ProtOSINT - Python script that helps you investigate Protonmail accounts and ProtonVPN IP addresses


ProtOSINT is a Python script that helps you investigate ProtonMail accounts and ProtonVPN IP addresses.

Questions? Problems? Visit main page:


This tool can help you in your OSINT investigation on Proton service (for educational purposes only).
ProtOSINT is separated into 3 sub-modules:

  • [1] Test the validity of one protonmail account
  • [2] Try to find if your target has a protonmail account by generating multiple addresses by combining information fields inputted
  • [3] Find if your IP is currently affiliate with ProtonVPN

⚠️ Important update of the ProtonMail API [2021-11-07] ⚠️

For several days, we observe an update in ProtonMail's API:

  • The API now seems to be limited to a few queries (ten/fifteen requests).
  • The blocking time is one hour (the limitation seems to be by IP address).
  • Even if an email is not valid, the API will return a result that seems valid with a random timestamp.
  • However, if the email is really valid, the timestamp returned is still good.

Advice for using ProtOSINT nowadays

  • Use only modules 1 and 3.
  • Before using module 1, first, test the validity of your email with a third party tool or with the recipient field directly in the ProtonMail web interface:

Then, using ProtOSINT, get additional information (the public key attached to the email, the date the PGP key was created and the encryption used).


Python 3




The account name in the protonmail is case-insensitive and ProtonMail considers the "." "_" "-" symbols as transparent. Additionally, any words put after a "+" sign are not taken into account. It means that all of these email addresses below are the same as [email protected]:

All of these emails have the save timestamp and refers to the account [email protected].

This technique does not always give you the creation time and date of the ProtonMail account itself, but the time and date when the email address itself was created (thanks to @sector035 for the tip:

Email encryption keys

ProtOSINT allows you to know which encryption key is used for a protonmail account:

  • RSA 2048-bit (Older but faster) - high security
  • RSA 4096-bit (Secure but slow) - highest security
  • X25519 (Modern, fastest, secure) - State-of-the-art


Feel free to clone this project. For major changes, please open an issue first to discuss what you would like to change.

January 13, 2022
Notify of
Oldest Most Voted
Inline Feedbacks
View all comments
Charles Charles
6 months ago

A very big thanks to kelvinethicalhacker at gmail com for the great the work you done for me, i got the email address on the net web when i needed to hack my husband cell phone he helped me within few hours with whatsApp hacking and GPS location tracking direct from my person phone i know how my husband walks, thanks for the helped you do for me for every grateful for your helped, you can contact him through gmail via kelvinethicalhacker at or Telegram, calls, text, number +1(341)465-4599, if you are in needed of hacking services, contact him..

Lizzy Agnes
8 months ago

A great hacker is really worthy of good recommendation , Henry
really help to get all the evidence i needed against my husband and
and i was able to confront him with this details from this great hacker
to get an amazing service done with the help ,he is good with what he does and the charges are affordable, I think all I owe him is publicity for a great work done via, Henryclarkethicalhacker at gmail com, and you can text, call him on whatsapp him on +12014305865, or +17736092741, 

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.