INTRODUCTION

Hey everyone! In the last article, I have shown you how to get someone’s sensitive details like address, etc using Instagram’s username. In this email hacking series, We are going to focus mainly on how an attacker can get your sensitive information from your email like:

  • Social Account associated with the email address.
  • Leaked Credentials.
  • Find related emails and domains.
  • Scan Pastebin and Throwbin Dumps.

And many others.

Announcement: Do you want to start your career in cybersecurity/bug bounty? If yes, then check out this amazing beginner zero-to-hero course on “BugBounty: The Ultimate Guide to Hunt Account Takeover(2022) where you can learn how hacker hack millions of users on a website in the practical way from the basics!

Let’s begin.

Requirements

Operating System: Kali Linux/Ubuntu

Tool: MOSINT

Setting up the Tool

Follow the steps below to setup the tool:

0 – Become root by typing “sudo su”.

1- Download the bash file from here.

2- After downloading the tool, Go to the directory where you have downloaded the file and type “bash mosint_installer.py”

3- Once the installation gets complete, it will show something similar to this:

Email Hacking pic 2

Exploring MOSINT for Email Hacking

Now we are ready to use the tool. For that, follow these steps:

1- Type “cd mosint” as shown below:

2- Let’s try to see all the available commands in this tool.For that we need to type “go run main.go -h”

Email Hacking pic 4

Now as we can see, we have some interesting options over here. Let’s try to understand what they are

-e: This flag is used to set the email address.

verify: This flag is used to verify the target email address.

-social: Used to extract social media accounts from the associated email address.

-relateds: Find related domains and email addresses.

-leaks: Find password leaks (We will cover this next article)

-dumps: Search pastebin dumps for target email.

-domain: Extract information about the target domain.

-o: Save the output file.

-v: Print the current version of mosint.

-h: Display help menu.

-all: Use all the flags above.

USING MOSINT TOOL FOR FIRST TIME

Now it’s time for us to use the tool. The syntax of this tool is as follows:

go run main.go -e <target email address> -<the flags you want to use>

I am going to scan my email address i.e [email protected] Let’s type “go run main.go -e [email protected] -all” and hit enter. It will show you a screen similar to this:

Email Hacking pic 4

Now after some time, we will get the output shown below:

Now we can see that it showed that my email address is associated with GitHub,Twitter and Discord. Apart from that, it also showed us all the possible related domains to my email address. These information can be used by attackers to perform social engineering with more accuracy.

Final Words

So I hope you all understood how an attacker can get your sensitive details by just knowing your email address. In the next part, we will see how to get leaked credentials of someone using their email address only.

Let me know if you have any doubts or issues while using this tool. Check out our cybersecurity section over here. Join our telegram community over here