如何使用OSINT工具调查邮箱账户

作者：FancyPig | 发布时间：2022-07-04 14:30:48 | 更新时间：2022-07-04 14:39:08

杂谈

我们之前介绍过OSINT工具，通过开源情报、公网中暴露的信息进行调查、溯源，本文依旧是分享OSINT工具的使用方法，我们尝试通过该工具查看我们的邮箱账户是否在公网中泄露！

相关阅读

data-postsbox="{"id":9136,"title":"Osint Framework开源情报查询框架汉化版在线工具","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/02/20220203061505995.png","cover_video":"","views":20367,"comment_count":2020,"category":"knowledge","is_forum_post":false}">{"id":9136,"title":"Osint Framework开源情报查询框架汉化版在线工具","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/02/20220203061505995.png","cover_video":"","views":20367,"comment_count":2020,"category":"knowledge","is_forum_post":false}

data-postsbox="{"id":17294,"title":"【社工进阶】如何通过Instagram社交软件进行社工","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/06/20220605030718947.jpg","cover_video":"","views":9850,"comment_count":10,"category":"sg","is_forum_post":false}">{"id":17294,"title":"【社工进阶】如何通过Instagram社交软件进行社工","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/06/20220605030718947.jpg","cover_video":"","views":9850,"comment_count":10,"category":"sg","is_forum_post":false}

data-postsbox="{"id":7638,"title":"【社工进阶】如何通过Twitter社交软件进行社工","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/01/20220115141820812.png","cover_video":"","views":14074,"comment_count":9,"category":"sg","is_forum_post":false}">{"id":7638,"title":"【社工进阶】如何通过Twitter社交软件进行社工","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/01/20220115141820812.png","cover_video":"","views":14074,"comment_count":9,"category":"sg","is_forum_post":false}

data-postsbox="{"id":6891,"title":"想成为侦探？如何通过一张图片找到护照编号？教你玩转Maltego","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":11948,"comment_count":733,"category":"sg","is_forum_post":false}">{"id":6891,"title":"想成为侦探？如何通过一张图片找到护照编号？教你玩转Maltego","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":11948,"comment_count":733,"category":"sg","is_forum_post":false}

data-postsbox="{"id":6289,"title":"如何使用PhoneInfoga开源引擎搜集手机号信息？","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":65017,"comment_count":3282,"category":"sg","is_forum_post":false}">{"id":6289,"title":"如何使用PhoneInfoga开源引擎搜集手机号信息？","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":65017,"comment_count":3282,"category":"sg","is_forum_post":false}

Mosint

准备工作

需要先给自己的Linux系统安装git命令

CentOS

如果你是CentOS环境，您可以输入下面的命令

sudo yum install git

Debian/Ubuntu

sudo apt install git

Mosint工具的使用

下载git仓库

git clone https://github.com/alpkeskin/mosint.git

安装依赖

我们输入下面的命令进入mosint目录

cd mosint

安装依赖

pip3 install -r requirements.txt

工具集成开源引擎

服务	功能	状态	获取APIKEY的方法
ipapi.co - 公共	关于域名的信息比较多	✅	无需APIKEY
hunter.io - 公共	相关邮箱账户	✅ 🔑	👉点击阅读
emailrep.io - 公共	被入侵的网站名称	✅ 🔑	👉点击阅读
scylla.so - 公共	数据库泄露	🚧	暂时维护
breachdirectory.org - 公共	密码泄露	✅ 🔑	👉点击阅读
Intelligence X	密码泄露	✅ 🔑	👉点击阅读

您需要去相关网站注册账户，并获取APIKEY，然后填入key.json文件

{
  "BreachDirectory.org API Key": "",
  "Hunter.io API Key": "",
  "EmailRep.io API Key": "",
  "Intelx.io API Key": ""
}

EmailRep申请是需要24小时之内才能获取到APIKEY的，我这里还没有拿到，故先填入其他的三个！

邮箱账户收集

比方说我们想查询下我的QQ邮箱663962@qq.com

查询全部资料

go run main.go -e 663962@qq.com -all

查询是否有数据泄露

密码泄露会进行脱敏

go run main.go -e 663962@qq.com -leaks

这里可以看到之前我的密码用过6745****😂

其实我们之前还介绍了很多类似的工具在社区

《【小技巧】教您查询自己的账户密码是否泄露过》

查询社交平台注册情况

go run main.go -e 663962@qq.com -social

查询关联域名

go run main.go -e 663962@qq.com -domain

如何使用OSINT工具调查邮箱账户

杂谈

相关阅读

Mosint

准备工作

CentOS

Debian/Ubuntu

Mosint工具的使用

下载git仓库

安装依赖

工具集成开源引擎

邮箱账户收集

查询全部资料

查询是否有数据泄露

查询社交平台注册情况

查询关联域名

更多工具