Reverse email lookup

What reverse email lookup actually means

A reverse email lookup takes an email address you already have and returns the public identity attached to it. You are not guessing an address from a name. You are starting from the address and asking what public footprint the owner has left online.

Most reverse email tools query people-search databases (Spokeo, Pipl, BeenVerified) and return name, age, partial phone. These are US-centric, often outdated, and rarely surface anything that is not already in a marketing database. ghunt.sh approaches the problem from the other side. It queries Google's own public endpoints with the email as the key, and assembles every public signal Google itself exposes for that account.

What you actually get back

From a single email, the report consolidates:

• The public Google profile: display name, profile photo, cover photo, locale.
• The Gaia ID, the internal identifier Google uses for the account. Stable across renames, so it can chain further lookups.
• Whether the account is a personal Gmail or a Google Workspace account.
• Google Maps contributions: public reviews, photos, places added.
• Public Google Calendar events, when the account exposes a public calendar.
• The Play Games profile, when the user has one.

None of this is scraping. Every field is a public response from Google's own infrastructure. If the account owner has locked their profile down, the report comes back nearly empty. That is the expected behavior.

Single search vs bulk lookup

For a one-off check, run a single search from the home page. Paste the email, hit enter, get the report. You can come back to it later in your history.

For a list of emails, the bulk lookup processes a CSV in the background. You upload addresses, the queue runs each through the same flow, and you get back a CSV with the consolidated fields for every row that resolved. This is the same engine as the single search, not a degraded version. Each lookup is identical to running the email manually from the home page, just without the manual part.

How this is different from email finders

Hunter, Snov, Anymailfinder and similar tools do the opposite of a reverse lookup. You give them a name and a company, they guess an email pattern. They are sales tools. ghunt.sh starts where they end: you already have the email, and you want to know who is on the other side.

Those tools also do not look at Google. They scrape LinkedIn, crawl company directories, validate SMTP. A reverse lookup that ignores Google misses everything a Google account actually exposes, which is usually the richest public signal a person leaves online.

What this is not

ghunt.sh cannot read inbox content, cannot recover passwords, cannot bypass MFA, cannot access location history, cannot show private posts. Every field in the report comes from data the account owner chose, at some point, to make public through Google's own privacy settings. A locked-down account stays locked down.

The tool is meant for authorized OSINT work: penetration testing engagements with explicit scope, threat intelligence, journalism, due diligence, fraud investigation. Use it accordingly.

Pricing and quota

Single search is free with a soft daily quota per visitor. Sign in to lift the limit. Bulk lookup is a paid one-shot purchase, $0.50 per unique email with a 5-email minimum per batch ($2.50). No subscription, you pay only for the rows you upload.

Related reading

• Google account lookup from an email
• Email OSINT lookup for investigators
• What is GHunt? The framework explained
• ghunt.sh vs the original CLI