Usernames and Email Addresses

Corporate usernames are beginning to be obnoxiously easy to guess and build. The standard of [email protected] is so common, it's ridiculous. Even more so when account management tools will simply take the first half of the email and reuse it as a username. We can use schemes like this to our advantage to search for a multitude of treasures like accounts on other services with the same username, credentials found in breaches, and associated sites or tools. When searching for usernames, you can uncover linked social media accounts and tons of relevant intelligence.
Username.html and Email.html
These two tools often go hand in hand with results often overlapping. Still, it is good habit to run the searches for both the username and the email address in case there is a discrepancy between the two. These two tools check for two things: presence of the username/email on a given platform, and any public/leaked info connected to them.

Username Search Tools

Email Address Search Tools

Email Address Discovery

For when you have your target but not their email address

Email Verification

Some times it helps to perform a quick check to see if an email is even valid or registered.
  • ​Tru Mail - Prevent bounced emails and low-quality users with free professional grade email verification
  • ​Email Hippo - Email address verification technology from Email Hippo that connects to mailboxes and checks whether an email address exists.
  • ​Verify email - This email verification tool actually connects to the mail server and checks whether the mailbox exists or not.
  • ​Email Checker - Email Checker ensures that an email address is correct and active in real-time without ever needing to send a message.

Email CLI Tools

  • ​TheHarvester - This tool is the defacto standard for email intelligence gathering. It checks a large array of sources to pull together information. It can leverage APIs of other services such as Spyse or Shodan to improve the search. Remember these will require an API key to use. I have found that between the above html tools and this, it will satisfy your email searching needs.
  • ​Infoga - Infoga is a tool gathering email accounts information (ip,hostname,country,...) from different public source (search engines, pgp key servers and shodan) and check if emails was leaked using API.
  • ​Match Email to Phone number - email2phonenumber is an OSINT tool that allows you to obtain a target's phone number just by having his email address.
  • ​GHunt - Google account info scraper
  • ​h8mail - Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
  • ​EmailFinder - Search emails from a domain through search engines

Sources of Intelligence

  • Google Calendar - Using a valid google email account, you can search for public calendars.