[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-78164":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":10,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":23,"hasPages":21,"topics":24,"createdAt":10,"pushedAt":10,"updatedAt":43,"readmeContent":44,"aiSummary":45,"trendingCount":15,"starSnapshotCount":15,"syncStatus":46,"lastSyncTime":47,"discoverSource":48},78164,"MailAccess","KatrielMoses\u002FMailAccess","KatrielMoses","Free email OSINT tool, 2500+ platforms, identity clustering, breach detection. No API keys required. pip install mailaccess","",null,"Python",133,21,3,0,1,8,89,7,4.03,false,"main",true,[25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42],"cybersecurity","email","email-automation","email-osint","holehe","infosec","maltego","open-source","osint","osint-tool","penetration-testing","privacy","python","reconnaissance","security-tools","stix","threat-analysis","threat-intelligence","2026-06-12 02:03:46","\u003Cpre align=\"center\">\n███╗   ███╗ █████╗ ██╗██╗      █████╗  ██████╗ ██████╗███████╗███████╗███████╗\n████╗ ████║██╔══██╗██║██║     ██╔══██╗██╔════╝██╔════╝██╔════╝██╔════╝██╔════╝\n██╔████╔██║███████║██║██║     ███████║██║     ██║     █████╗  ███████╗███████╗\n██║╚██╔╝██║██╔══██║██║██║     ██╔══██║██║     ██║     ██╔══╝  ╚════██║╚════██║\n██║ ╚═╝ ██║██║  ██║██║███████╗██║  ██║╚██████╗╚██████╗███████╗███████║███████║\n╚═╝     ╚═╝╚═╝  ╚═╝╚═╝╚══════╝╚═╝  ╚═╝ ╚═════╝ ╚═════╝╚══════╝╚══════╝╚══════╝\n\u003C\u002Fpre>\n\n[![License: MIT](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-blue.svg)](LICENSE)\n[![Python 3.11+](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPython-3.11%2B-blue.svg)](https:\u002F\u002Fwww.python.org\u002F)\n[![Docker](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDocker-Compose-blue.svg)](docker-compose.yml)\n[![PyPI version](https:\u002F\u002Fimg.shields.io\u002Fstatic\u002Fv1?label=PyPI&message=0.4.0&color=3775A9&logo=pypi&logoColor=white)](https:\u002F\u002Fpypi.org\u002Fproject\u002Fmailaccess\u002F)\n[![PyPI Downloads](https:\u002F\u002Fimg.shields.io\u002Fpypi\u002Fdm\u002Fmailaccess)](https:\u002F\u002Fpypi.org\u002Fproject\u002Fmailaccess\u002F)\n\nSelf-hostable OSINT platform for investigating email addresses. Fan out across breach databases, social networks, DNS records, and the open web — get back a unified exposure score and structured findings you can export or pipe into Maltego.\n\nBuilt for security researchers, OSINT analysts, and penetration testers operating under authorization. Read [DISCLAIMER.md](DISCLAIMER.md) before use.\n\n## Install\n\n### CLI only (no Docker)\n\n```bash\npip install mailaccess\n\n# Option A: auto-start (simplest)\nmailaccess investigate you@example.com\n# Server starts automatically, runs investigation,\n# stops when done.\n\n# Option B: keep server running\nmailaccess serve  # in one terminal\nmailaccess investigate you@example.com  # in another\n\n# Option C: full stack with Web UI\ngit clone https:\u002F\u002Fgithub.com\u002FYOUR_USERNAME\u002Fmailaccess\ndocker compose up -d\n```\n\n## Quick Start\n\n```bash\nmailaccess investigate you@example.com\nmailaccess investigate you@example.com -o report.pdf\nmailaccess investigate you@example.com --format jsonl\nmailaccess investigate -                        # read email from stdin\nmailaccess serve                                # start backend server on :8000\nmailaccess keys list\nmailaccess keys set HIBP_API_KEY your-key-here\nmailaccess modules\nmailaccess doctor                               # coming soon\n```\n\n![Investigation demo](public\u002Finvestigation.gif)\n\n## What