Hey guy’s this is me, @dheerajydv19 , and in today’s blog, we will be learning about an awesome tool for email osint.
Let’s first learn the basic info about holehe and then we will go deep about its capabilities, its usage, and everything else you need to know.
Tool link -
https://github.com/megadose/holehe
Why do we need this tool?
As often, we get our target(victim’s) email during the investigations and many of the people here get confused about what to do next.
Some try epios and move on, while others move on without trying to find any data using email or some try to misuse forgot password functionality of popular social media platforms like Facebook, Gmail, and Instagram for checking if they have an account or not.
Here comes the tool holehe as a savior, you will understand the meaning of this line in the end, so just wait and watch.
How does this tool actually work?
Holehe checks if an email is attached to an account on sites like Twitter, Instagram, Imgur, and more than 120 others and that’s just in a single click. I mean by giving a single command. Isn’t this awesome? This tool works by using the registration, login, and password reset functionality.
Now, let’s understand the installation process and get this awesome tool installed on our machine.
Installation
Using pip -
pip3 install holehe
Using GitHub -
git clone https://github.com/megadose/holehe.git
cd holehe/
python3 setup.py install
Usage -
holehe test@gmail.com
The usage is pretty simple, just replace your victim’s mail with the test@gmail.com, if you want to use advanced options, type the command holehe -h and see the help menu.
Understanding the output -
You can understand if the account exists on that website by seeing its colour,
Green color> Account exists by that mail
Purple color > Account doesn’t exists by that mail
Red color > Didnt checked due to rate limit
If you wanted to know the list of websites this website check your mail on, prefer checking them here.
https://github.com/megadose/holehe#modules
When to use this tool
I personally prefer using this tool every time whenever I got a new email during any investigation as it’s always better to increase your attack surface and gather as much intel as possible.
FAQs -
Is this tool works for Gmail or will work for any mail?
Yes, this tool works for any mail.
Does this tool have drawbacks?
Yes, just like no one is perfect, this is also not perfect, it doesn’t work for all websites due to the rate limit.
Does there exist any other email osint tool?
Yes, the one more tool I use for email osint is mosint, Let me know if you guys need a blog on that.
Any FAQs, feel free to ask here in the comments or ask on Twitter.
That’s it for today’s blog, will continue writing more amazing blogs, especially on osint and bug hunting and a few other topics, too. Show your support by following me on Twitter.
Follow me on Twitter: https://twitter.com/Dheerajydv19