h8mail

Installation

Install via pip

pip install h8mail

Install from source

git clone https://github.com/khast3x/h8mail.git
cd h8mail
pip install -r requirements.txt
python h8mail.py

Verify installation

h8mail --version

Configuration

API Key Setup

Create a ~/.h8mail_rc configuration file:

[breaches]
hibp_api_key = YOUR_HIBP_API_KEY
snusbase_auth = YOUR_SNUSBASE_TOKEN
leakcheck_api_key = YOUR_LEAKCHECK_API_KEY
emailrep_api_key = YOUR_EMAILREP_API_KEY

Or set environment variables:

export HIBP_API_KEY="your_key_here"
export SNUSBASE_AUTH="your_token_here"

Supported Breach Services

Service	Type	API Required	Notes
HaveIBeenPwned (HIBP)	Breach DB	Yes	Most comprehensive, 613M+ breaches
Snusbase	Breach DB	Yes	Large Russian breach database
LeakCheck	Breach DB	Yes	Extensive leak collection
EmailRep	Reputation	Yes	Email reputation & breach data
Dehashed	Breach DB	Yes	Dark web breach database
Intelx	Breach DB	Yes	Intelligence X platform
Scylla	Breach DB	No	Free online breach search
Shodan	IP Lookup	Yes	Internet-connected devices

Single Email Lookup

Basic email search

h8mail -e target@example.com

Search with verbose output

h8mail -e target@example.com -v

Search specific service only

h8mail -e target@example.com --only hibp

Search multiple services

h8mail -e target@example.com --only hibp,snusbase,leakcheck

Bulk Email Searching

Search from file

h8mail -l emails.txt

Email file format

target1@example.com
target2@example.com
admin@company.org
user@domain.net

Search with custom output file

h8mail -l emails.txt -o results.txt

Batch processing with rate limiting

h8mail -l emails.txt --delay 2

Local Breach File Searching

Search local breach database

h8mail -e target@example.com -ldb /path/to/breach_database.txt

Search multiple local files

h8mail -e target@example.com -ldb breaches/ passwords/

Import and index local breaches

h8mail -e target@example.com --local-only -ldb database.csv

Chase Mode - Trace Related Emails

Enable chase mode for related accounts

h8mail -e target@example.com --chase

Chase mode with depth limit

h8mail -e target@example.com --chase -c 2

Chase related emails found in breaches

h8mail -e admin@company.com --chase --max-distance 3

This finds other email addresses from breaches and searches those recursively.

Output Formats

JSON output

h8mail -e target@example.com -o results.json --json

CSV output

h8mail -l emails.txt -o results.csv --csv

Plain text output (default)

h8mail -e target@example.com -o results.txt

HTML report output

h8mail -l emails.txt -o report.html --html

Searching Strategies

Company domain reconnaissance

h8mail -l company_employees.txt -o breach_report.txt

Credential hunting for penetration testing

h8mail -e target@example.com -v --paste

Combine with other data

h8mail -e leaked_email@domain.com --chase

High-priority target search

h8mail -e ceo@company.com -v --all-providers

Advanced Options

Show all breaches (verbose)

h8mail -e target@example.com -v

Skip unresponsive services

h8mail -e target@example.com --timeout 10

Use proxies

h8mail -e target@example.com --proxy socks5://127.0.0.1:9050

Save paste dumps when found

h8mail -e target@example.com --paste -o pastes/

Disable colors in output

h8mail -e target@example.com --no-color

Check before running bulk operations

h8mail -l emails.txt --dry-run

Integration with OSINT Workflows

Combine with TheHarvester

theharvester -d example.com -b all | grep "@" | tee emails.txt
h8mail -l emails.txt -o results.txt

Combine with Maltego

Export email addresses from Maltego → Import to h8mail

Use in Shodan queries

h8mail -e admin@example.com --shodan

Parse breach data for usernames

h8mail -e user@example.com -v | grep -i "password\|username"

Automation and Scripting

Batch processing with shell loop

for email in $(cat targets.txt); do
  h8mail -e "$email" -o "results_${email}.txt"
done

Automated daily monitoring

#!/bin/bash
DATE=$(date +%Y%m%d)
h8mail -l critical_emails.txt -o "breach_report_${DATE}.txt"

Integration with bash automation

h8mail -e target@example.com --json | jq '.[] | select(.breaches | length > 0)'

Python scripting

import subprocess
import json

result = subprocess.run(
    ['h8mail', '-e', 'target@example.com', '--json'],
    capture_output=True,
    text=True
)
data = json.loads(result.stdout)

Common Workflows

Verify email in breach databases

h8mail -e suspicious@company.com

Monitor employee email safety

h8mail -l company_staff.txt -o security_audit.txt

Incident response - find compromised accounts

h8mail -e compromised@domain.com -v --all-providers

Threat hunting - trace attacker email

h8mail -e attacker@evil.com --chase -v

Credential stuffing assessment

h8mail -l internal_users.txt -o credstuffing_risk.json --json

Troubleshooting

API key not recognized

# Verify config file exists
cat ~/.h8mail_rc

# Check environment variable
echo $HIBP_API_KEY

Rate limiting errors

# Add delay between requests
h8mail -l emails.txt --delay 3

SSL certificate errors

# Disable SSL verification (use cautiously)
h8mail -e target@example.com --insecure

Timeout issues

# Increase timeout
h8mail -e target@example.com --timeout 30

Large file handling

# Process in chunks
split -l 100 emails.txt email_chunk_
for file in email_chunk_*; do h8mail -l "$file"; done

Best Practices

• API Limits: Respect rate limits; use delays between bulk searches
• Privacy: Only scan email addresses you have authorization to test
• Storage: Securely store breach data and results
• Updates: Keep h8mail updated for new breach service integrations
• Filtering: Use —only flag to query specific services and save API quota
• Logging: Combine -v and -o flags for detailed searchable results
• Automation: Use JSON output for automated parsing in scripts

Resources

• GitHub: https://github.com/khast3x/h8mail
• Documentation: https://github.com/khast3x/h8mail/wiki
• API Keys: Register with individual breach services for API access
• OSINT Tools: Integrate with Shodan, Maltego, TheHarvester