It Does\n\n- **Identity graph** — cross-platform correlation of accounts, usernames, and signals from each investigation\n- **Phone number recovery** — pipeline to surface and validate numbers tied to the target\n- **Telegram \u002F WhatsApp hints** — lightweight messaging-app footprint checks alongside other modules\n- **YAML-driven platform system** — social-style checks defined in `backend\u002Fplatforms\u002F`; community extensible without new Python for each site\n- **Deep breach mode** — checks top 100 highest-severity breached sites for account existence\n- **Historical intelligence** — Wayback Machine archive search + GitHub commit author search\n- **Recursive email discovery** — recovers other emails owned by the same person via name correlation\n- Concurrent module execution — all modules run in parallel, results stream as they arrive\n- WebSocket streaming — partial results arrive in real time without polling\n- REST API + web UI + CLI — use whatever interface fits your workflow\n- Plugin module system — drop a `.py` file in `backend\u002Fmodules\u002F` and it auto-registers; no wiring required\n- 6 export formats: JSON, CSV, PDF, Markdown, STIX 2.1, Maltego XML\n- Maltego local transform server — run investigations directly from the Maltego desktop app\n- Webhook notifications — Slack, Discord, or any HTTP endpoint\n- Exposure score (0–100) with risk label: low \u002F medium \u002F high \u002F critical\n- SQLite by default; PostgreSQL optional via Docker Compose profile\n\n## Modules\n\n| Module | Coverage | Key Required | Opt-in |\n|--------|----------|--------------|--------|\n| gravatar | Profile hash lookup | No | No |\n| hibp | Breach check | Yes | No |\n| breach_deep | Probes top 100 highest-severity breached sites for account existence | No (HIBP corpus fetched automatically) | Yes |\n| emailrep | Reputation + blacklist | No | No |\n| hudson_rock | Infostealer logs (free) | No | No |\n| google_dork | 5 automated dorks | Yes (SerpAPI) | No |\n| email_discovery | Recovers other email addresses owned by same person via name dorks | Yes (SERPAPI_KEY) | No |\n| domain_intel | Domain + Shodan | No (Shodan optional) | No |\n| dns_lookup | MX\u002FSPF\u002FDMARC\u002FDKIM\u002FA\u002FNS extraction | No | No |\n| whois_lookup | Domain WHOIS, privacy detection | No | No |\n| wayback | Finds historical pages where email appeared publicly via Wayback Machine CDX | No | No |\n| github_commits | Finds repos committed to with this email, surfaces real name from git config | No (GITHUB_TOKEN optional) | No |\n| social | 13 platforms via YAML | No | No |\n| social_links | Username extraction, feeds pivot | No | No |\n| account_discovery | Holehe 120+ platforms | No | Yes |\n| user_scanner | 205+ platform vectors | No | Yes |\n| whatsmyname | 700+ platforms | No | Yes |\n| breachdirectory | 2nd breach source | Yes | No |\n| username_pivot | WMN via recovered usernames | No | Yes |\n| permutation_discovery | 60 email variants | No | Yes |\n| phone_intel | Phone validation + WA\u002FTG hints | No | No |\n| messaging_hints | Telegram\u002FWhatsApp username check | No | No |\n| ghunt | Gmail deep intel | No (setup required) | Yes |\n| identity_graph | Cross-platform cluster analysis | No | No (automatic) |\n\n> 24 modules, 800+ platforms checked when all opt-in modules enabled. YAML platform system — add new platforms via PR, no Python required.