GetAvatar (since 2016)
Extract email from Gravatar images
Extract email from Gravatar images
JavaScript MD5 Web Workers
GetAvatar attempts to derive a (supposedly) anonymous email address behind a given Gravatar URL.
Gravatar uses an MD5 hash of the user’s email address to display an avatar / profile picture. If the user is registered on Gravatar, we can retrieve details from the Gravatar API and repeatedly guess combinations of names against various email provider domains to try and find a match.
I built this as a proof of concept, showcasing the potential inherent (and unfixable?) vulnerability in the Gravatar system. I’m pretty sure there’s no justifiable use case!