Email OSINT combines two powerful engines: Holehe for detecting which online services an email address is registered on, and h8mail for checking the email against known data breaches. Enter any email address and instantly discover linked accounts across hundreds of platforms, plus check for compromised credentials in public breach databases. Results include service names, registration status, and breach details — all presented in a professional dark-themed GUI.
holeheh8mailbreachesaccounts
Last updated:
Features
Holehe integration — detect account registrations
h8mail integration — data breach lookup
Combined scan mode
Service-by-service results
Breach details and dates
HTML session export
Live scanning console
Session notes for investigations
Copy-friendly result cards
Quick Start
# 1. Extract the zip and enter the folder cd 02-Email-OSINT
What Can Email Intelligence Reveal About an Identity?
Email addresses are the primary key linking online accounts, data breaches, and real-world identities. This tool combines Holehe (probing 120+ platform password reset endpoints) with h8mail (searching Have I Been Pwned's 14+ billion compromised accounts). Together, they reveal where an email has been registered and where it has been exposed.
Breach Analysis and Credential Intelligence
The Verizon 2024 Data Breach Investigations Report found that 68% of data breaches involved a human element — primarily stolen credentials and phishing. Email breach checking is a foundational security practice recommended by NIST SP 800-63B (Digital Identity Guidelines), which advises checking passwords against known breach corpuses. This tool automates that workflow, surfacing breach exposure, associated passwords (where available in public datasets), and linked accounts.
Platform Detection and Identity Mapping
Holehe's technique of probing password reset functions is non-intrusive — it does not trigger account notifications. It can detect registration on Google, Instagram, Twitter, Spotify, Adobe, LinkedIn, and dozens more. This maps a subject's digital footprint from a single email, enabling pivots into username enumeration with the Username Scanner or domain analysis with Domain Intel.
📧 Email OSINT — Frequently Asked Questions
What can email OSINT reveal?
Email OSINT can reveal associated accounts, data breach exposure, domain registration details, mail server configuration (SPF, DKIM, DMARC), and sometimes linked social media profiles through services like Gravatar.
Does the email investigation tool require installation?
No. The tool runs entirely in your browser using client-side Python via Pyodide. No installation, API keys, or server-side processing required. Your queries are executed locally for maximum privacy.
What can I do with the email investigation tool?
You can verify email addresses, check breach databases, and analyze email headers. The tool provides a clean interface with exportable results and cross-links to related Max Intel tools for deeper investigation.