GHunt -- Know Everything From Email

Information is power. If we have clear knowledge about someone then we can easily win him. Gmail or Google Mail is the most popular mail service in the world almost every person have a Google account or Gmail id. Now we can know a lots of information of anyone from their mail address.

Ghunt-kali linux

To collect someone's account information we use GHunt tool. GHunt is an OSINT tool written in Python3 to extract information from any Google Account using an email on our Kali Linux system. This tool will be very useful to gather information on target user. Then the attack can use these valuable information against the target.

GHunt can collect following information about a person

  • Owner's name.
  • Last time the profile was edited.
  • Google ID.
  • If the account is a Hangouts Bot.
  • Activated Google services (YouTube, Photos, Maps, News360, Hangouts, etc.)
  • Possible YouTube channel.
  • Possible other usernames.
  • Public photos (P).
  • Phones models (P).
  • Phones firmwares (P).
  • Installed softwares (P).
  • Google Maps reviews (M).
  • Possible physical location (M).

Now the (P) marked features requires the target account to have the default setting of Allow the people you share content with to download your photos and videos on the Google AlbumArchive, or if the target has ever used Picasa linked to their Google account.

Those features marked with a (M) require the Google Maps reviews of the target to be public (they are by default).

Installation of GHunt in Kali Linux

To install GHunt in our system we need to clone it from it's GitHub repository by sing following command:

git clone https://github.com/mxrch/GHunt

The following screenshot shows the output of preceding command:

cloning GHunt from GitHub

Now we need to navigate to the GHunt directory by using cd command:

cd GHunt

Here before run the tool we need to install some requirements on our system to run this tool. To do that we use following command:

python3 -m pip install -r requirements.txt

The following screenshot shows installing the requirements process.

GHunt installing requirements

First we need to generate cookies 🍪 and tokens from our exiting Google Account. For that we use following command:

python3 check_and_gen.py

Here we need 4 required cookies. If they are valid, GHunt will generate the Authentication token and the Google Docs & Hangouts tokens.

Generating Cookies for GHunt

Here we suggest to use an empty or new Google Account. We shouldn't give this tool our primary Google Account's information/cookies.

  1. On our new/empty Google Account we need to go to the link https://accounts.google.com then login here if we are not already logged in.
  2. After that, open the Dev Tools window and navigate to the Storage tab (Shift + F9 on Firefox) (It's called "Application" on Chrome). If we don't know how to open it, we just right-click anywhere and click on the "Inspect Element".
  3. Then we'll find every cookie that we need, including the 4 ones.

GHunt cookies collection

Then we need to paste our required cookies on GHunt tool. The cookies are

  • __Secure-3PSID
  • APISID
  • SAPISID
  • HSID
cookies inputting in GHunt
If the cookies are correct & valid then we successfully generate them. After this we are ready to hunt Google Accounts.

GHunt Against Google Accounts

Now we can run this tool. We run this tool against our own mail id for an example. We are hiding some personal details. We run GHunt by following command:

python3 hunt.py our_mail@gmail.com

Then it will show the name and other sensitive information regarding the mail id.

Ghunt on Kali Linux

We can easily found here the Google ID, mobile number, possible YT channels, personal AlbumArchive photos, phone model and firmware, possible locations and much more sensitive information. Which will help us to know more about a target.

How to be Safe

We can keep safe collection of metadata from our Google Photos account.

Given that Google shows "X require access" on our Google Account Dashboard, we might imagine that we had to explicitly authorize another account in order for it to access our pictures; but this is not the case. Any account can access our AlbumArchive (by default):

Google photos Album

Here's how to check and fix the fact that we're vulnerable (which we most likely are).

Now we need to go to https://get.google.com/albumarchive/ while logged in with our Google account. We will be automatically redirected to our correct albumarchive URL (https://get.google.com/albumarchive/OUR-GOOGLE-ID-HERE). After that, we click the three dots on the top left corner, and click on setting.

google album archive settings

Then, we just need to un-check the only option there.

On another note, if our account will also be vulnerable if we have ever used Picasa linked to our Google account in any way, shape or form. For more details on this, we can read PinkDev1's comment on issue#10 in the GitHub.

For now, the only (known) solution to this is to delete the Picasa albums from our AlbumArchive.


Liked our tutorial ? Then Follow our blog from the sidebar. We are also in Twitter and GitHub follow us there, we post updates there. For any problem and questions comment down in the comment section. We always reply.

author-img
Kali Linux

Comments

12 comments
Post a Comment
  • Unknown photo
    UnknownJanuary 3, 2021 at 9:10 PM

    I can't generate cookies and tokens.
    I used "python3 check_and_gen.py" but i got this error:

    Traceback (most recent call last):I'm downloading and installing it for you...
    File "/home/kali/GHunt/check_and_gen.py", line 102, in
    driverpath = get_driverpath()
    File "/home/kali/GHunt/lib/utils.py", line 101, in get_driverpath
    path = chromedriver_autoinstaller.install(cwd=True)
    File "/home/kali/.local/lib/python3.9/site-packages/chromedriver_autoinstaller/__init__.py", line 15, in install
    chromedriver_filepath = utils.download_chromedriver(cwd)
    File "/home/kali/.local/lib/python3.9/site-packages/chromedriver_autoinstaller/utils.py", line 166, in download_chromedriver
    chrome_version = get_chrome_version()
    File "/home/kali/.local/lib/python3.9/site-packages/chromedriver_autoinstaller/utils.py", line 107, in get_chrome_version
    with subprocess.Popen([executable_name, '--version'], stdout=subprocess.PIPE) as proc:
    File "/usr/lib/python3.9/subprocess.py", line 947, in __init__
    self._execute_child(args, executable, preexec_fn, close_fds,
    File "/usr/lib/python3.9/subprocess.py", line 1819, in _execute_child
    raise child_exception_type(errno_num, err_msg, err_filename)
    FileNotFoundError: [Errno 2] No such file or directory: 'google-chrome'

    I don't realy understand this error...
    Could someone please help me?

