I made a new version faster and easier to use here

EmailDomainFinder

EmailDomainFinder is an OSINT program that allows you to uncover a censored domain in an email adress.
For example, you can find out an account's censored email by using the password recovery mode on sites such as Instagram or Twitter.
The email adress will appear like this : h**********6@y***o.com.
Enter this email in EmailDomainFinder, and you'll get this result :
[Match] y***o.com matches with yahoo.com

For common used email, it's not the ideal, but if your target uses rarely used domain, it will never be that fast to uncover what is it.
This program uses a list of 6100 + domain list (https://gist.github.com/ammarshah/f5c2624d767f91a7cbdc4e54db8dd0bf) oftenly updated.

Installation

git clone https://github.com/novitae/EmailDomainFinder
cd EmailDomainFinder
pip install -r requirements.txt
python refgen.py

Running refgen.py will get the domain list and generate the technical reference list for the program to work.
To update the domain list, just python refgen.py again, it will delete the list and install the latest version.

If you want install the first version where the program asks you directly for the email/domain and if you want to export,
simply replace the first installation line by git clone https://github.com/novitae/EmailDomainFinder/tree/b8b4f708be771a66a32e38e6d37bc35b17fa54e6,
and do the same steps than if it was the actual repo.

Running it

To tun the program, do python emaildomainfinder.py -h. To enter a mail, do python emaildomainfinder.py . You can also enter a simple censored domain name too (without the name and @), it will work.
To export the match results, place -e after your mail. If you want to choose the character that represents the masked characters in you censored domain, add -m . It can follow the -eif there is one. If you export the result, it will be exported in the folder where emaildomainfinder.py is in a file named DomainsCorrelation.txt.

How it works ?

First, i'm a beginner in Python, please don't trashtalk me for what you will read if you find that terrible. Thanks.

So, the refgen.py downloads the list of all public domain provider. Then it takes each line of it, and create, what i called, a "reference list".
For example, 0-mail.com will be turned in (6, 3);0-mail.com;0#1 -#2 m#3 a#4 i#5 l#6 .#7 c#8 o#9 m#10 .

• So, (6, 3) is the "reference". It is the list of the lenght of each string of each side of the . in the domain.
  For example, len(0-mail) equals 6, and len(com) equals 3.

• Then, 0-mail.com is simply the mail so we can get it back further to write it.

• Finally, 0#1 -#2 m#3 a#4 i#5 l#6 .#7 c#8 o#9 m#10 are the "characters references".
  It spells the domain but with the location of each characters after the #.

When you launch emaildomainfinder.py, the email you enter only keeps the part after the @, to only keep the domain. It makes a reference for the email (('i', 'i'), or ('i', 'i', 'i') if the domain have 3 times a .), then it spells the same manner than before the domain to make "character references". It write these in a sort of "cache" txt file.

Then the lines of the "cache" file are turned into a list. Then "character references" part of the domain list is turned into a list too. Then we compare the lists. If all the elements of the list of the entered domain are in the "character references" part of the domain list, we print and/or export the name of the domain.