Hey everyone! In the last article, I have shown you how to get someone’s sensitive details like address, etc using Instagram’s username. In this email hacking series, We are going to focus mainly on how an attacker can get your sensitive information from your email like:
- Social Account associated with the email address.
- Leaked Credentials.
- Find related emails and domains.
- Scan Pastebin and Throwbin Dumps.
And many others.
Announcement: Do you want to start your career in cybersecurity/bug bounty? If yes, then check out this amazing beginner zero-to-hero course on “BugBounty: The Ultimate Guide to Hunt Account Takeover(2022)“ where you can learn how hacker hack millions of users on a website in the practical way from the basics!
Operating System: Kali Linux/Ubuntu
Setting up the Tool
Follow the steps below to setup the tool:
0 – Become root by typing “sudo su”.
1- Download the bash file from here.
2- After downloading the tool, Go to the directory where you have downloaded the file and type “bash mosint_installer.py”
3- Once the installation gets complete, it will show something similar to this:
Exploring MOSINT for Email Hacking
Now we are ready to use the tool. For that, follow these steps:
1- Type “cd mosint” as shown below:
2- Let’s try to see all the available commands in this tool.For that we need to type “go run main.go -h”
Now as we can see, we have some interesting options over here. Let’s try to understand what they are
-e: This flag is used to set the email address.
–verify: This flag is used to verify the target email address.
-social: Used to extract social media accounts from the associated email address.
-relateds: Find related domains and email addresses.
-leaks: Find password leaks (We will cover this next article)
-dumps: Search pastebin dumps for target email.
-domain: Extract information about the target domain.
-o: Save the output file.
-v: Print the current version of mosint.
-h: Display help menu.
-all: Use all the flags above.
USING MOSINT TOOL FOR FIRST TIME
Now it’s time for us to use the tool. The syntax of this tool is as follows:
go run main.go -e <target email address> -<the flags you want to use>
Now after some time, we will get the output shown below:
Now we can see that it showed that my email address is associated with GitHub,Twitter and Discord. Apart from that, it also showed us all the possible related domains to my email address. These information can be used by attackers to perform social engineering with more accuracy.
So I hope you all understood how an attacker can get your sensitive details by just knowing your email address. In the next part, we will see how to get leaked credentials of someone using their email address only.