search

khast3x / h8mail

Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
Other
4.02k stars 506 forks source link

h8mail always says not compromised no matter what #126

Open zisis912 opened 2 years ago

zisis912 commented 2 years ago

Issues not respecting the issue template will be closed without being read, thank you.

Checkbox

Env

Description

i tried to search up an email that i had searched up on HIBP before and knew was compromised, but it said status: not compromised. Same happened with many other emails. It seems like there's an issue with scylla, does it have to do with me or the servers?

What I Did

C:\Users\anast>h8mail -t tom@mail.com
←[37m             Official h8mail posts:
                  https://khast3x.club/tags/h8mail/

 ←[0m
         ←[36m Version 2.5.5 - "ROCKSMASSON.5"  ←[0m
←[01m←[38;5;33m ←[0m
←[01m←[38;5;69m         ._____. ._____.     ;____________;←[0m
←[01m←[38;5;69m         | ._. | | ._. |     ;   h8mail   ;←[0m
←[01m←[38;5;105m        | !_| |_|_|_! |     ;------------;←[0m
←[01m←[38;5;105m        !___| |_______!  Heartfelt Email OSINT←[0m
←[01m←[38;5;141m        .___|_|_| |___.    Use responsibly←[0m
←[01m←[38;5;141m        | ._____| |_. | ;____________________;←[0m
←[01m←[38;5;177m        | !_! | | !_! | ; github.com/khast3x ;←[0m
←[01m←[38;5;177m        !_____! !_____! ;--------------------;←[0m
←[01m←[38;5;213m        ←[0m
←[01m←[32m[>] ←[0mh8mail is up to date
←[01m←[94m[~] ←[0m←[37mRemoving duplicates←[0m
←[01m←[32m[>] ←[0mTargets:
←[01m←[32m[>] ←[0mtom@mail.com
←[01m←[32m[>] ←[0mscylla.so is up
←[01m←[94m[~] ←[0m←[37mTarget factory started for tom@mail.com←[0m
←[01m←[94m[~] ←[0m←[37m[tom@mail.com]>[hunter.io public]←[0m
←[01m←[32m[>] ←[0mFound 0 related emails for tom@mail.com using hunter.io (public)
←[01m←[94m[~] ←[0m←[37m[tom@mail.com]>[scylla.so]←[0m
←[01m←[31m[!] ←[0mscylla.so error: tom@mail.com
Expecting value: line 2 column 1 (char 1)

←[01m __________________________________________________________________________________________
 ←[0m
←[01m←[32m[>] ←[0mShowing results for tom@mail.com←[0m

←[01m←[94m[~] ←[0m←[37mNo results founds←[0m
__________________________________________________________________________________________

                                 ←[01m ←[04m Session Recap: ←[0m

                 Target                  |                   Status                  ←[0m
__________________________________________________________________________________________

              tom@mail.com               |  ←[37m             Not Compromised              ←[0m
__________________________________________________________________________________________

Execution time (seconds):  ←[96m 2.269804000854492 ←[0m
djwaix commented 2 years ago

Same experience.

H8mail 2.5.5 Python 3.9.7 OSes: Mac OS X 11 (Big Sur), Ubuntu 20.04 LTS, Debian 10 (Buster; Raspberry Pi)

Tested multiple known compromised addresses and receive “Not Compromised” result.

khast3x commented 2 years ago

Did you use an API key ? The default search engine scylla.sh is currently unavailable, as illustrated in the README.md API table.

djwaix commented 2 years ago

I did actually have API’s established (hunter, emailrep, hibp). What I failed to realize—purely my not reading the help completely—was that I had to pass the -c flag to pull in the API’s from the config file. I had assumed it would read it automatically.

I can report that I am no longer experiencing this “issue” in my case; user error. Thank you @khast3x

shamwowr commented 2 years ago

I am having a similar issue, I just purchased an API from Have I been Pwned however after i type in the command h8mail -g it generates a configuration file and no place to type in the API key.

  Version 2.5.5 - "ROCKSMASSON.5"  

._____. ._____.     ;____________;
| ._. | | ._. |     ;   h8mail   ;
| !_| |_|_|_! |     ;------------;
!___| |_______!  Heartfelt Email OSINT
.___|_|_| |___.    Use responsibly
| ._____| |_. | ;____________________;
| !_! | | !_! | ; github.com/khast3x ;
!_____! !_____! ;--------------------;

[>] h8mail is up to date usage: h8mail [-h] [-t USER_TARGETS [USER_TARGETS ...]] [-u USER_URLS [USER_URLS ...]] [-q USER_QUERY] [--loose] [-c CONFIG_FILE [CONFIG_FILE ...]] [-o OUTPUT_FILE] [-j OUTPUT_JSON] [-bc BC_PATH] [-sk] [-k CLI_APIKEYS [CLI_APIKEYS ...]] [-lb LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...]] [-gz LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...]] [-sf] [-ch [CHASE_LIMIT]] [--power-chase] [--hide] [--debug] [--gen-config] h8mail: error: argument -c/--config: expected at least one argument

khast3x commented 2 years ago

@shamwowr you need to edit the configuration file, and tell h8mail where to find it using -c. Uncomment the line referring to HIBP, and add you key details. You can find a tutorial in this blog post, just replace IntelX with HIBP.

tnsgaming commented 2 years ago

@shamwowr you need to edit the configuration file, and tell h8mail where to find it using -c. Uncomment the line referring to HIBP, and add you key details. You can find a tutorial in this blog post, just replace IntelX with HIBP.

I followed the steps, but nothing happened it still showing the same window showed above.

trilogiam-cyber commented 2 years ago

Having the same issue. I've added API keys for hunter.io and HIBP. If I lookup an email address and point to my config file, no problem; however, if I use "-q domain -t ", then I immediately get the scylla.so error shown in the OP.

djwaix commented 2 years ago

Having the same issue. I've added API keys for hunter.io and HIBP. If I lookup an email address and point to my config file, no problem; however, if I use "-q domain -t ", then I immediately get the scylla.so error shown in the OP.

Are you also passing the -c path_to_config.ini with this custom query? h8mail -q domain -t domain.com -c h8mail_config.ini works for me (I have Hunter/HIBP enabled).

trilogiam-cyber commented 2 years ago

Yes, that's exactly what I'm doing; see attached. example.pdf