{"id":"khast3x-h8mail","name":"h8mail","homepage":null,"repo_url":"https://github.com/khast3x/h8mail","category":"security","subcategories":[],"tags":["python","cli","osint","email-recon","breach-intelligence","password-intelligence","data-export","local-search","multiprocessing"],"what_it_does":"h8mail is a Python CLI tool for email OSINT and “breach hunting” style lookup. It matches email patterns from inputs/files/URLs, searches local breach datasets (e.g., BreachCompilation / Collection1-style dumps), and can query multiple third-party breach/recon services (including HaveIBeenPwned and others) for related emails, cleartext credentials, and/or password/hash intelligence depending on the provider and API keys.","use_cases":["Searching local breach dump files (.txt/.gz) for email addresses derived from target inputs","Querying third-party services for breached email counts and/or related accounts","Enrichment: chasing related emails by expanding a target list from service results","Parsing URLs or files for email addresses to build a target set","Exporting results to CSV/JSON for further analysis"],"not_for":["Producing or distributing unauthorized access attempts or violating privacy/consent requirements","Any automated credential stuffing or account compromise workflows","Use as a general email verification or deliverability tool"],"best_when":"You have explicit authorization and a legitimate OSINT/research workflow, and you want a consolidated CLI for local breach-dataset searching plus optional lookups against provider APIs.","avoid_when":"You do not have permission to process personal data/credentials, or you need a strictly documented/contracted API interface for programmatic agent use (this is a CLI tool with mixed external dependencies).","alternatives":["haveibeenpwned-provided APIs via direct HTTP requests (when applicable to your needs)","TheHarvester / OSINT-focused tools for harvesting emails from sources","Other breach dataset query tools or libraries that use a single provider with documented APIs","Custom scripts against each provider’s API (more work but clearer contracts)"],"af_score":33.8,"security_score":43.5,"reliability_score":27.5,"package_type":"skill","discovery_source":["openclaw"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-29T14:58:58.496969+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["API keys via config file (e.g., h8mail_config.ini) and/or CLI -k/--apikey K=V,K=V style","Optional premium/private service keys for certain providers"],"oauth":false,"scopes":false,"notes":"Authentication is primarily handled through provider API keys configured in a local INI file or passed on the command line. README does not describe fine-grained scopes or standard auth flows."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":["Third-party service providers with paid tiers (e.g., Snusbase, Dehashed, IntelX, etc.) depending on provider"],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Pricing varies by integrated third-party providers. Some services are listed with free/public access; others require API keys and likely incur costs depending on usage."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":33.8,"security_score":43.5,"reliability_score":27.5,"mcp_server_quality":0.0,"documentation_accuracy":55.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":55.0,"rate_limit_clarity":10.0,"tls_enforcement":70.0,"auth_strength":55.0,"scope_granularity":20.0,"dependency_hygiene":45.0,"secret_handling":25.0,"security_notes":"README indicates API keys are supplied via config file or CLI args; it does not describe safe secret handling (e.g., avoiding logging, preventing shell-history leakage). The tool targets breach/credential-related data, increasing privacy and misuse risk; the README does not provide security controls for authorization/compliance, nor operational guidance for safe handling.","uptime_documented":0.0,"version_stability":50.0,"breaking_changes_history":30.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":"The tool is a CLI that performs lookups and produces outputs; README does not mention idempotency guarantees for re-running the same query set.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["No MCP/REST interface—agent integration must shell out to the CLI and parse CSV/JSON outputs.","Mixed provider integrations with differing rate limits, formats, and auth requirements are likely handled internally, but retry/rate-limit handling guidance is not present in the README.","Passing secrets via CLI flags may expose them in process listings/shell history."]}}