ghunt/sh
Live · Real-time Google lookups

One email. Every Google trace.

Every public footprint a Google account leaves behind.

  • 5 free searches / day
  • No signup required

// recovered_data · from a single email

Every public Google surface, one consolidated report.

Whatever the target has chosen to expose, stitched into one report.

  1. SOURCE / 01

    Public Google profile

  2. SOURCE / 02

    Google Maps contributions

  3. SOURCE / 03

    Public Google Calendar

  4. SOURCE / 04

    Play Games profile

  5. SOURCE / 05

    Pivot identifiers

$ only data the account owner has chosen to make public. No passwords, no scraping of private content.

// how_it_works

From identifier to dossier in three steps.

Nothing to install, no setup. Drop something Google has ever indexed and pivot from what comes back.

  1. STEP / 01

    Drop an identifier

    input

    Paste an email, a Gaia ID, a Drive link, a BSSID, or a domain. The console picks the right module automatically.

  2. STEP / 02

    Cross-reference services

    process

    ghunt/sh asks the right Google service for each identifier and stitches the responses into one consolidated report.

  3. STEP / 03

    Pivot from the result

    output

    Every result is broken down into clear sections. Copy a Gaia ID, jump from a file owner to their email, keep digging.

// who_uses_it

Built for people who already know what they're looking for.

Three audiences keep coming back. Different goals, same primitive: a Google identifier in, an enriched dossier out.

  • 01

    Red teams & pentesters

    Map the attack surface around a phished employee in seconds. Find their Workspace domain, the apps they actively use, then pivot to lateral targets.

    • Identify the Workspace tenant
    • Spot personal vs. corporate accounts
    • Pre-engagement OSINT
  • 02

    Threat intel analysts

    Resolve a Gmail address that surfaced in a leak: profile photo for face matching, Maps reviews for routine, Calendar for upcoming events.

    • Leak triage
    • Actor attribution
    • Cross-source enrichment
  • 03

    Journalists & researchers

    Verify the public footprint of a source or subject: names they sign reviews under, places they've geotagged, public events they own.

    • Source verification
    • Story corroboration
    • Open-source forensics

Why ghunt/sh

A single console for the kind of OSINT that usually requires juggling half a dozen scripts.

Multi-source pivots
A single email surfaces Maps reviews, Calendar events, Play Games activity, profile photos and more. Pivot between identifiers without leaving the console.
Public data only
Every query targets data the account owner has chosen to make public. No password attacks, no scraping of private content.
Daily quota
A soft cap of 5 searches per day per visitor is in place to prevent abuse of the service.
For authorized use
Pentests, threat-intel investigations, journalism. Reading these results implies you accept the responsibility that goes with them.

// questions_asked

Frequently asked questions

What the OSINT community asks most often before paying attention.