• Stars
    star
    182
  • Rank 211,154 (Top 5 %)
  • Language
    Java
  • Created over 6 years ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results

Gather Contacts

A Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results.

As part of reconnaissance when performing a penetration test, it is often useful to gather employee names that can then be massaged into email addresses and usernames. The usernames may come in handy for performing a password spraying attack for example. One easy way to gather employee names is to use the following Burp Suite Pro extension as described below.

You may be able to discover the username format by analyzing the metadata of documents posted to a company's public web sites as described here. To collect employee names with Burp, you'll need to do the following steps.

Step 1

This extension uses the jsoup Java library. You will need to download jsoup and tell Burp where to find it as shown below.

Jsoup Dependency

Select the folder that contains the jsoup jar file, in this case I downloaded jsoup into the C:\Users\Public\Downloads\lib folder.

Step 2

Add the "Gather Contacts" extension from the Extender-->Extensions tab as shown below:

Gather Contacts Extension

Click Add-->SelectFile ... and browse to the "GatherContacts.jar" file that you download from this repository.

Step 3

Configure the Extension to save output to a file. This is where your usernames will be written. You can optionally select the "Show in UI" option, but the output window truncates items when the list gets too long.

Save Output

Step 4

Configure your browser to use Burp as a proxy as you normally would. From the browser, do a Google or Bing search of the following form (don't forget the "/in" on the end of "linkedin.com":

site:linkedin.com/in "Company Name"

Example

Each of the employee names in the search results will be written to the output file you specified, as a tab delimited list. You can click on additional pages of results to get more employee names written to the file.

Results links

Step 5

You can gather a large list of employee names quickly and easily with this method. Try importing the list into Microsoft Excel where you can use formulas to turn employee names into the appropriate username format such as first initial followed by last name.

Import to Excel

Data in Excel

Step 6

When you are done, unload the Extension so you don't burden Burp with inspecting all responses.

Note: If you aren't getting a name written to the output file as you expect, it could be that the name was already ouput by the extension since it was loaded. To reset everything, unload (uncheck) the extension and then reload it.

Extra Info

For those of you not familiar with Excel formula's, here are some formulas for creating usernames and email addresses from the output above. (Assume column B contains the first name and column C contains the last name)

Data in Excel

Pro Tips

Randomize the order of your username list before spraying to avoid being detected in some cases. You can add a column of random numbers to your spreadsheet using the =RAND() formula, then sort by this column.

Randomize your source IP using ProxyCannon from #_shellIntel as described here.

More Repositories

1

DPAT

Domain Password Audit Tool for Pentesters
Python
882
star
2

SlackExtract

A PowerShell script to download all files, messages and user profiles that a user has access to in slack.
PowerShell
137
star
3

CookieCrimesJS

A cross-platform one-liner to steal a user's cookies from Chrome <- cool
HTML
86
star
4

Detect-SSLmitm

This PowerShell script will determine if your connection to external servers over HTTPS is being decrypted by an intercepting proxy such as the internet proxies commonly found in corporate environments. It does this by comparing the SSL intermediate certificate being used for your connection to the true/known SSL certificate for the server.
PowerShell
67
star
5

Commentator

PowerShell
50
star
6

VBAstomp

A repository of example VBA stomped documents
24
star
7

G-chimp

An automated way to send phishing emails from Google/G-suite.
JavaScript
18
star
8

PowerShellForInfoSec

PowerShell
18
star
9

DeployREMnux

DeployREMnux is a Python script that will deploy a cloud instance of the public REMnux distribution in the Amazon cloud (AWS).
Python
16
star
10

TellTail

A tool to display Windows Event logs as they happen.
C#
12
star
11

AtomicRunner

PowerShell
12
star
12

Presentations

Slides from Security Conferences Presentations
5
star
13

Gather-Usernames-From-Google-LinkedIn-Results

4
star
14

AttackEmulationTools

PowerShell
4
star
15

ChromeShot

Capture web screenshots using Chrome. No other dependencies required. Works cross platform.
HTML
4
star
16

dc8-deployment-PUBLIC

PowerShell
4
star
17

YaraRules

A collection of yara rules for detection of malicious content
3
star
18

AtomicRedTeamHooks

PowerShell
2
star
19

Invoke-SheetUnprotect

PowerShell
2
star
20

Export-ATPCustomDetections

This cross-platform PowerShell script will download all ATP detections you have access to including scheduled (custom), shared and user (personal) queries.
PowerShell
2
star
21

AtomicRedteam

PowerShell
1
star
22

clr2of8.github.io

HTML
1
star
23

community

Open-source ATT&CK procedures
1
star