NeutrOSINT
A tool for investigating Proton Mail addresses.
URL
https://github.com/Kr0wZ/NeutrOSINT
Description
NeutrOSINT is an open-source Python tool designed to determine if a Proton Mail email address exists and to retrieve its most recent PGP Key creation date.
The tool supports two modes:
Light Mode (API Mode): Uses Proton Mail's API to check email validity. This mode is best suited for quick checking a few usernames or emails as the API has a request limit.
Selenium Mode (Browser-automated mode): Connects with your own Proton Mail credentials to check email addresses. Use this mode to test a consequent list of usernames or emails without getting a cooldown. Also use it when you need to verify business emails.
Cost
The tool is free and open source.
Level of difficulty
The tool requires users to run Python scripts and configure API access or credentials.
Requirements
Python (compatible with Python 3.6+)
Optional: Google Chrome (for Selenium Mode)
Optional: Proton Mail credentials (for Selenium Mode)
Optional: Proxy configuration if needed (for bypassing the API's request limit).
Optional: A file containing the list of email addresses for batch operations
Limitations
On PGP Key Creation Date: The PGP Key Creation Date isn't always the email address creation date as a new PGP Key can be generated from the Proton Mail settings.
API Limits: The light mode relies on Proton Mail's API that has request limit of 100 requests per hour.
How to Use
Installation
Clone the NeutrOSINT Repository:
Open your terminal and run:
git clone https://github.com/Kr0wZ/NeutrOSINT.git
cd NeutrOSINTSet Up a Virtual Environment
python3 -m venv venv
source venv/bin/activate # For Linux/Mac
venv\Scripts\activate # For WindowsThis article explains why virtual environments are recommended for manipulating Python projects.
Install NeutrOSINT:
pip install -e .Usage
Command Syntax
neutrosint [-h] [-l] [-u USERNAME] [-p PASSWORD] [-f FILE | -e EMAIL] [-k] [-o FILE] [-P IP:PORT]Options
-h, --help show the help message
-l, --light Light mode in which we call the API instead of connecting with credentials. Useful when few emails to check. This mode is used by default when the option is not specified.
-u USERNAME, --username USERNAME
(Selenium Mode) Username to connect to your ProtonMail account
-p PASSWORD, --password PASSWORD
(Selenium Mode) Password to connect to your ProtonMail account
-f FILE, --file FILE Specify containing list of emails to check
-e EMAIL, --email EMAIL
Check existence of this email. You can also input a username and it will look for the associated emails in all Proton's domains.
-k, --key Print the public PGP key for that email account
-o FILE, --output FILE
File where results are stored
-P IP:PORT, --proxy IP:PORT
IP:PORT of proxy to make requests. To use Tor, you must have installed it and specify '127.0.0.1:9050' as proxyExamples
Example 1: Validate a Single Email Address
This is the most basic usage of NeutrOSINT. It will test testemail@proton.me validity and display its PGP Creation Date, Fingerprint and Encryption Algorithm.
neutrosint -e testemail@proton.meOutput:
[+] Valid email: testemail@proton.me - PGP key creation date: 2024-01-23 19:03:09 - Fingerprint: 48a12baccc85050aca5372933902de16b4d380d5 - Algorithm: ECC Curve25519Example 2: Display the PGP Public Key
You can specify the -k option to display the PGP Key.
