Buster is an advanced OSINT tool used to:
- Get social accounts of an email using multiple sources(gravatar,about.me,myspace,skype,github,linkedin,previous breaches)
- Get links to where the email was found using google,twitter,darksearch and paste sites
- Get breaches of an email
- Get domains registered with an email (reverse whois)
- Generate possible emails and usernames of a person
- Find the email of a social media account
- Find emails from a username
- Find the work email of a person
clone the repository:
$ git clone git://github.com/sham00n/buster
Once you have a copy of the source, you can install it with:
$ cd buster/ $ python3 setup.py install $ buster -h
This project uses hunter.io to get information from company emails,the first couple "company email" searches dont require a key,if you have an interest in company emails i recommend that you sign up for an account on hunter.io.
Once you get an API key, add it to the file "api-keys.yaml" and rerun the command:
$ python setup.py install
usage: buster [-h] [-e EMAIL] [-f FIRST] [-m MIDDLE] [-l LAST] [-b BIRTHDATE] [-a ADDINFO [ADDINFO ...]] [-u USERNAME][-c COMPANY] [-p PROVIDERS [PROVIDERS ...]] [-o OUTPUT] [-v] [--list LIST] Buster is an OSINT tool used to generate and verify emails and return information associated with them optional arguments: -h, --help show this help message and exit -e EMAIL, --email EMAIL email adress or email pattern -f FIRST, --first FIRST first name -m MIDDLE, --middle MIDDLE middle name -l LAST, --last LAST last name -b BIRTHDATE, --birthdate BIRTHDATE birthdate in ddmmyyyy format,type * if you dont know(ex:****1967,3104****) -a ADDINFO [ADDINFO ...], --addinfo ADDINFO [ADDINFO ...] additional info to help guessing the email(ex:king,345981) -u USERNAME, --username USERNAME checks 100+ email providers for the availability of [email protected] -c COMPANY, --company COMPANY company domain -p PROVIDERS [PROVIDERS ...], --providers PROVIDERS [PROVIDERS ...] email provider domains -o OUTPUT, --output OUTPUT output to a file -v, --validate check which emails are valid and returns information of each one --list LIST file containing list of emails
Get info of a single email(exists or not,social media where email was used,data breaches,pastes and links to where it was found)
$ buster -e [email protected]
Query for list of emails`
$ buster --list emails.txt
Generate emails that matches the pattern and checks if they exist or not(use the -a argument if you have more info to add(ex: -a nickname fav_color phone #)
$ buster -e j********9@g****.com -f john -l doe -b ****1989
Generate usernames (use with -o option and input the file to recon-ng's profiler module)
$ buster -f john -m james -l doe -b 13071989
Generate emails (use -v if you want to validate and get info of each email)
$ buster -f john -m james -l doe -b 13071989 -p gmail.com yahoo.com
[email protected] and returns the valid ones(use -p if you dont want all 100+)Generate 100+ emails in the format
$ buster -u johndoe
Generate a company email and returns info associated with it
$ buster -f john -l doe -c company.com
- You get 200 email validations/day,use them wisely!
- When using the -a option,avoid using small words(ex:j,3,66),the shorter the words are the bigger the email list is and therefore more validations are needed
- when adding an email pattern make sure the service providing the pattern displays it with the right size(facebook,twitter,instagram do...others might not)
- I dont recommend using with Tor as haveibeenpwnd.com,hunter.io and google wont function properly
- emailrep.io for being developer friendly
- khast3x,developer of h8mail which was used as a reference for this README file
- The OSINT community for being awesome!
- My Code is ugly,i know...if you know how to do things better let me know!
- If you have any suggestions or improvements email me at sham00n at protonmail dot com
Download tool: https://github.com/sham00n/buster
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
- Blog2022.10.12Vulnerability management with Wazuh open source XDR
- Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
- Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky