Company Email Enumeration + Breached Email Finder
October 24, 2016 —
metalkey
Enumerating email addresses for a target domain and checking if these emails appear in known breaches can be extremely useful when performing recon.This script will use hunter.io to enumerate domain emails and feed them into hacked-emails.com to check if they appear in known breaches.
Note: Substitute YOURAPIKEY with your hunter.io API key. This can be obtained by creating a hunter.io account.
root@kali:~# cat emails.sh
#!/bin/bash
rm found-emails.txt
rm hacked-emails.txt
clear
echo -e "\e[92mEnter Target Domain:"
echo -e "\e[39m"
read hname
clear
echo -e "[+] Email Recon Started"
echo -e "\e[39m"
# Email Checks
echo "- Enumerating Domain Emails"
curl -k -s "https://api.emailhunter.co/v1/search?domain=$hname&api_key=YOURAPIKEY" | grep -Po '"value" :.*?[^\\]",' | cut -d'"' -f4 > found-emails.txt
echo "Found the following emails:"
cat found-emails.txt
echo ""
echo "[+] Checking if Emails have been breached"
for email in $(cat found-emails.txt);do
curl -k -s "https://hacked-emails.com/api?q=$email" | grep '"status":"found"' | cut -d'"' -f8 >> hacked-emails.txt &
done
wait
echo "The following email addresses appear in known breaches:"
cat hacked-emails.txt
echo -e "\e[39m"
echo -e "[*] Please wait..."
wait
echo -e "[END] Email Recon Complete!"
echo -e ""
Tags: recon