explaingit

megadose/holehe

10,926PythonAudience · researcherComplexity · 2/5LicenseSetup · easy

TLDR

Python OSINT tool that checks whether a given email address has accounts on 120+ websites by using each site's password-reset flow, without alerting the account owner.

Mindmap

mindmap
  root((holehe))
    What it does
      Email account check
      120+ websites
      Password-reset method
    How to use
      CLI tool
      Python library
      Docker image
    Features
      Silent investigation
      Partial recovery data
      Maltego integration
    Limitations
      Rate limiting
      IP rotation needed
      Legal use only
    Audience
      OSINT researchers
      Security testers
      Journalists
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Check which online services are registered to a specific email address as part of a security investigation or bug bounty.

USE CASE 2

Enumerate accounts for a target email during penetration testing when the email is in scope.

USE CASE 3

Write a Python script that calls the holehe library to process multiple email addresses and export results to CSV.

USE CASE 4

Visualize account relationships discovered by holehe using its Maltego integration for link-analysis work.

Tech stack

PythonDocker

Getting it running

Difficulty · easy Time to first run · 5min

Some of the 120+ sites rate-limit automated requests, the README suggests changing your IP address when this happens.

GNU GPL v3, free to use and modify, but any version you distribute must also be open source under GPL v3.

In plain English

Holehe is a Python command-line tool for open-source intelligence work (OSINT). Given an email address, it checks whether that address is linked to accounts on more than 120 websites, including social platforms, forums, and commercial services. The check uses each site's own "forgot password" flow rather than a login attempt, and the README notes this does not send any alert to the owner of the email being investigated. Running it is straightforward: install via pip, Docker, or by cloning the repository, then pass an email address as an argument on the command line. For each site, the tool reports back whether an account exists, and in some cases returns partially obfuscated recovery emails or phone numbers that the target site exposes through its password recovery page. It can also be imported as a Python library and called from within your own scripts. The list of supported services spans a wide range: social networks, e-commerce sites, developer platforms, forums, and more. The module table in the README flags which services frequently rate-limit requests. If rate limiting is hit, the README suggests changing your IP address. Holehe also integrates with Maltego, a visual link-analysis tool commonly used in investigations, via a separate companion repository. The project is licensed under the GNU General Public License v3.0 and the README states it was built for educational purposes only. The primary audience is security researchers, journalists, and investigators doing account enumeration on a known email address as part of a legal investigation or research task.

Copy-paste prompts

Prompt 1
Run holehe against a test email address and explain what each result line means, which sites have accounts and which don't.
Prompt 2
Write a Python script using the holehe library to check a list of email addresses and save results to a CSV file.
Prompt 3
How do I run holehe inside Docker, and what should I do when a website rate-limits my requests?
Prompt 4
Set up holehe as a Maltego transform so I can visualize discovered accounts in a link-analysis graph.
Open on GitHub → Explain another repo

← megadose on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.