The LinkedIn profile harvesting tool allows you to gather Linkedin profiles from any company that you specify. You can then use this information to start gathering information about company employee names and positions.
The command syntax for this tool looks like this:
For example to harvest profiles for Secure Ideas you would do the following:
The second python script is a username generator. This is a great script that will generate usernames based on social media sites. The syntax of the script looks like this:
For example to harvest possible usernames for Secure Ideas you would do the following:
Reconnoiter is a great tool that should be used for the reconnaissance phase of any penetration test. You can use this information to help gather usernames for brute forcing, or more information about the company for a social engineering attack. Reconnoiter can be downloaded from source forge.
James and Kevin highlighted this tool in the Professionally Evil Perspective podcast titled “Methodology Recon.”
Professionally Evil Toolkit (PET) is a blog series about tools that security professionals use in the industry. These tools can be used for many things including penetration testing, auditing, and testing. The tools mentioned in PET can be very dangerous when ran on production systems. Secure Ideas recommends you get authorization from the appropriate system owners and test against staging environments prior to running these tools.
Jeff Bleich is a Senior Security Consultant with Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at jeff@secureideas.com or visit the Secure Ideas – Professionally Evil site for services provided.