This article aims to be a comprehensive guide for an OSINT tool GHunt. In this article, we will cover topics such as Introduction to GHunt, and how to install Ghunt on any of the Operating systems. If you’ve heard the term but are unsure of what it means, OSINT stands for open-source intelligence and refers to any data that can be ethically obtained about a person or organization from free, public sources. So Let’s Get Started.
Introduction
GHunt is a new open-source tool that allows security professionals to explore any data that is created by Google accounts. GHunt is an OSINT tool to extract public information from any Google Account using an email id. This tool can extract the google account owner’s name, YouTube channel, Google ID, and any active Google services, including Maps and photos. This can also reveal public photos, firmware, phone models, installed software, and potentially the user’s physical location.
Currently GHunt can extract:
Email module:
- Owner’s name
- Gaia ID
- Last time the profile was edited
- Profile picture (+ detect custom picture)
- If the account is a Hangouts Bot
- Activated Google services (YouTube, Photos, Maps, News360, Hangouts, etc.)
- Possible YouTube channel
- Possible other usernames
- Google Maps reviews (M)
- Possible physical location (M)
- Events from Google Calendar (C)
- Organizations (work & education) (A)
- Contact emails (A)
- Contact phones (A)
- Addresses (A)
- Public photos (P)
- Phones models (P)
- Phones firmwares (P)
- Installed softwares (P)
Document module:
- Owner’s name
- Owner’s Gaia ID
- Owner’s profile picture (+ detect custom picture)
- Creation date
- Last time the document was edited
- Public permissions
- Your permissions
Youtube module:
- Owner’s Gaia ID (through Wayback Machine)
- Detect if the email is visible
- Country
- Description
- Total views
- Joined date
- Primary links (social networks)
- All infos accessible by the Gaia module
Gaia module:
- Owner’s name
- Profile picture (+ detect custom picture)
- Possible YouTube channel
- Possible other usernames
- Google Maps reviews (M)
- Possible physical location (M)
- Organizations (work & education) (A)
- Contact emails (A)
- Contact phones (A)
- Addresses (A)
- The features marked with a (P) require the target account to have the default setting of
Allow the people you share content with to download your photos and videos
on the Google AlbumArchive, or if the target has ever used Picasa linked to their Google account. - Those marked with an (M) require the Google Maps reviews of the target to be public (they are by default).
- Those marked with a (C) require the user to have Google Calendar set on public (default it is closed)
Installation
- Make sure you have Python 3.7+ installed. You can watch the video on how to install python 3 in Windows Operating System (https://www.youtube.com/watch?v=8WZ5xNd-uiM).
- Make sure you have Google Chrome Installed.
- Download Chromedriver from this link and start the service (https://chromedriver.chromium.org/downloads).
- Git clone or Download the GHunt repo from this link (https://github.com/mxrch/GHunt).
- From the GHunt folder run the command.
pip3 install -r requirements.txt
- For the first run, and sometimes after, you’ll need to check the validity of your cookies.
- To do this, run the below command. python3 check_and_gen.py
- If you don’t have cookies stored (ex: first launch), you will be asked for the 4 required cookies. If they are valid, it will generate the Authentication token and the Google Docs & Hangouts tokens.
- Then, you can run the tool like this:
python3 hunt.py myemail@gmail.com
How to get these 4 cookies?
- Log in to accounts.google.com.
- After that, open the Dev Tools window and navigate to the Storage tab (It’s called “Application” on Chrome). If you don’t know how to open it, just right-click anywhere and click “Inspect Element”.
- Then you’ll find every cookie you need, including the 4 ones.
Then we need to paste our required cookies on the GHunt tool. The cookies are
- __Secure-3PSID
- APISID
- SAPISID
- HSID
Conclusion
So, this guide is about GHunt and how to install and run the GHunt tool to get user information in an easy way. You can always use the above steps to get the information for any of the mail ids. If you need any help on how to use GHunt, let us know in the comments below.