neutrosint -e testemail@proton.me -kOutput:
[+] Valid email: testemail@proton.me - PGP key creation date: 2024-01-23 19:03:09 - Fingerprint: 48a12baccc85050aca5372933902de16b4d380d5 - Algorithm: ECC Curve25519
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: ProtonMail
xjMEZa//XRYJKwYBBAHaRw8BAQdAlrdmzYiqWhpOXKvXzrxVfROeXFkkk2pZ
LhmJSBEI/FDNKXRlc3RlbWFpbEBwcm90b24ubWUgPHRlc3RlbWFpbEBwcm90
b24ubWU+wr8EExYIAHEFgmWv/10DCwkHCRA5At4WtNOA1TUUAAAAAAAcABBz
YWx0QG5vdGF0aW9ucy5vcGVucGdwanMub3JnrnuQFWwUa3SonwqI2d0WEAIV
CAMWAAICGQECmwMCHgEWIQRIoSuszIUFCspTcpM5At4WtNOA1QAA6IkA/0lz
c9mUVF0fhbbylbWW1uHCdWIzR/49+p3/8/HbNGYPAQDcmAggo6MDnfA5XsYM
+JRaKMPIHaP+VrU0vhjWrAwRCc44BGWv/10SCisGAQQBl1UBBQEBB0BE1Q6b
BXErbggFa2YhRMg75yUG7L2zwomI90AHthKoBwMBCgnCrgQYFggAYAWCZa//
XQkQOQLeFrTTgNU1FAAAAAAAHAAQc2FsdEBub3RhdGlvbnMub3BlbnBncGpz
Lm9yZ8ouMuN9vVvT1xInLOdGJE8CmwwWIQRIoSuszIUFCspTcpM5At4WtNOA
1QAADqEBAIKTLyp9hYAbUtFQqeSRS+c2W2Jlny6Hk1SzYefvTcKRAP4h4UtA
WLtava4OQTLtDRF2Cia64P7TRSnrjXnbW49RBQ==
=BDcT
-----END PGP PUBLIC KEY BLOCK-----Example 3: Fetch for a username
You can specify a username and it will look for the associated emails in all known Proton domain names.
neutrosint -e ausernameOutput:
[+] Valid email: ausername@proton.me - PGP key creation date: 2022-04-15 14:34:15 - Fingerprint: faf075734410f5fd5d17dca0371cde3748787c9c - Algorithm: ECC Curve25519
[+] Valid email: ausername@protonmail.com - PGP key creation date: 2016-09-18 18:45:41 - Fingerprint: a3e3117f120e5c943bacc7f9fa23b3614b64ce53 - Algorithm: RSA 2048
[-] Proton email does not exist: ausername@pm.me
[+] Valid email: ausername@protonmail.ch - PGP key creation date: 2024-06-23 14:10:00 - Fingerprint: 3188ad11691d4be2a2ac914dc0a221bd972514ae - Algorithm: ECC Curve25519
[-] Proton email does not exist: ausername@passmail.netExample 4: Validate Multiple Emails from a File
Create a file named emails.txt with one entry (email or username) per line:
testemail1@proton.me
testemail2@proton.me
invalidemail@proton.me
testemailRun the command below. It will also save the results in a results.txt file.
neutrosint -f emails.txt -o results.txtOutput:
[+] Valid email: testemail1@proton.me - PGP key creation date: 2024-05-26 14:59:57 - Fingerprint: ecad29c2dbe7bfe2502de60ead400eed276af9d5 - Algorithm: ECC Curve25519
[+] Valid email: testemail2@proton.me - PGP key creation date: 2024-10-10 18:18:32 - Fingerprint: 0fe007f41351ef6daf04d938c485697fe97859f6 - Algorithm: ECC Curve25519
[+] Valid email: invalidemail@proton.me - PGP key creation date: 2024-01-14 04:58:45 - Fingerprint: eb75346a5445fdfed2a4763b6558080449dcfd52 - Algorithm: ECC Curve25519
[+] Valid email: testemail@proton.me - PGP key creation date: 2024-01-23 19:03:09 - Fingerprint: 48a12baccc85050aca5372933902de16b4d380d5 - Algorithm: ECC Curve25519
[+] Valid email: testemail@protonmail.com - PGP key creation date: 2020-03-18 05:37:43 - Fingerprint: 0a2b8de4786db46dd34fa43328fb68b38741b588 - Algorithm: RSA 2048
[-] Proton email does not exist: testemail@pm.me
[+] Valid email: testemail@protonmail.ch - PGP key creation date: 2024-09-05 14:09:24 - Fingerprint: c30fa959ceec222bb749433ced59990eb9220863 - Algorithm: ECC Curve25519
[-] Proton email does not exist: testemail@passmail.netExample 5: Using Selenium Mode
The request limit of the API in Light Mode is 100 requests. When you reach the API limit, the following message will be displayed:
[+] Valid email: someemail@protonmail.com - Can't retrieve PGP keys. API limit reachedIf you reach this limit or if you know you have a lot of entries to test, then you can use Selenium Mode which requires to have a valid set of credentials. The Selenium Mode will automate a browser to simulate a human-like interaction with the Proton Mail website. It will login using your credentials, start composing a new email and check for the target availability.
