Home Forensics Tools GHunt – OSINT Tool to Investigate Google Accounts (gmail, Youtube) and documents

GHunt – OSINT Tool to Investigate Google Accounts (gmail, Youtube) and documents

November 26, 2021 Leave a Comment
GHunt Logo - OSINT Tool to Investigate Google emails (gmail) and documents

Description

GHunt is a modulable OSINT tool designed to evolve over the years, and incorporates many techniques to investigate Google accounts, or objects.

It currently has emaildocumentyoutube and gaia modules.

What can GHunt find ?

The features marked with a (P) require the target account to have the default setting of Allow the people you share content with to download your photos and videos on the Google AlbumArchive, or if the target has ever used Picasa linked to their Google account.
More info here.

Those marked with a (M) require the Google Maps reviews of the target to be public (they are by default).

Those marked with a (C) require user to have Google Calendar set on public (default it is closed).

Those marked with a (A) require user to have the additional info set on profile with privacy option “Anyone” enabled.

Email module:

  • Owner’s name
  • Gaia ID
  • Last time the profile was edited
  • Profile picture (+ detect custom picture)
  • If the account is a Hangouts Bot
  • Activated Google services (YouTube, Photos, Maps, News360, Hangouts, etc.)
  • Possible YouTube channel
  • Possible other usernames
  • Google Maps reviews (M)
  • Possible physical location (M)
  • Events from Google Calendar (C)
  • Organizations (work & education) (A)
  • Contact emails (A)
  • Contact phones (A)
  • Addresses (A)

Document module:

  • Owner’s name
  • Owner’s Gaia ID
  • Owner’s profile picture (+ detect custom picture)
  • Creation date
  • Last time the document was edited
  • Public permissions
  • Your permissions

Youtube module:

  • Owner’s Gaia ID (through Wayback Machine)
  • Detect if the email is visible
  • Country
  • Description
  • Total views
  • Joined date
  • Primary links (social networks)
  • All infos accessible by the Gaia module

Gaia module:

  • Owner’s name
  • Profile picture (+ detect custom picture)
  • Possible YouTube channel
  • Possible other usernames
  • Google Maps reviews (M)
  • Possible physical location (M)
  • Organizations (work & education) (A)
  • Contact emails (A)
  • Contact phones (A)
  • Addresses (A)

Screenshot

GHunt - OSINT Tool to Investigate Google Accounts (gmail, Youtube) and documents

Installation

Manual installation

  • Make sure you have Python 3.7+ installed. (I developed it with Python 3.8.1)
  • Some Python modules are required which are contained in requirements.txt and will be installed below.

1. Chromedriver & Google Chrome

This project uses Selenium and automatically downloads the correct driver for your Chrome version.
So just make sure to have Google Chrome installed.

2. Cloning

Open your terminal, and execute the following commands :

git clone https://github.com/mxrch/ghunt
cd ghunt

3. Requirements

In the GHunt folder, run:

python3 -m pip install -r requirements.txt

Adapt the command to your operating system if needed.

Usage

For the first run and sometime after, you’ll need to check the validity of your cookies.

To do this, run check_and_gen.py. If you don’t have cookies stored (ex: first launch), you will be asked for the required cookies. If they are valid, it will generate the Authentication token and the Google Docs & Hangouts tokens.

Then, you can run the tool like this:

python3 ghunt.py email [email protected]

python3 ghunt.py doc https://docs.google.com/spreadsheets/d/1BxiMVs0XRA5nFMdKvBdBZjgmUUqptlbs74OgvE2upms

I suggest you make an empty account just for this or use an account where you never login because depending on your browser/location, re-logging in into the Google Account used for the cookies can deauthorize them.

Latest news

  • 02/10/2020 : Since a few days ago, Google returns a 404 when we try to access someone’s Google Photos public albums, we can only access it if we have a link to one of their albums.
    Either this is a bug and this will be fixed, either it’s a protection that we need to find how to bypass.
  • 03/10/2020 : Successfully bypassed. (commit 01dc016)
    It requires the “Profile photos” album to be public (it is by default)
  • 20/10/2020 : Google WebArchive now returns a 404 even when coming from the “Profile photos” album, so the photos scraping is temporary (or permanently) disabled. (commit e762543)
  • 25/11/2020 : Google now removes the name from the Google Maps profile if the user has 0 reviews (or contributions, even private). I did not find a bypass for the moment, so all the help in the research of a bypass is appreciated.
  • 20/03/2021 : Successfully bypassed. (commit b3b01bc)
Download GHunt

You May Also Like

Mantra - Tool to Find API key and Sensitive Information Leaks in JS Files and Pages

Mantra – Tool to Find API key Leaks in JS Files & Pages

ParamSpider - Website Parameter Scraping Tool to find hidden parameters on website and web application

ParamSpider – Website Parameter Scraping Tool

httpx - Tool To Screenshot and Extract Metadata From List of domains or hosts

HTTPX – Multi-purpose HTTP Toolkit

Dirsearch - Web Content Fuzzing Scanner to find juicy APIs or endpoints, sensitive data exposure, config file

Dirsearch – Web Content Discovery Scanner

Faraday Web Dashboard- Open Source Vulnerability Management Platform

Faraday – Open Source Vulnerability Management Platform

Gospider - Web Crawling and Content Discovery Tool

Gospider – Web Crawling and Content Discovery Tool

Leave a Reply

Your email address will not be published. Required fields are marked *

four × one =