OSINT Toolbox Talk: Investigating email addresses, usernames and WhatsApp groups

OSINT Tool Review

Verifying and investigating email addresses with Holehe

Verifying and investigating email addresses with Holehe Verifying and investigating email addresses with Holehe https://github.com/megadose/holehe

Manually investigating email addresses can be a tedious task especially when faced with the prospect of manually verifying whether an email address has been registered on individual websites. At the same time, this process is fraught with a very serious risk – one wrong move can trigger a red flag and warn the target. One solution to this problem is Holehe, a very neat Python-based script that enables Digital Investigators to check whether an email address is used across several online sources such as social media, shopping and adult-oriented websites. The full list is quite extensive, but it includes:

Social Media

  • Instagram
  • MySpace
  • Twitter
  • Snapchat
  • Discord
  • Pinterest
  • Parler
  • Tumblr
  • OK.ru


  • Amazon
  • eBay
  • Deliveroo


  • Google
  • Protonmail
  • Mail.ru


  • PornHub
  • RedTube

Cyber / Software-Related

  • Github
  • Code Igniter (Forum)
  • Code Academy
  • Codepen
  • Cracked.to
  • Docker
  • Office 365

Installing and deploying Holehe within a Command-Line Interface environment is very easy – making this one of the more easy-to-use, but highly powerful Python scripts available. The script works by taking the email address that the user has specified and verifies the address through the ‘lost password’ function. The target is not warned of this action; for example, the target will not receive a password reset email. Many readers will now be wondering as to why popular social media such as Facebook is not included within Holehe’s list of online sources; this is because a ‘lost password’ request on Facebook will naturally trigger a warning to the user. For other webpages, they are likely to have enhanced privacy measures which means that a ‘lost password’ submission will not verify an email address. For example, if we were to submit a ‘lost password’ request to codecanyon.com, the website will respond with something like “If a matching account was found, an email was sent to user@email.com to allow you to reset your password”. In this instance, this is not ideal for Holehe – or us, the Digital Investigators – due to the website’s response neither confirming nor denying the existence of an account registered to our target email address.

So, what we like about Holehe: it is easy to install and deploy. For such an easy installation, Holehe packs quite a lot of power and provides users with very useful results. The tool has been further developed into a Maltego transform – this is certainly ideal for Digital Investigators who use Maltego. There are downsides to using the tool – none of which are the fault of the developers. For example, many web pages have now implement rate-limiting mechanisms that prevent scripts such as Holehe from obtaining user data. To address this, the developers suggest that users simply use a VPN and change the IP address during each scanning cycle. Another downside is the eventual prospect that most web pages will implement additional safeguards concerning password resets, such as the example indicated in the preceding paragraph. All that aside, Holehe is a great tool, it has been well-crafted and delivers the results that Digital Investigators expect. It is easy to install, quick to use and very powerful in terms of results. Most certainly, Holehe is a highly recommended tool for any OSINT toolkit.

Let's talk today Are you ready to begin discussing our range of training and capability development solutions?