This is a small tool for automating searches for information related to accounts used in malware campaigns that register accounts using the temporary email service Emailnator.
The idea comes from research documented here: https://kmsec.uk/blog/dprk-opsec-3/#which-temp-email-services-have-this-privacy-flaw
After reading that research and seeing similar behaviour in other campaigns, I wanted a way to quickly check large numbers of email addresses without manually opening each inbox in a browser.
I wrote this tool, so I could take email addresses found in GitHub commit messages, check whether they were valid, and see if there was any useful information in the inbox(Like Github signups or NPM notifications).
Clone the repository:
git clone https://github.com/elliott-diy/emailnator-recon.git
cd emailnator-reconInstall dependencies:
pip install -r requirements.txtBasic usage:
python main.py run emails.txtWhere emails.txt contains one email address per line:
abc.def.ghi.jkl@gmail.com
foo.bar.baz.qux@gmail.com
Validate dotted Gmail format before checking:
python main.py run emails.txt --validateFilter by sender:
python main.py run emails.txt --from-contains github
python main.py run emails.txt --from-contains github --from-contains npmFilter by subject:
python main.py run emails.txt --subject-contains verifyOnly show inboxes that contain matching emails:
python main.py run emails.txt --only-hitsOutput results to a file:
python main.py run emails.txt --output results.json