👋 Welcome to OSINT Tool Tuesday. This week we’re looking at GHunt, a popular, free OSINT investigation tool that’s been used by thousands to aid in their investigations. We’ll go through setup, use cases, and how to pivot from GHunt into other investigative methods.

🚨 This tool has been added to the OSINT Resources for Email Addresses page on The OSINT Newsletter for easy reference later. That list serves as a roadmap for new tutorials in the future. If there are any tools you’d like to see added to the list and covered, please reach out jake@osint.news with details.

GHunt

GHunt is a GitHub project that offers an OSINT tool specifically designed for investigating Google accounts, allowing users to gather information such as connected services, Google Photos, and potential associated email addresses based on a target's email address.

🎩 H/T: Mxrch

GHunt allows you to search by Email Address, GAIA ID (Google ID), YouTube Channels, or Google Drive URLs (Google Docs, Sheets, etc.).

It’s the foundation for the Google modules of Epieos, OSINT Industries, PredictaLab, etc. and it’s been an invaluable tool for multiple investigations including law enforcement, cyber security, corporate security, executive protection, and other use cases.

In this guide, I’ll walk you through how to set up GHunt, how to use the tool, use cases you can apply the tool to, and pivot points available using GHunt-provided information.

Let’s get started. ⬇️

Setup

For the setup portion, we’ll step through how to install GHunt using pip and configure the companion browser extension for activation.

Installing GHunt

Let’s start by entering “pip” into your terminal and see if a menu of options appears.

If you see something similar to this, pip is not installed.

command not found: pip

To install pip, follow this guide.

🗒️ If you have multiple versions of Python installed, try pip3 instead of pip.

If you see something similar to this, you have pip installed.

Usage:   
  pip <command> [options]

Once you’ve confirmed that pip is installed, enter the following commands.

$ pip install pipx
$ pipx ensurepath
$ pipx install ghunt

This method will automatically use virtual environments (venvs) to avoid Python dependency conflicts with other projects. Don’t worry about venvs too much for now if you’re new to command-line tools. We mostly want to just get it working.

🗒️ If you’re running into errors in your command line, enter those errors into ChatGPT and tell it you’re trying to install GHunt. It will help you debug. I can’t give a one-size-fits-all solution here as there are many reasons why you may be running into issues.

Now that we have GHunt installed, we’ll have to configure the browser extension that applies the data required to “activate” GHunt.

Browser Extension

Now that you have GHunt installed, you’ll need to initiate the project. You can do that using the following command.

ghunt login

If successful, you’ll see a menu that looks something like this.

[1] (Companion) Put GHunt on listening mode (currently not compatible with docker)
[2] (Companion) Paste base64-encoded cookies
[3] Enter manually all cookies

Before selecting an option, you’ll need to make sure you have the companion browser extension installed. There are options for Firefox and Chrome. Once the browser extension is installed and follow the prompts it provides, select option 1 from the menu above.

🗒️ You’ll get a success message if everything is correct. If not, use GPT again to debug.

Now, let’s get into GHunt usage, use cases, and pivot points.