Courses:

Offensive Countermeasures: The Art Of Active Defense: SANSFIRE June 15-16, Blackhat USA July 27-28 & 29-30


Defensive Countermeasures: Foundations for Becoming A Devious Defender: Blackhat USA July 27-28 & 29-30


Conferences:

Check out the entire PaulDotCom crew at BsidesRI June 14-15th!



Subscribe:

Blog:
Videos:
Podcast:


PaulDotCom EspaƱol


Hack Naked TV


Hack Naked At Night


Stogie Geeks


Sponsored By:


www.coresecurity.com


www.tenablesecurity.com


www.sans.org



Follow Us On:


twitter.com/pauldotcom

PaulDotCom YouTube Channel


Name That Employee with Gloodin0.1

By
John Strand
on March 22, 2011 12:25 PM |
gloodin0.1Released!

Posted by Dennis Antunes
@antunesdennis

gloodin quite simply uses unique search techniques to maximize the number of potential usernames that can be harvested from linkedin using google's cache and a given target organization name.
As automated crawling is contrary to google's TOS, this tool is provided for research purposes only. Using this could really tick off google and get you shunned. Please don't cry to me if this happens.

REQUIRES: python 2.x and the lxml package

USAGE: Simple: 
./gloodin.py <target organization>
Results will be written to a number of files, most notably first_dot_last_<target_org> which presents the results in the only currently built-in format: firstname.lastname.
More formats to come: (first initial dot last; last dot first, etc). I hope to have command line switches to easily select the desired format with the option of appending email addresses as well shortly.

WHAT IT REALLY IS: gloodin is a python script that makes a large number of google queries along with the modifier "site:linkedin.com" to harvest thousands of potential employee names, going far beyond what a typical manual search would allow.
It achieves this by repeatedly searching for some very common first names, last names and titles, later stripping these out to grab all the rest. These names/terms are easily configurable by editing the included searchterms.txt, which is read in at run time.

WHY: To demonstrate how easy it is to harvest potential user names via social media, to underscore how important strong passwords are and to stress the overall need for two-factor authentication.

See http://securityjuggernaut.blogspot.com/2011/02/brute-forcing-passwords-part-2-with-and.html for more reasons to hate weak passwords.

TIPS: Some ways to improve the default searchterms.txt might be: add in the 10,20,30... most common Russian, Spanish, Portuguese, <insert language of choice> names; research the target organization and add in some of their common position names, etc.
Potential is limitless really. Just keep in mind you will eventually hit a limit as far as the query string is concerned. I've heard a 4K limit, but no one really knows for sure as google may impose there own as well. If you find out, please let me know... Again, this tool is for research purposes only. You risk getting shunned by google for using it. Do this inside of a corporate environment and you may also get punched in the face.

DISCLAIMER: The special sauce here is the approach to searching. I am not a coder by trade so admittedly, this code could be a whole lot better. Any suggestions for improvement would be greatly welcomed.

INSPIRATION: Heavily inspired by Reconnoiter: http://sourceforge.net/projects/reconnoiter/ Thank you Jason Wood!

LEFT TO DO: LOTS!!!
Support unicode
Break sections into functions:
  • Fetcher
  • Parser
  • Uniquer
  • Mangler
  • Spammer (email address appender) 
Command line switches for user name output format/separator --lf --fl --sep --all

All suggestions welcome!!!

Posted by Dennis Antunes
@antunesdennis
Mentoring the SANS Sec 542 in Foxboro, MA beginning 4/13/2011.
Before you register email me at stratmofo at gmail dot com for a special discount code!

Categories: