loading
loading
OSINT
Gather email account intelligence from public sources and check it against breach data.
overview
Infoga collects intelligence about the email accounts tied to a domain by mining public sources: search engines, PGP key servers, and Shodan. For each address it can pull context like the source IP, hostname, and country, and it cross-checks against the Have I Been Pwned dataset to flag addresses that show up in known breaches.
The interface stays compact. Give it a target domain with -d, choose a search source with -s, and toggle information and breach lookups with -i and -b, while -v sets how much it prints as it runs. Because it leans on public OSINT rather than touching the target's mail servers, it stays quiet while it footprints an organization's email exposure.
Reach for Infoga early in reconnaissance, when you want a fast read on which addresses a domain leaks in public and which of them already sit in breach corpora. As a Trickest node it takes a domain and writes a file and a folder of results, so you can route the address list and breach flags into a report or the next node in an attack-surface workflow.
source github.com/m4ll0k/infoga
use cases
Mine search engines, PGP servers, and Shodan for the addresses a domain leaks in public, and build a picture of who is reachable before an engagement.
Turn on breach mode to cross-check each discovered address against Have I Been Pwned and mark the ones already sitting in known leaks.
Point -s at one engine, such as google, bing, or pgp, to control where address harvesting pulls from and keep a run focused.
Use info mode to attach the source IP, hostname, and country to each address before it feeds a report or the next recon node.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| domain | STRING | -d | Target domain or name to gather email intelligence for. |
| source-data | STRING | -s | Search source to use: google, bing, yahoo, ask, baidu, dogpile, exalead, or pgp (default all). |
| info | BOOLEAN | -i | Get email information for the discovered addresses. |
| breach | BOOLEAN | -b | Check whether each email appears in known breaches. |
| verbose | STRING | -v | Verbosity level (1, 2, or 3). |
Showing key inputs. Infoga exposes 5 inputs in total.
example
# harvest a domain's emails across all sources and flag breached accountsinfoga -d example.com -s all -b -v 2[*] Searching emails for example.com across all sources[+] Emails found (3): admin@example.com careers@example.com m.owens@example.com[+] admin@example.com ip 203.0.113.45 host mail.example.com country United States[!] admin@example.com breached: found in 3 known leaks[-] careers@example.com no breach records foundguidance
Use Infoga to harvest a domain's email addresses from public OSINT and flag breached ones. For broad multi-source breach lookups by email, dedicated breach tools dig deeper. For general document and people OSINT, theHarvester casts a wider net.
Harvests emails, subdomains, and hosts from many public sources. Broader OSINT, no built-in breach check.
Focused breach and leak hunting by email. Deeper on compromise data than Infoga's HIBP check.
Checks where an email is registered across sites. Different OSINT angle, account discovery rather than breaches.
faq
related
Look up DNS records on DNSDumpster.
Look up a host on DNSDumpster.
Find lookalike domains adversaries use for typosquatting, phishing, and brand impersonation.
List all public repositories for valid GitHub usernames.
Look up the real IP of a host starting from its favicon and using Shodan.
Collect a dossier on a person by username across thousands of sites.
A domain feeds Infoga, which harvests email addresses from public sources, flags the breached ones, and writes them as a queryable output.
Facts on this page come from the live Trickest tool library.