OSINT gathering tool that allows you to compile a list of employee email addresses from a specific company via LinkedIn. Useful during the reconnaissance phase of a penetration test and can be used further to try and get initial access (ie: targeted phishing campaigns)
This tool is for EDUCATIONAL purposes only.
This tool is based off @Morganc3's https://github.com/morganc3/LinkedInHarvester. I cleaned up the code and added some vital features that were missing.
- Collect employee email addresses en-masse from a specific company
- Custom address formating, such as {first}.{last} or {l}{first}
- Output email addresses to a text file
- Narrow down employee search results by keywords, such as "human resources" or "sales"
git clone https://github.com/landoncrabtree/ScrapeIn.gitcd ScrapeInpip install -r requirements.txtpython3 scrapein.py
currentCompany=["<ID>"]
In order to use LinkedIn search to its full capabilities, you must authenticate with a CSRF token and a session ID. These are stored as cookies.
JSESSIONID and li_at. These values will need to be pasted in the config.yml.
$ scrapein.py <company_id> <domain>
$ python3 scrapein.py 12345 google.com
- -o|--output : Filename or path to output
- -k|--keyword : Keyword to narrow results down by
- -f|--format : Custom email address formatting string
$python3 scrapein.py <company_id> <domain> -o|--output -k|--keyword -f|--format
$ python3 scrapein.py 12345 google.com -o emails.txt -k 'human resources' -f '{l}-{first}'
One of the features this tool is the ability to format emails to virtually any format with some simple placeholders. It is recommended to use Hunter.io to figure out the company's email address formatting scheme.
Then, you can use the following placeholders in the -f argument:
{first} = first name
{last} = last name
{f} = first initial
{l} = last initial
{fx} = first x characters in first name (ie: {f3} )
{lx} = first x characters in last name (ie: {l3} )
-f {first}{last}
-f {last}
-f {last}{f}