You are currently viewing GHunt | Best OSINT Tool <span class="bsf-rt-reading-time"><span class="bsf-rt-display-label" prefix=""></span> <span class="bsf-rt-display-time" reading_time="3"></span> <span class="bsf-rt-display-postfix" postfix="min read"></span></span><!-- .bsf-rt-reading-time -->

GHunt | Best OSINT Tool

This article aims to be a comprehensive guide for an OSINT tool GHunt. In this article, we will cover topics such as Introduction to GHunt, and how to install Ghunt on any of the Operating systems. If you’ve heard the term but are unsure of what it means, OSINT stands for open-source intelligence and refers to any data that can be ethically obtained about a person or organization from free, public sources. So Let’s Get Started.

Introduction

GHunt is a new open-source tool that allows security professionals to explore any data that is created by Google accounts. GHunt is an OSINT tool to extract public information from any Google Account using an email id. This tool can extract the google account owner’s name,  YouTube channel, Google ID, and any active Google services, including Maps and photos. This can also reveal public photos, firmware, phone models, installed software, and potentially the user’s physical location.

Currently GHunt can extract:

  • Email module:

    • Owner’s name
    • Gaia ID
    • Last time the profile was edited
    • Profile picture (+ detect custom picture)
    • If the account is a Hangouts Bot
    • Activated Google services (YouTube, Photos, Maps, News360, Hangouts, etc.)
    • Possible YouTube channel
    • Possible other usernames
    • Google Maps reviews (M)
    • Possible physical location (M)
    • Events from Google Calendar (C)
    • Organizations (work & education) (A)
    • Contact emails (A)
    • Contact phones (A)
    • Addresses (A)
    • Public photos (P)
    • Phones models (P)
    • Phones firmwares (P)
    • Installed softwares (P)

  • Document module:

    • Owner’s name
    • Owner’s Gaia ID
    • Owner’s profile picture (+ detect custom picture)
    • Creation date
    • Last time the document was edited
    • Public permissions
    • Your permissions

  • Youtube module:

    • Owner’s Gaia ID (through Wayback Machine)
    • Detect if the email is visible
    • Country
    • Description
    • Total views
    • Joined date
    • Primary links (social networks)
    • All infos accessible by the Gaia module

  • Gaia module:

    • Owner’s name
    • Profile picture (+ detect custom picture)
    • Possible YouTube channel
    • Possible other usernames
    • Google Maps reviews (M)
    • Possible physical location (M)
    • Organizations (work & education) (A)
    • Contact emails (A)
    • Contact phones (A)
    • Addresses (A)
  • The features marked with a (P) require the target account to have the default setting of Allow the people you share content with to download your photos and videos on the Google AlbumArchive, or if the target has ever used Picasa linked to their Google account.
  • Those marked with an (M) require the Google Maps reviews of the target to be public (they are by default).
  • Those marked with a (C) require the user to have Google Calendar set on public (default it is closed)

Installation

pip3 install -r requirements.txt
  • For the first run, and sometimes after, you’ll need to check the validity of your cookies.
  • To do this, run the below command. python3 check_and_gen.py
  • If you don’t have cookies stored (ex: first launch), you will be asked for the 4 required cookies. If they are valid, it will generate the Authentication token and the Google Docs & Hangouts tokens.
  • Then, you can run the tool like this:
python3 hunt.py myemail@gmail.com

How to get these 4 cookies?

  1. Log in to accounts.google.com.
  2. After that, open the Dev Tools window and navigate to the Storage tab (It’s called “Application” on Chrome). If you don’t know how to open it, just right-click anywhere and click “Inspect Element”.
  3. Then you’ll find every cookie you need, including the 4 ones.

Then we need to paste our required cookies on the GHunt tool. The cookies are

  • __Secure-3PSID
  • APISID
  • SAPISID
  • HSID

Conclusion

So, this guide is about GHunt and how to install and run the GHunt tool to get user information in an easy way. You can always use the above steps to get the information for any of the mail ids. If you need any help on how to use GHunt, let us know in the comments below.

Piyush Kumawat

Ethical Hacker || Penetration Tester || Gamer || Blogger || Application Security Engineer

Leave a Reply