In today's digital era, we forgot about sending letters to our friends; nowadays, we have emails. As cybersecurity experts, we have lots of encounters with suspicious target emails, sometimes during red teaming for information gathering we also need to go offensive to extract details of a person from e-mail address. Usually we analyze metadata, tracing the email's journey through servers to pinpoint its origin. Then, we analyze the sender's identity or other information, checking if their are signs of impersonation or phishing. Next, we carefully examine the email's content for malicious links or attachments. But that is a manual process and seems very boring for a lazy person.
Mosint the Mail OSINT
If we have a OSINT (Open Source Intelligence) tool, then manually checks? Today on our deck we have an OSINT tool called Mosint (did this name came from Mail OSINT?). Mosint is an automated email OSINT tool written in Go language that allows us to investigate for target emails in a fast and efficient manner. It consolidates numerous services, enabling security researchers to swiftly access a wealth of information.
Now it's time to install Mosint on our Kali Linux system. Here we are using Kali Linux system but on the same way we can install it other Debian-based Linux distributions.
It is on the Go language so first we need to install Go language on our system by using following command:
The above command will install Golang on our Kali Linux system, as we can see in the following screenshot:
If this method of installing Golang isn't working then we can install it manually by following our old article about installing Golang on Kali Linux system.
Now we have installed Golang on our Kali Linux system and now we are all set to install Mosint. We can clone it from GitHub and install it but that thing we did on all GitHub cybersecurity tools. What if today we do something different. Today we are gonna install and run it via Docker. Now a Docker container is a lightweight, portable, self-sufficient package that includes all necessary components to run program. We already have a dedicated article on Docker.
Docker comes pre-installed on Kali Linux's almost all versions but in case we need to install it we can run following command:
in the following screenshot we can see that we already have docker on our system.
Now we can easily install Mosint on our system via docker by simply using following command:We can see the process of above command on the following screenshot:
It may take a minute depending on our internet speed and system configuration. After the setup is complete we run the Mosint tool via Docker. First let's check the help options via following command:In the above command first we use sudo command to run Docker as the superuser or root user otherwise it will show us "permission denied" issue. Then we call Docker and command it to run run Mosint then we can use Mosint's flags to use it, as example here we used the --help flag to see what we can do with Mosint, as we can see in the following screenshot:
Let's not wasting anymore time and run it against an e-mail address. So the command will be as following:
In the place of mail@email.com we need to put our target e-mail id. Here for example we choose our business e-mail address and we can see the output on the following screenshot:
On the following screenshot we can see the result:
Mosint can check various services to gather information of an e-mail id. On the above screenshot we can see various details like It's not a disposable mail address, IP address of mail service provider, Social media account information (yes we don't have any with this mail), and even Google search results.
Mosint's main features are:
- Fast and simple email-based scanning
- Optimized for ease of use and lightweight on resources
- Email verification and validation
- Checking Social Media Accounts
- Checking data breaches and password leaks
- Finding related emails and domains
- Scanning pastebin dumps
- Google Search
- DNS/IP Lookup
- Output to JSON file
Services used by Mosint
There are lot's of functions are in this Mosint tool. It also uses some online services like
- ipapi.co for more Information About Domain
- hunter.io for related Emails
- emailrep.io for breached Sites Names
- psbdmp.ws for Pastebin Dumps
- Intelligence X for password Leaks
- BreachDirectory for password Leaks
- HaveIBeenPwned for password Leaks
Some of the above services requires to put API keys on the Mosint tool for details we can check their GitHub repository.
Extra Talks About E-mail's Forensics
This is the basics to gather information about a target mail id. Previously we need to do things manually and complete the following checklist:
- Header Investigation: Suppose we have received a package. Before opening it, we check the package's label to see where it's came from and who sent it. Similarly, we'll check the email's header, which is like its digital label, to trace its origin & path.
- Metadata Check: Sometimes file like image files have metadata store inside it, in simple words these are like where about of files. So if we get an e-mail with files we can check the metadata to extract some information like when they were sent, from which device, and sometimes even the sender's location.
- IP Address Tracing: This is very important to check the sender's IP address, IP will lead us to target's location.
- Email Service Provider Investigation: There are different types of mail carriers. Some are like the big, well-known e-mail services, while others are like local e-mail service providers. If we identify the email service provider, then in some cases we can understand more about how the email was sent.
- Content Analysis: May be the email content is like deciphering a secret code. We'll carefully read through the email to uncover any hidden meanings, clues, or unique characteristics that could reveal more about the sender.
- Attachments Examination: If the e-mail comes with some extra media files with it then before opening it, we would inspect everything to make sure it's safe because some file formats can be comes with execution payloads.
- Social Media and Online Presence: When we need to search something we use search engines. Similarly we'll search for the email ID on social media and other online platforms. This helps us build a profile of the target and potentially uncover more about their identity and activities.
This is how we cybersecurity experts inspect an e-mail. We have try to cover the basic things of it and learnt using of Mosint tool on Kali Linux system. Hope this article will be helpful.
Love our article? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group & Whatsapp Channel We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.