h8mail
h8mail is a Python CLI tool for email OSINT and “breach hunting” style lookup. It matches email patterns from inputs/files/URLs, searches local breach datasets (e.g., BreachCompilation / Collection1-style dumps), and can query multiple third-party breach/recon services (including HaveIBeenPwned and others) for related emails, cleartext credentials, and/or password/hash intelligence depending on the provider and API keys.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
README indicates API keys are supplied via config file or CLI args; it does not describe safe secret handling (e.g., avoiding logging, preventing shell-history leakage). The tool targets breach/credential-related data, increasing privacy and misuse risk; the README does not provide security controls for authorization/compliance, nor operational guidance for safe handling.
⚡ Reliability
Best When
You have explicit authorization and a legitimate OSINT/research workflow, and you want a consolidated CLI for local breach-dataset searching plus optional lookups against provider APIs.
Avoid When
You do not have permission to process personal data/credentials, or you need a strictly documented/contracted API interface for programmatic agent use (this is a CLI tool with mixed external dependencies).
Use Cases
- • Searching local breach dump files (.txt/.gz) for email addresses derived from target inputs
- • Querying third-party services for breached email counts and/or related accounts
- • Enrichment: chasing related emails by expanding a target list from service results
- • Parsing URLs or files for email addresses to build a target set
- • Exporting results to CSV/JSON for further analysis
Not For
- • Producing or distributing unauthorized access attempts or violating privacy/consent requirements
- • Any automated credential stuffing or account compromise workflows
- • Use as a general email verification or deliverability tool
Interface
Authentication
Authentication is primarily handled through provider API keys configured in a local INI file or passed on the command line. README does not describe fine-grained scopes or standard auth flows.
Pricing
Pricing varies by integrated third-party providers. Some services are listed with free/public access; others require API keys and likely incur costs depending on usage.
Agent Metadata
Known Gotchas
- ⚠ No MCP/REST interface—agent integration must shell out to the CLI and parse CSV/JSON outputs.
- ⚠ Mixed provider integrations with differing rate limits, formats, and auth requirements are likely handled internally, but retry/rate-limit handling guidance is not present in the README.
- ⚠ Passing secrets via CLI flags may expose them in process listings/shell history.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for h8mail.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-29.