NeutrOSINT is an open-source Python tool designed to determine if a Proton Mail email address exists and to retrieve its most recent PGP Key creation date.
PGP (Pretty Good Privacy)
PGP is an encryption method used to encrypt and sign messages developed by Philip Zimmermann in 1991.
It ensures confidentiality by encrypting data so only the intended recipient can decrypt it;
It guarantees integrity by allowing the recipient to verify that the message wasn’t altered during transit;
It offers authentication through digital signatures that confirm the sender’s identity;
And it supports non-repudiation, meaning the sender cannot later deny having sent the signed message.
Proton Mail automatically creates PGP key pairs with each email. These pairs are then used to encrypt and sign outgoing messages as well as decrypt incoming messages.
You can generate a new PGP key pair in your Proton Mail settings.
For more information on PGP and how it is used by Proton Mail, check these two guides:
The tool supports two modes:
Light Mode (API Mode): Uses Proton Mail's API to check email validity. This mode is best suited for quick checking a few usernames or emails as the API has a request limit.
Cost
The tool is free and open source.
Level of difficulty
The tool requires users to run Python scripts and configure API access or credentials.
Requirements
Python (compatible with Python 3.6+)
Optional: Google Chrome (for Selenium Mode)
Optional: Proton Mail credentials (for Selenium Mode)
Optional: Proxy configuration if needed (for bypassing the API's request limit).
Optional: A file containing the list of email addresses for batch operations
Limitations
On PGP Key Creation Date: The PGP Key Creation Date isn't always the email address creation date as a new PGP Key can be generated from the Proton Mail settings.
API Limits: The light mode relies on Proton Mail's API that has request limit of 100 requests per hour.
How to Use
Installation
Clone the NeutrOSINT Repository:
Open your terminal and run:
git clone https://github.com/Kr0wZ/NeutrOSINT.git
cd NeutrOSINT
Set Up a Virtual Environment
python3 -m venv venv
source venv/bin/activate # For Linux/Mac
venv\Scripts\activate # For Windows
-h, --help show the help message
-l, --light Light mode in which we call the API instead of connecting with credentials. Useful when few emails to check. This mode is used by default when the option is not specified.
-u USERNAME, --username USERNAME
(Selenium Mode) Username to connect to your ProtonMail account
-p PASSWORD, --password PASSWORD
(Selenium Mode) Password to connect to your ProtonMail account
-f FILE, --file FILE Specify containing list of emails to check
-e EMAIL, --email EMAIL
Check existence of this email. You can also input a username and it will look for the associated emails in all Proton's domains.
-k, --key Print the public PGP key for that email account
-o FILE, --output FILE
File where results are stored
-P IP:PORT, --proxy IP:PORT
IP:PORT of proxy to make requests. To use Tor, you must have installed it and specify '127.0.0.1:9050' as proxy
Examples
Example 1: Validate a Single Email Address
This is the most basic usage of NeutrOSINT. It will test testemail@proton.me validity and display its PGP Creation Date, Fingerprint and Encryption Algorithm.
If you reach this limit or if you know you have a lot of entries to test, then you can use Selenium Mode which requires to have a valid set of credentials. The Selenium Mode will automate a browser to simulate a human-like interaction with the Proton Mail website. It will login using your credentials, start composing a new email and check for the target availability.
When you type in an email in the destination field, a request is made to check for the email availability when it's a Proton Email.
The Selenium Mode will leverage the UI's capabilities to retrieve this information. To use it you need to specify your email and password using the -u and -e options.
This example will use a file containing more than 100 usernames.
Example 6: Using a Proxy (Advanced)
Start your proxy and specify it in the command line (e.g. 127.0.0.1:8080). You might want to use:
Advanced Usage: Bypassing API Limits through proxies (requires a bit of scripting knowledge)
Using multiple proxies
If you have multiple emails to test, you can develop your own script to use multiple proxies and avoid a cooldown. Let's say you have three different proxies. Here's how you would do it in bash:
#!/bin/bash
# Define the list of proxies
proxies=(
"127.0.0.1:8080"
"127.0.0.1:8081"
"127.0.0.1:8082"
)
# Define the input file containing email addresses
input_file="emails.txt"
# Define the output file to store the results
output_file="results.txt"
# Loop through each email address
while IFS= read -r email; do
for proxy in "${proxies[@]}"; do
echo "Testing email: $email with proxy: $proxy"
# Execute the command and append the results directly to the output file
python main.py -l -e "$email" -P "$proxy" >> "$output_file" 2>&1
if [ $? -ne 0 ]; then
echo "Error while testing email $email with proxy $proxy. Trying next proxy."
continue # Change proxy and retry
else
break # Exit the proxy loop if successful
fi
# Wait for 2 seconds to avoid cooldowns
sleep 2
done
done < "$input_file"
echo "Testing completed. Results appended to $output_file."
Using Tor Circuit Changing
Another solution would be to route requests through the Tor network. If a request fails, the script requests a new Tor circuit to attempt the validation again.
#!/bin/bash
# Define the Tor control port and authentication (if required)
tor_control_port="127.0.0.1:9051"
tor_password="" # Add the Tor control password if needed
# Define the input file containing email addresses
input_file="emails.txt"
# Define the output file to store the results
output_file="results.txt"
# Function to request a new Tor circuit
new_tor_circuit() {
echo "Requesting a new Tor circuit..."
if [ -n "$tor_password" ]; then
echo -e "AUTHENTICATE \"$tor_password\"\nSIGNAL NEWNYM\nQUIT" | nc $tor_control_port
else
echo -e "SIGNAL NEWNYM\nQUIT" | nc $tor_control_port
fi
sleep 10 # Wait for the new circuit to be established
}
# Loop through each email address
while IFS= read -r email; do
while true; do
echo "Testing email: $email with Tor circuit"
# Execute the command and append the results directly to the output file
python main.py -l -e "$email" >> "$output_file" 2>&1
if [ $? -ne 0 ]; then
echo "Error while testing email $email. Requesting new Tor circuit."
new_tor_circuit # Request a new Tor circuit and retry
else
break # Exit the retry loop if successful
fi
# Wait for 2 seconds to avoid cooldowns
sleep 2
done
done < "$input_file"
echo "Testing completed. Results appended to $output_file."
Ethical Considerations
Use responsibly for legitimate research purposes.
Guides and articles
Tool provider
Advertising Trackers
Page maintainer
Bellingcat Volunteer Team
Selenium Mode (Browser-automated mode): Connects with your own Proton Mail credentials to check email addresses. Use this mode to test a consequent list of usernames or emails without getting a cooldown. Also use it when you need to verify .
explains why virtual environments are recommended for manipulating Python projects.
: The Onion Router opens a proxy at 127.0.0.1:9050
: Includes detailed instructions for setup and usage.
The tool is developed and maintained by , a french pentester, youtuber, streamer and OSINT enthusiast.