\n\n## Identity Graph\n\nEvery investigation generates a cross-platform identity graph linking accounts by shared usernames, photos, display names, and breach data. View at:\n\n`\u002Finvestigation\u002F:id\u002Fgraph`\n\nExport as D3-compatible JSON via `GET \u002Fapi\u002Freport\u002F{id}\u002Fgraph` or fetch clusters with confidence scores via `GET \u002Fapi\u002Freport\u002F{id}\u002Fclusters`.\n\nFindings are automatically grouped into identity clusters with confidence scoring. Use `--show-collisions` to expand low-confidence matches in CLI output.\n\n## Historical Intelligence\n\nMailAccess searches the Wayback Machine CDX API for archived pages where the email appeared publicly — catching deleted blog posts, old forum signatures, and removed contact pages.\n\nGitHub commit history is searched by author email, revealing repos contributed to, real name from git config, and development activity timeline.\n\n## Deep Breach Mode\n\nEnable with `ENABLE_BREACH_DEEP=true`.\n\nFetches the full HIBP breach corpus on startup, ranks sites by severity (record count × data class multipliers), then probes the top 100 highest-severity sites for account existence via YAML probes and generic reset-flow inference. Findings show breach name, record count, data classes, and severity — giving analysts a probabilistic credential exposure estimate.\n\nExample output:\n\n```text\n⚠ adobe.com    CRITICAL  153M records\n  [Passwords, Email, Password hints]\n✓ dropbox.com  HIGH       69M records\n  [Email, Passwords]\n~222M records across 2 breaches potentially include this email's credentials\n```\n\n## Pipeline\n\nMailAccess is pipeline-friendly: read target emails from stdin, stream JSONL output, and branch on exit codes in CI\u002FCD scripts.\n\n```bash\n# Batch from file\ncat emails.txt | mailaccess investigate -\n\n# Stream JSONL\nmailaccess investigate you@example.com --format jsonl | jq .\n\n# Filter critical findings\nmailaccess investigate you@example.com --format jsonl | jq 'select(.severity==\"critical\")'\n```\n\n**Exit codes:** `0` clean · `1` findings · `2` breaches · `3` error\n\nSee [docs\u002Fintegrations.md](docs\u002Fintegrations.md#pipeline-integration) for GitHub Actions examples.\n\n---\n\n## Adding a Platform\n\nNo Python required. Drop a YAML file in `backend\u002Fplatforms\u002F`:\n\n```bash\ncp backend\u002Fplatforms\u002FTEMPLATE.yaml backend\u002Fplatforms\u002Fmysite.yaml\n```\n\nEdit fields, submit PR.\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for full guide.\n\n## Export Formats\n\n| Format | `?format=` value | Use case |\n|--------|-----------------|----------|\n| JSON | `json` | Programmatic use, archiving |\n| CSV | `csv` | Spreadsheet analysis |\n| PDF | `pdf` | Human-readable reports |\n| Markdown | `markdown` | Wikis, issue trackers |\n| STIX 2.1 | `stix` | Threat intelligence platforms |\n| Maltego XML | `maltego` | Maltego graph import |\n\n## Integrations\n\n| Integration | How |\n|-------------|-----|\n| Maltego | Local transform server at `POST \u002Fmaltego\u002Femail_investigate` (no API key required) |\n| Slack | Set `SLACK_WEBHOOK_URL` in `.env` |\n| Discord | Set `DISCORD_WEBHOOK_URL` in `.env` |\n| Generic webhook | `INTEGRATION_WEBHOOK_URL` + optional `INTEGRATION_WEBHOOK_SECRET` (HMAC) |\n\n## Self-Hosting\n\n```bash\ncp .env.example .env      # all API keys are optional\ndocker compose up         # backend :8000  ·  frontend :3000\n```\n\nOpen **http:\u002F\u002Flocalhost:3000** in your browser. Full setup guide: [docs\u002Fself-hosting.md](docs\u002Fself-hosting.md).