiles (EmailRep.io) | No (key optional) |
gravatar |
Gravatar and Libravatar profile, linked accounts | No |
google_dork |
Google dork queries via SerpAPI — LinkedIn, GitHub, Pastebin, open web | Yes — SERPAPI_KEY |
domain_intel |
WHOIS, SPF / DMARC / MX, website presence, Shodan subdomains | No (Shodan optional) |
social |
Account existence on 13 platforms (GitHub, Discord, Spotify, Skype, and more) | No |
account_discovery |
Account probing across 120+ platforms via Holehe (opt-in) | No |
whatsmyname |
Username enumeration across 800+ platforms via WhatsMyName dataset (opt-in) | No |
hudson_rock |
Infostealer credential log lookup via Hudson Rock Cavalier API | No |
permutation_discovery |
Generates email permutations from recovered name, probes with HIBP + Hudson Rock (opt-in) | No |
ghunt |
Deep Google account intel: GAIA ID, YouTube, Maps reviews, Drive (Gmail only, opt-in) | Yes — GHUNT_CREDS_PATH |
dns_lookup |
MX, SPF, DMARC, DKIM DNS records | No |
whois_lookup |
WHOIS registration data | No |
shodan |
Hosts and open services for the email's domain | Yes — SHODAN_API_KEY |
social_links |
Social profiles inferred from the email username | No |
google_search |
Google search mentions of the email | No |
Export Formats
| Format | ?format= value |
Use case |
|---|---|---|
| JSON | json |
Programmatic use, archiving |
| CSV | csv |
Spreadsheet analysis |
pdf |
Human-readable reports | |
| Markdown | markdown |
Wikis, issue trackers |
| STIX 2.1 | stix |
Threat intelligence platforms |
| Maltego XML | maltego |
Maltego graph import |
Integrations
| Integration | How |
|---|---|
| Maltego | Local transform server at POST /maltego/email_investigate (no API key required) |
| Slack | Set SLACK_WEBHOOK_URL in .env |
| Discord | Set DISCORD_WEBHOOK_URL in .env |
| Generic webhook | INTEGRATION_WEBHOOK_URL + optional INTEGRATION_WEBHOOK_SECRET (HMAC) |
Documentation
| Page | Contents |
|---|---|
| Self-hosting | Docker Compose, .env reference, PostgreSQL, proxy/Tor, Maltego setup |
| Module reference | All modules, findings schema, adding new modules |
| API reference | REST endpoints, WebSocket events, authentication |
| Export formats | Supported formats, MIME types, filename conventions |
| Integrations | Maltego, Slack, Discord, generic webhooks |
| Contributing | Adding modules, adding exporters, code style, PR checklist |
License
MIT. All data queried by MailAccess comes from public sources. See DISCLAIMER.md for authorized use cases and legal responsibility.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
mailaccess-0.1.0.tar.gz
(157.9 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mailaccess-0.1.0.tar.gz.
File metadata
- Download URL: mailaccess-0.1.0.tar.gz
- Upload date:
- Size: 157.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8e9d4b06bbd9bc60b280b772facdf5a2dee2c43711e6c819f78016a88e0412c8
|
|
| MD5 |
59ee2b0eeb42d9df7ed5dd64bebf460c
|
|
| BLAKE2b-256 |
2900c694d221539486d483953f154885fbf2068f87b63d6e6d894c5f1e00045b
|
File details
Details for the file mailaccess-0.1.0-py3-none-any.whl.
File metadata
- Download URL: mailaccess-0.1.0-py3-none-any.whl
- Upload date:
- Size: 76.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
830ce45e8a77dc182a802f0f7c3fc321ea3c330219a8849179c0b524c0aec810
|
|
| MD5 |
19d155f5e3a4d008b93fe518d82dced9
|
|
| BLAKE2b-256 |
3d22139d0d48c0a5bb68b799cf095b89359f3d8125fb15fb3fa2c671122c5345
|
