GHunt -- Know Everything From Email

Information is power. If we have clear knowledge about someone then we can easily win him. Gmail or Google Mail is the most popular mail service in the world almost every person have a Google account or Gmail id. Now we can know a lots of information of anyone from their mail address.

Ghunt-kali linux

To collect someone's account information we use GHunt tool. GHunt is an OSINT tool written in Python3 to extract information from any Google Account using an email on our Kali Linux system. This tool will be very useful to gather information on target user. Then the attack can use these valuable information against the target.

GHunt can collect following information about a person

  • Owner's name.
  • Last time the profile was edited.
  • Google ID.
  • If the account is a Hangouts Bot.
  • Activated Google services (YouTube, Photos, Maps, News360, Hangouts, etc.)
  • Possible YouTube channel.
  • Possible other usernames.
  • Public photos (P).
  • Phones models (P).
  • Phones firmwares (P).
  • Installed softwares (P).
  • Google Maps reviews (M).
  • Possible physical location (M).

Now the (P) marked features requires the target account to have the default setting of Allow the people you share content with to download your photos and videos on the Google AlbumArchive, or if the target has ever used Picasa linked to their Google account.

Those features marked with a (M) require the Google Maps reviews of the target to be public (they are by default).

Installation of GHunt in Kali Linux

To install GHunt in our system we need to clone it from it's GitHub repository by sing following command:

git clone https://github.com/mxrch/GHunt

The following screenshot shows the output of preceding command:

cloning GHunt from GitHub

Now we need to navigate to the GHunt directory by using cd command:

cd GHunt

Here before run the tool we need to install some requirements on our system to run this tool. To do that we use following command:

python3 -m pip install -r requirements.txt

The following screenshot shows installing the requirements process.

GHunt installing requirements

First we need to generate cookies 🍪 and tokens from our exiting Google Account. For that we use following command:

python3 check_and_gen.py

Here we need 4 required cookies. If they are valid, GHunt will generate the Authentication token and the Google Docs & Hangouts tokens.

Generating Cookies for GHunt

Here we suggest to use an empty or new Google Account. We shouldn't give this tool our primary Google Account's information/cookies.

  1. On our new/empty Google Account we need to go to the link https://accounts.google.com then login here if we are not already logged in.
  2. After that, open the Dev Tools window and navigate to the Storage tab (Shift + F9 on Firefox) (It's called "Application" on Chrome). If we don't know how to open it, we just right-click anywhere and click on the "Inspect Element".
  3. Then we'll find every cookie that we need, including the 4 ones.

GHunt cookies collection

Then we need to paste our required cookies on GHunt tool. The cookies are

  • __Secure-3PSID
  • APISID
  • SAPISID
  • HSID
cookies inputting in GHunt
If the cookies are correct & valid then we successfully generate them. After this we are ready to hunt Google Accounts.

GHunt Against Google Accounts

Now we can run this tool. We run this tool against our own mail id for an example. We are hiding some personal details. We run GHunt by following command:

python3 hunt.py our_mail@gmail.com

Then it will show the name and other sensitive information regarding the mail id.

Ghunt on Kali Linux

We can easily found here the Google ID, mobile number, possible YT channels, personal AlbumArchive photos, phone model and firmware, possible locations and much more sensitive information. Which will help us to know more about a target.

How to be Safe

We can keep safe collection of metadata from our Google Photos account.

Given that Google shows "X require access" on our Google Account Dashboard, we might imagine that we had to explicitly authorize another account in order for it to access our pictures; but this is not the case. Any account can access our AlbumArchive (by default):

Google photos Album

Here's how to check and fix the fact that we're vulnerable (which we most likely are).

Now we need to go to https://get.google.com/albumarchive/ while logged in with our Google account. We will be automatically redirected to our correct albumarchive URL (https://get.google.com/albumarchive/OUR-GOOGLE-ID-HERE). After that, we click the three dots on the top left corner, and click on setting.

google album archive settings

Then, we just need to un-check the only option there.

On another note, if our account will also be vulnerable if we have ever used Picasa linked to our Google account in any way, shape or form. For more details on this, we can read PinkDev1's comment on issue#10 in the GitHub.

For now, the only (known) solution to this is to delete the Picasa albums from our AlbumArchive.


Liked our tutorial ? Then Follow our blog from the sidebar. We are also in Twitter and GitHub follow us there, we post updates there. For any problem and questions comment down in the comment section. We always reply.

No comments:

Please do not spam here. It is comment box not a spambox. Promotional links are not allowed.

Powered by Blogger.