security talk & philosophizing



Installing GHunt

In a recent post, I discussed the data leakage that can occur from public reviews and ratings. This is especially concerning when paired with a tool like GHunt. GHunt can be viewed from another perspective as a tool for investigators. If you get a Gmail during an investigation of an event or target, that email can provide a wealth of information. Even if the Gmail uses a fictitious name, if it’s used for reviews and ratings there will be a geographic trail as well as a profile based on spending habits.

To install GHunt, just follow the instructions from https://github.com/mxrch/GHunt

Once it’s installed, it requires access to Google, so you’ll need to give it a session cookie or install their browser extension and login to Google. If this concerns you, you can always create a new Google account for this purpose.

Once it has Google access, it will be able to query an email by simply running:

ghunt email <some@gmail.com>