E-mails

Online tools

# Domain e-mail syntax finder
https://www.email-format.com
https://hunter.io

# Omail can find domain syntax as well as related e-mails addresses
https://omail.io/

# E-mail validator
https://tools.verifyemailaddress.io/
http://mailtester.com
https://dnslytics.com/email-test
https://verify-email.org/
https://verifalia.com/validate-email

# IntelX new tool allows to browse records for a given domain
https://phonebook.cz/


The Harvester

# theHarvester is a famous OSINT and scrapping tool for passiv recon on targets
# Using API keys will highly increase results

# TheHarvester received a great
# Following modules need API key (api-keys.yaml)
# bing, github, hunter, intlex, securitytrails, shodan, spyse

Usage: theharvester options

       -d: Domain to search or company name
       -b: data source: baidu, bing, bingapi, dogpile, google, googleCSE,
                        googleplus, google-profiles, linkedin, pgp, twitter, vhost,
                        virustotal, threatcrowd, crtsh, netcraft, yahoo, all

       -s: start in result number X (default: 0)
       -v: verify host name via dns resolution and search for virtual hosts
       -f: save the results into an HTML and XML file (both)
       -n: perform a DNS reverse query on all ranges discovered
       -c: perform a DNS brute force for the domain name
       -t: perform a DNS TLD expansion discovery
       -e: use this DNS server
       -p: port scan the detected hosts and check for Takeovers (80,443,22,21,8080)
       -l: limit the number of results to work with(bing goes from 50 to 50 results,
            google 100 to 100, and pgp doesn\'t use this option)
       -h: use SHODAN database to query discovered hosts

Examples:
        theharvester -d microsoft.com -l 500 -b google -h myresults.html
        theharvester -d microsoft.com -b pgp
        theharvester -d microsoft -l 200 -b linkedin
        theharvester -d apple.com -b googleCSE -l 500 -s 300


SimplyEmail

# Another simple tool to do email enumeration
https://github.com/SimplySecurity/SimplyEmail

./SimplyEmail.py -all -e cybersyndicates.com

or in verbose
./SimplyEmail.py -all -v -e cybersyndicates.com

or in verbose and no "Scope"
./SimplyEmail.py -all -v -e cybersyndicates.com -s

or with email verification
./SimplyEmail.py -all -v -verify -e cybersyndicates.com 

or with email verification & Name Creation
./SimplyEmail.py -all -v -verify -n -e cybersyndicates.com 

or json automation
./SimplyEmail.py -all -e cybersyndicates.com --json cs-json.txt


Zen (https://github.com/s0md3v/Zen)

# This tool allows you to retrieve the e-mail address of github users
python zen.py username
python zen.py https://github.com/username

# Find all emails addresses of contributors for one project
python zen.py https://github.com/username/repository

# Find emails for an organization
python zen.py organization --org
python zen.py https://github.com/orgs/organzation

# Search if the e-mail is present in a breach
python zen.py s0md3v --breach


Quidam (https://github.com/megadose/Quidam)

# Quidam allows you to retrieve information thanks to the forgotten password function of some sites.
$ python3 quidam.py --help
usage: quidam.py [-h] -u USERNAME -m MODULE

optional arguments:
  -h, --help            show this help message and exit
  -u USERNAME, --username USERNAME
                        The uername of the target
  -m MODULE, --module MODULE
                        Modules to use instagram, twitter, github or all

$ python3 quidam.py --username test --module all   
You select all
Email extract with instagram of test: z*******1@gmail.com
Email extract with twitter of test: te**@b********.***
Possible email : 
te**@barcelona.com
te**@beethoven.com
te**@bellsouth.net
te**@bellsouth.net
te**@bigassweb.com
te**@bikeracer.com
te**@bikerider.com
te**@birdowner.net
te**@blazemail.com
te**@bluehyppo.com
te**@blushmail.com
te**@bmlsports.net
te**@bornnaked.com
te**@broadcast.net
te**@buffymail.com
te**@bullsgame.com
te**@buyersusa.com
Not informations found in github