    ~L

    Delete Comment
    • Kali Linux photo
      Kali LinuxJanuary 6, 2021 at 12:34 PM

      I think that you are using WSL. WSL runs on a separate virtual machine within windows and unless you download google chrome onto that virtual machine it will not be recognized. The program should still work on WSL if you manually install the chromedriver from here: "https://chromedriver.chromium.org/". BTW the chromedriver needs to be installed/extracted into the GHunt folder to work properly.

      Delete Comment
      • Unknown photo
        UnknownApril 26, 2021 at 3:07 PM

        Traceback (most recent call last):
        File "/home/gamezonehacker/Desktop/GHunt/check_and_gen.py", line 196, in
        driver = webdriver.Chrome(
        File "/home/gamezonehacker/.local/lib/python3.9/site-packages/seleniumwire/webdriver.py", line 114, in __init__
        super().__init__(*args, **kwargs)
        File "/usr/lib/python3/dist-packages/selenium/webdriver/chrome/webdriver.py", line 95, in __init__
        RemoteWebDriver.__init__(
        File "/usr/lib/python3/dist-packages/selenium/webdriver/remote/webdriver.py", line 152, in __init__
        self.start_session(capabilities, browser_profile)
        File "/usr/lib/python3/dist-packages/selenium/webdriver/remote/webdriver.py", line 249, in start_session
        response = self.execute(Command.NEW_SESSION, parameters)
        File "/usr/lib/python3/dist-packages/selenium/webdriver/remote/webdriver.py", line 318, in execute
        self.error_handler.check_response(response)
        File "/usr/lib/python3/dist-packages/selenium/webdriver/remote/errorhandler.py", line 242, in check_response
        raise exception_class(message, screen, stacktrace)
        selenium.common.exceptions.WebDriverException: Message: unknown error: cannot parse capability: proxy
        from unknown error: 'noProxy' must be a string
        (Driver info: chromedriver=2.41.578700 (2f1ed5f9343c13f73144538f15c00b370eda6706),platform=Linux 5.10.0-kali3-amd64 x86_64)


        I'm getting this error...kindly help

        Delete Comment
        • Kali Linux photo
          Kali LinuxApril 26, 2021 at 5:40 PM

          You probably have a separate installation of chromedriver installed. Type
          which chromedriver
          command into terminal and see what your computer is using. If it tells you that it's in /home/$username/bin then you either put it there historically or you have homebrew installed or something else. If it's in /usr/bin or /usr/local/bin it's probably from apt so just do a
          sudo apt update && sudo apt upgrade
          and see if it works. If it's from snap, update it with snap. Else, just rename the binary from chromedriver to something else.

          You should probably just have your script download the chromedriver into docker/the cloned repo and use it regardless of whether it is installed or not. It's a pretty tiny file, after all, and people who have another chromedriver somewhere in their PATH will be sort of screwed because the detection mechanism doesn't look to see if the chromedriver version matches with the currently installed primary version of Chrome.

          Delete Comment
        • Armaz1 photo
          Armaz1February 6, 2021 at 9:13 PM

          i get the following error when i run the command and yes i do have chromedriver extracted in the GHunt folder pls help

          python check_and_gen.py
          File "check_and_gen.py", line 114
          cookies[name] = input(f"{name} => ").strip().strip('\"')
          ^
          SyntaxError: invalid syntax

          Delete Comment
        • The Reporter photo
          The ReporterApril 6, 2021 at 10:35 PM

          please help,
          can't open file '/root/Desktop/GHunt/hunt.py'

          Delete Comment
        • Unknown photo
          UnknownApril 26, 2021 at 10:24 PM

          Hello,
          which chromedriver
          /usr/bin/chromedriver
          Thanks for the reply. But its still showing me the same error even after doing sudo apt update && sudo apt upgrade.


          Delete Comment
          • Kali Linux photo
            Kali LinuxApril 28, 2021 at 5:38 PM

            It looks the latest chromedriver missing on your system. You should probably just have your script download the chromedriver into docker/the cloned repo and use it regardless of whether it is installed or not. It's a pretty tiny file, after all, and people who have another chromedriver somewhere in their PATH will be sort of screwed because the detection mechanism doesn't look to see if the chromedriver version matches with the currently installed primary version of Chrome.

            Delete Comment
          • AnonymousMay 29, 2021 at 6:05 PM

            HI,
            I USED THIS python3 check_and_gen.py command i am getting following error


            root@kali:~/GHunt# python3 check_and_gen.py

            Traceback (most recent call last):

            File "check_and_gen.py", line 10, in

            from seleniumwire import webdriver

            ModuleNotFoundError: No module named 'seleniumwire'

            root@kali:~/GHunt#

            Delete Comment
            • Kali Linux photo
              Kali LinuxMay 30, 2021 at 1:17 PM

              Install seleniumwire by using following command then try it again.

              sudo pip3 install selenium

              Delete Comment
            google-playkhamsatmostaqltradent