When you type in an email in the destination field, a request is made to check for the email availability when it's a Proton Email.
The Selenium Mode will leverage the UI's capabilities to retrieve this information. To use it you need to specify your email and password using the -u and -e options.
This example will use a file containing more than 100 usernames.
Example 6: Using a Proxy (Advanced)
Start your proxy and specify it in the command line (e.g. 127.0.0.1:8080). You might want to use:
Tor: The Onion Router opens a proxy at 127.0.0.1:9050
Any free or paid proxy from a provider you trust.
Your own proxy.
python main.py -l -e testemail@proton.me -o results.txt -P 127.0.0.1:8080Output:
[+] Valid email: testemail@proton.me - Creation date: 2023-01-18 11:13:24Advanced Usage: Bypassing API Limits through proxies (requires a bit of scripting knowledge)
Using multiple proxies
If you have multiple emails to test, you can develop your own script to use multiple proxies and avoid a cooldown. Let's say you have three different proxies. Here's how you would do it in bash:
#!/bin/bash
# Define the list of proxies
proxies=(
"127.0.0.1:8080"
"127.0.0.1:8081"
"127.0.0.1:8082"
)
# Define the input file containing email addresses
input_file="emails.txt"
# Define the output file to store the results
output_file="results.txt"
# Loop through each email address
while IFS= read -r email; do
for proxy in "${proxies[@]}"; do
echo "Testing email: $email with proxy: $proxy"
# Execute the command and append the results directly to the output file
python main.py -l -e "$email" -P "$proxy" >> "$output_file" 2>&1
if [ $? -ne 0 ]; then
echo "Error while testing email $email with proxy $proxy. Trying next proxy."
continue # Change proxy and retry
else
break # Exit the proxy loop if successful
fi
# Wait for 2 seconds to avoid cooldowns
sleep 2
done
done < "$input_file"
echo "Testing completed. Results appended to $output_file."
Using Tor Circuit Changing
Another solution would be to route requests through the Tor network. If a request fails, the script requests a new Tor circuit to attempt the validation again.
#!/bin/bash
# Define the Tor control port and authentication (if required)
tor_control_port="127.0.0.1:9051"
tor_password="" # Add the Tor control password if needed
# Define the input file containing email addresses
input_file="emails.txt"
# Define the output file to store the results
output_file="results.txt"
# Function to request a new Tor circuit
new_tor_circuit() {
echo "Requesting a new Tor circuit..."
if [ -n "$tor_password" ]; then
echo -e "AUTHENTICATE \"$tor_password\"\nSIGNAL NEWNYM\nQUIT" | nc $tor_control_port
else
echo -e "SIGNAL NEWNYM\nQUIT" | nc $tor_control_port
fi
sleep 10 # Wait for the new circuit to be established
}
# Loop through each email address
while IFS= read -r email; do
while true; do
echo "Testing email: $email with Tor circuit"
# Execute the command and append the results directly to the output file
python main.py -l -e "$email" >> "$output_file" 2>&1
if [ $? -ne 0 ]; then
echo "Error while testing email $email. Requesting new Tor circuit."
new_tor_circuit # Request a new Tor circuit and retry
else
break # Exit the retry loop if successful
fi
# Wait for 2 seconds to avoid cooldowns
sleep 2
done
done < "$input_file"
echo "Testing completed. Results appended to $output_file."Ethical Considerations
Use responsibly for legitimate research purposes.
Guides and articles
GitHub - NeutrOSINT: Includes detailed instructions for setup and usage.
Tool provider
The tool is developed and maintained by KrowZ, a french pentester, youtuber, streamer and OSINT enthusiast.
Advertising Trackers
Bellingcat Volunteer Team
Last updated
Was this helpful?