katrielmoses/mailaccess

MailAccess is a self-hostable open source investigation platform that takes a single email address and tries to learn as much as possible about it from public sources. It checks the address against breach databases, social network sign in pages, DNS records, and general web searches, then combines all the hits into a single exposure score from 0 to 100 with a low, medium, high, or critical label. The README is upfront that the project is for security researchers, OSINT analysts, and penetration testers operating under authorization, and points new readers at a separate DISCLAIMER file before use. Installation has three flavors. The simplest is pip install mailaccess on Python 3.11 or newer, followed by mailaccess investigate against an email address. There is also a serve mode that keeps a backend running on port 8000 if you want to make many calls from another terminal or from a script. For the full experience with a web UI, you clone the repo and run docker compose up, which brings up backend on 8000 and frontend on 3000. The feature list focuses on breadth. Each investigation runs many modules at once and streams partial results over a WebSocket as they come back. The module catalog covers Gravatar lookups, Have I Been Pwned breach checks, EmailRep reputation, Hudson Rock infostealer logs, Google dorks via SerpAPI, domain and Shodan info, DNS and WHOIS, social account discovery via tools like Holehe and WhatsMyName, phone and messaging app footprint checks, Gmail deep intel via GHunt, and a permutation generator that produces 60 email variants. The README says all opt in modules together check more than 800 platforms. Results can come out as JSON, CSV, PDF, Markdown, STIX 2.1, or Maltego XML. There is a local Maltego transform endpoint so you can run investigations directly from the Maltego desktop app, and webhook hooks for Slack, Discord, or any HTTP endpoint. The tool is pipeline friendly: it reads emails from stdin, streams JSONL, and uses different exit codes for clean, findings, breaches, and error states. SQLite is the default storage, with a Postgres option in Docker Compose. The project is also written to be extended without code. Social style platform checks are defined as YAML files in backend/platforms, so contributors can add a new site by copying a template, editing fields, and opening a pull request. New Python modules drop into backend/modules and auto register on startup. Some modules need API keys, like HIBP and SerpAPI, but most run without any keys. The README links out to more detail in docs/self-hosting.md, docs/integrations.md, and CONTRIBUTING.md. The project is MIT licensed.