Infoga is a free and open-source tool available on GitHub, which is used for finding if emails were leaked using haveibeenpwned.com API. Infoga is used for scanning email addresses using different websites and search engines for information gathering and finding information about leaked information on websites and web apps. It is one of the easiest and useful tools for performing reconnaissance on websites and web apps for email analysis. The Infoga tool is also available for Linux operating systems. This tool can gather information such as ip, country of email and hostname also. This tool gets information from different public sources such as websites and search engines. For example, Google, Shodan, etc. This tool is very helpful for security researchers at early phases of penetration testing.
Features and uses of Infoga :
- Infoga is a free and open-source tool. This means you can download and use it at free of cost.
- Infoga is a complete package of information gathering modules to check whether the email has been leaked or not. This is an API tool.
- Infoga works and acts as a scanner.
- Infoga is one of the easiest and useful tools for performing reconnaissance on public sources.
- Infoga is written in python.
- Infoga interface is very similar to metasploitable 1 and metasploitable 2, which makes it easy to use.
- Infoga ‘s interactive console provides a number of helpful features.
Step 1: Open your Kali Linux operating system and install the tool using the following command.
git clone https://github.com/m4ll0k/Infoga.git
Step 2: Now use the following to install the setup of the tool.
python setup.py install
Step 3: The tool has been downloaded into your system use the following command to run the tool.
Example 1: Use the Infoga tool to scan fbi.gov url on Google.
python infoga.py –domain fbi.gov –source google –verbose 3
You can see these emails are leaked on the Google search engine. Similarly, you can find your target.
Example 2: Use the Infoga tool to scan geeksforgeeks url on Google.
python infoga.py –domain geeksforgeeks.com –source google –verbose 3
You can see that 2 emails have been found by this tool which got leaked in any data breach. This is how you can use the tool for our target also.
Share your thoughts in the comments
Please Login to comment...