\n\n## CLI Reference\n\n| Command | Description |\n|---------|-------------|\n| `mailaccess investigate \u003Cemail>` | Run a full investigation against an email address |\n| `mailaccess investigate -` | Read target email from stdin |\n| `mailaccess serve` | Start the backend server on :8000 |\n| `mailaccess history` | List past investigations |\n| `mailaccess keys list` | Show all configured API keys |\n| `mailaccess keys set \u003CKEY> \u003Cvalue>` | Set an API key |\n| `mailaccess keys unset \u003CKEY>` | Remove an API key |\n| `mailaccess config set-url \u003Curl>` | Point the CLI at a MailAccess instance |\n| `mailaccess modules` | List all available modules |\n| `mailaccess commands` | List all CLI commands |\n| `mailaccess doctor` | Check configuration and module health _(coming soon)_ |\n\nThe `--output` \u002F `-o` flag on `investigate` saves the report to a file. The extension determines the format: `.json`, `.csv`, `.pdf`, `.md`, `.stix.json`, `.maltego.csv`.\n\n## API Keys\n\n| Key | Module | Where to get it | Required? |\n|-----|--------|-----------------|-----------|\n| `HIBP_API_KEY` | `hibp` | https:\u002F\u002Fhaveibeenpwned.com\u002FAPI\u002FKey | Yes (module skips without it) |\n| `SERPAPI_KEY` | `google_dork` | https:\u002F\u002Fserpapi.com | Yes (module skips without it) |\n| `SHODAN_API_KEY` | `domain_intel` | https:\u002F\u002Faccount.shodan.io | No |\n| `EMAILREP_API_KEY` | `emailrep` | https:\u002F\u002Femailrep.io | No |\n| `HUNTER_IO_API_KEY` | `hunter_io` | https:\u002F\u002Fhunter.io | No |\n| `GITHUB_TOKEN` | `github_commits` | https:\u002F\u002Fgithub.com\u002Fsettings\u002Ftokens | No (optional) |\n| `SLACK_WEBHOOK_URL` | Webhooks | https:\u002F\u002Fapi.slack.com\u002Fmessaging\u002Fwebhooks | No |\n| `DISCORD_WEBHOOK_URL` | Webhooks | Discord server settings | No |\n\n## Changelog\n\n### 0.4.0\n\n- Deep breach mode: probes top 100 highest-severity breached sites for account existence (opt-in, `ENABLE_BREACH_DEEP=true`)\n- Name → email discovery: recovers other email addresses owned by same person via SerpAPI dorks (requires `SERPAPI_KEY`)\n- Wayback Machine: CDX search for historical pages where email appeared publicly\n- GitHub commit search: author-email search across all public commits, surfaces repos + real name from git config (`GITHUB_TOKEN` optional)\n- Breach corpus: auto-fetched from HIBP public API, severity-ranked by record count × data class multipliers, cached 24h\n\n## Troubleshooting\n\n![Troubleshooting demo](public\u002Ftroubleshoot.gif)\n\n## Links\n\n| | |\n|-|-|\n| [Self-hosting guide](docs\u002Fself-hosting.md) | Docker Compose, `.env` reference, PostgreSQL, proxy\u002FTor, Maltego setup |\n| [Module reference](docs\u002Fmodules.md) | All modules, findings schema, adding new modules |\n| [API reference](docs\u002Fapi.md) | REST endpoints, WebSocket events, authentication |\n| [Export formats](docs\u002Fexports.md) | Supported formats, MIME types, filename conventions |\n| [Integrations](docs\u002Fintegrations.md) | Maltego, Slack, Discord, generic webhooks |\n| [Contributing](CONTRIBUTING.md) | Adding modules, adding exporters, code style, PR checklist |\n| [PyPI](https:\u002F\u002Fpypi.org\u002Fproject\u002Fmailaccess\u002F) | `pip install mailaccess` |\n| [GitHub](https:\u002F\u002Fgithub.com\u002FYOUR_USERNAME\u002Fmailaccess) | Source code, issues, releases |\n\n## License\n\nMIT. All data queried by MailAccess comes from public sources. See [DISCLAIMER.md](DISCLAIMER.md) for authorized use cases and legal responsibility.\n","MailAccess 是一个免费的电子邮件 OSINT（开源情报）工具，支持800多个平台的身份聚类和泄露检测。该工具使用Python编写，无需API密钥即可运行。其核心功能包括跨平台账户关联、电话号码恢复、Telegram\u002FWhatsApp足迹检查以及深度泄露模式等。这些功能通过统一的暴露评分和结构化发现来帮助用户评估目标邮箱的安全状况，并且可以将结果导出或集成到Maltego中进行进一步分析。适用于安全研究人员、OSINT分析师以及授权下的渗透测试人员在调查电子邮件地址时使用。",2,"2026-06-11 03:56:33","CREATED_QUERY"]