Google mail Hacking — Ghunt V2 (Gmail OSINT)

Ghunt Version 2

I have already covered Gmail OSINT in one of my previous article, and with help of you guys, it’s one of my top articles. But today, we are going to discuss about GHunt Version 2. It’s an upgraded version of GHunt as the name suggests. You can check out their official GitHub page for more info on developments and developers involved.

GHunt (v2) is an offensive Google framework, designed to evolve efficiently. It’s currently focused on OSINT, but any use related with Google is possible.

Features :
1. CLI usage and modules
2. Python library usage
3. Fully async
4. JSON export
5. Browser extension to ease login

In my previous article on installing GHunt and using it for OSINT, I’ve already covered it how to install it on Google cloud console.

I’ve decided to install GHunt in my base system this time which is Linux.

Deploying Google Cloud Console for beginners.

1. Go to your google cloud console

https://console.cloud.google.com/

2. Click on the terminal icon in the top right corner to activate the terminal.

Congratulation you have just deployed your first google cloud terminal. You can perform all the commands below here too if you don’t have a Linux machine running.

Since I am already using a Linux machine, I am gonna install GHunt in my Linux machine, but if you want you can also deploy it in the cloud.

First we need to install python3.10, then we can move forward with Installing Ghunt.

sudo apt-get install python3.10-venv

Install pipx using pip3. I would also recommend you to update and upgrade your machine like a good boy, before installing this.

pip3 install pipxwould 

pipx ensurepath

Now that python3.10 & pipx is installed and configured, type this to install ghunt.

pipx install ghunt

At last, we have our Ghunt installed and ready to go.

Next up type the following command to wake up Ghunt.

ghunt login

Ka-boooom, there we go. Ghunt is live now! Thanks me later, let’s set it up first. We can notice that, it is asking for cookies. Let’s give him cookies then. (PS: It’s not the same cookies, like your mom makes for you.)

To get the cookies we will have to install an extension in our browser, it’s called “Ghunt Companion”.

Download it from here, according to the browser you’re using.

1. Firefox — Link
2. Chrome — Link

Ghunt companion after installation, should look like this.

After installing the extension, log into your google account then click on the extension and then click on Synchronize to Ghunt, and then click on yes to give it access. After this you will be redirected to a page like this where you can get the cookies.

Click on Method-2 and the cookies will be copied automatically to your clipboard.

Now, get back to your terminal and select option 2 and press enter. Paste the cookies here to finalize the setup of Ghunt.

After pasting the cookies and pressing enter, a message like this will appear. Congrats on the successful installation and setup of Ghunt.

PS:- I had to hide my email and some part of the cookie, so that you guys don’t get interested ideas.

Like it says, save your master token somewhere safe, it’s location is given in the last line.

Now, let’s do some OSINT using Ghunt. Type the following to list all the modules.

ghunt -h

You can do a lot of OSINT by Ghunt.

usage: ghunt [-h] {login,email,gaia,drive} ...

positional arguments:
  {login,email,gaia,drive}
    login               Authenticate GHunt to Google.
    email               Get information on an email address.
    gaia                Get information on a Gaia ID.
    drive               Get information on a Drive file or folder.

You can find information about Gmail ID from the following command.

ghunt email <email_address>

In the above image I searched for a random Gmail account. You can see that we have gained a lot of information.

🙋 Google Account data

Name : BS Cheah

[+] Custom profile picture !
=> https://lh3.googleusercontent.com/a/AEdFTp4LCEinjqS6lfrs-wKEJI8TGIW5LqvoBQ3DC4QD=mo
🎭 No face detected.

[-] Default cover picture

Last profile edit : 2022/12/03 01:02:48 (UTC)

Email : candy123@gmail.com
Gaia ID : 112593685983678043110

User types :
- GOOGLE_USER (The user is a Google user.)

📞 Google Chat Extended Data

Entity Type : PERSON
Customer ID : Not found.

🌐 Google Plus Extended Data

Entreprise User : False

[+] Activated Google services :
- Youtube
- Photos

🎮 Play Games data

[+] New token for playgames has been generated

[-] No player profile found.

🗺️ Maps data

Profile page : https://www.google.com/maps/contrib/112593685983678043110/reviews

[Statistics]
Reviews : 2

[Reviews]
[+] Average rating : 4.5/5

[-] No costs data.

Target's locations preferences :

🏨 Generic [1]
- Skin care clinic (1)

🏨 Shopping bag [1]
- Electronics store (1)
                                                   
[+] Probable location (confidence => Low) :
- ?, Malaysia

🗓️ Calendar data

[-] No public Google Calendar.

Again let me remind that this is not illegal of any sort. It’s perfectly legal, since we are only getting the information of the user that is available in public domain but not yet easily discoverable. Ghunt allows us to discover the things about google accounts that are already present online, but are very hard to find.

I will be posting more stuff about some more interesting tools in the future. So hold on to your seat for my upcoming articles. I hope you’ll like this & my future articles. Alright peace out!

Be safe, be secure and happy hacking:)