Finding Hidden Gems In Temporary Mail Services

In today's world, where temporary mail services are widely used, our project aims to monitor these services according to the provided configuration and to discover valuable gems.

For this research, we developed a command and control Python tool. This tool is hosted on our private Amazon server. So, what does this tool do? It constantly scans the most popular temporary mail services (yopmail, tempr.email, dispostable, guerrila, maildrop) and indexes the emails delivered to them based on specified keywords. The tool then notifies us via Telegram using the integrated Telegram API. This tool has been running on our server for about a year and has stored, and continues to store, more than 1 million emails. In our research, we analyzed these emails, the types of emails sent through these services, and their potential uses for hackers. We were able to take over accounts containing money from these mail services during our research. Our ongoing investigation has uncovered confidential personal information, account reset emails, hundreds of game accounts, and bitcoin wallet information. Some of these findings will be presented in a censored manner during our presentation.

Moreover, we will release the tool on GitHub after the presentation. This tool includes a configuration file that allows it to continuously crawl and monitor emails from specified URLs, and optionally save them. It filters the emails to record based on the keywords in the config file, making this tool highly effective.

For instance, I installed this tool and entered keywords such as eBay, password reset, bitcoin, and OTP. This tool saves or notifies you when emails containing these words are delivered to the relevant email services. Additionally, this tool features Telegram API integration, allowing you to receive real-time notifications via Telegram when relevant emails are received.

All these aspects are included in our research. During our project presentation, we will demonstrate a live proof of concept and showcase valuable findings we can obtain during the presentation.

In the bonus section, we will highlight red team activities we observed while examining these mail services. This part may be quite interesting 🙂