
Finding information about our target using Gmail – Gmail OSINT
In this blog, I’ll explain how to extract any user’s information simply by his or her Gmail address.
Nowadays, Gmail is the only e-mail service that 99% of people rely on.
The term “OSINT,” or “open source intelligence,” means extracting information from our target;
it plays a critical role in the field of cybersecurity. It can be used by your company to boost your company’s
defences or as a method during the information gathering phase of a penetration testing engagement.
There is also a division in this: when you interact directly with the target for gathering information,
it is called “active recon” or “active OSINT,” whereas when you try to get
information indirectly from your target through various mediums, it is called “passive recon” or “passive OSINT.”
Now let’s move to the main topic, Gmail OSINT.
So, as I already said, most people use the Gmail service for sending emails because it is free and
because it also provides free storage of about 15 GB, which is a lot for a common human being.
But have you ever thought about what will happen if you suffer a data breach?
Let’s say someone with malicious intent gains access to all of your information.
Nobody thinks about it, right? Everyone just prefers the term “free,”
but does not even bother to think what will happen if all your information gets breached.
I’m going to show you how anyone can get access to your information
if they just know your Gmail address.
So, we are going to use a tool called GHunt (v2) for this purpose.
GHunt (v2)
GHunt (v2) is an offensive Google framework, designed to evolve efficiently.
It’s currently focused on OSINT, but any use related with Google is possible.
It has the following features:
- CLI usage and modules
- Python library usage
- Fully async
- JSON export
- Browser extension to ease login
You can instal GHunt on your Linux machine or in the Google Cloud Console.
Here I’ll show you how to install it in Kali Linux; if you become familiar with Linux installation, then installing anything on the Google Cloud Console will become very easy.
Installing in Kali Linux:
So, firstly, we need to install Ghunt on our Linux machine, but before that,
make sure that your machine has the Python 3 installer. Open a terminal and type the following
command to install Ghunt:
git clone install https://github.com/mxrch/GHunt.git
After a successful installation, now we need to run it.
So we need to get into the directory where it is installed, using the “cd” (change directory) command.
For my case, the command is like this:
cd ghunt
Now that we are in our GHunt directory, you will notice a file named “requirements.txt.”, It is a text file containing all the required libraries and dependencies required for running GHunt.
To install all the libraries at once, type the following command:
pip3 install -r requirements.txt
After successful installation, you also need to install the following :
pip3 install pipx
pipx ensurepath
pipx install ghunt
Now, after installing every required library, we are good to go. We’ve successfully installed GHunt on our Linux machine.
Now just open a new terminal and type the following command:
ghunt login
There we go. Ghunt is live now!
Now you’ll notice it is asking for some cookies, so to get the cookies we will have to install an extension in our browser; it’s called “Ghunt Companion.” We received two versions, one for Firefox and one for Chrome.
Download Ghunt Companion from here,
according to the browser you’re using:
Mozilla Firefox – Link
Google Chrome – Link
After installing the extension on your browser, you must log in with your Gmail account (I recommend using a dummy account for this purpose rather than your primary Gmail account).

Following that, you will notice two methods: Click on “Method 2,” which says “copy/paste base64,” to copy the cookies automatically to your clipboard.
Then get back to your terminal and choose option 2, then paste all the cookies that were selected.
Now that we are done with our installation and setup of GHunt, let’s hunt for some data.
Now, let’s do some OSINT using GHunt. Type the following command to list all the modules.
ghunt -h

You can do a lot of OSINT stuff through GHunt.
This is the basic usage:
usage: ghunt [-h] {login,email,gaia,drive} ...
positional arguments:
{login,email,gaia,drive}
login Authenticate GHunt to Google.
email Get information on an email address.
gaia Get information on a Gaia ID.
drive Get information on a Drive file or folder.
Now let’s find some information from a Gmail ID; for that, we need to type the following command:
ghunt email example@gmail.com

Just see what all we found. We can now use our victim’s profile picture, we got their Gaia ID, and we can even see all the places our victim frequently visits. We can also see the reviews left by our victim on Google Maps.GHunt can turn out to be a very useful information-gathering tool for any cybersecurity enthusiast.
Note, let me tell you all that this is not illegal in any way. It’s perfectly legal, since we are only getting the information of the user that is available in the public domain but not yet easily discoverable. GHunt allows us to see the things about Google accounts that are already available online but are very hard to find.
Stay safe and secure. Happy hacking!! 😎
-VirusZzWarning