gloodin0.1Released!


Posted by Dennis Antunes

@antunesdennis

gloodin quite simply uses unique search techniques to maximize the number of potential usernames that can be harvested from linkedin using google’s cache and a given target organization name.

As automated crawling is contrary to google’s TOS, this tool is provided for research purposes only. Using this could really tick off google and get you shunned. Please don’t cry to me if this happens.

REQUIRES: python 2.x and the lxml package

USAGE: Simple:

./gloodin.py <target organization>

Results will be written to a number of files, most notably first_dot_last_<target_org> which presents the results in the only currently built-in format: firstname.lastname.

More formats to come: (first initial dot last; last dot first, etc). I hope to have command line switches to easily select the desired format with the option of appending email addresses as well shortly.

WHAT IT REALLY IS: gloodin is a python script that makes a large number of google queries along with the modifier “site:linkedin.com” to harvest thousands of potential employee names, going far beyond what a typical manual search would allow.

It achieves this by repeatedly searching for some very common first names, last names and titles, later stripping these out to grab all the rest. These names/terms are easily configurable by editing the included searchterms.txt, which is read in at run time.

WHY: To demonstrate how easy it is to harvest potential user names via social media, to underscore how important strong passwords are and to stress the overall need for two-factor authentication.

See http://securityjuggernaut.blogspot.com/2011/02/brute-forcing-passwords-part-2-with-and.html for more reasons to hate weak passwords.

TIPS: Some ways to improve the default searchterms.txt might be: add in the 10,20,30… most common Russian, Spanish, Portuguese, <insert language of choice> names; research the target organization and add in some of their common position names, etc.

Potential is limitless really. Just keep in mind you will eventually hit a limit as far as the query string is concerned. I’ve heard a 4K limit, but no one really knows for sure as google may impose there own as well. If you find out, please let me know… Again, this tool is for research purposes only. You risk getting shunned by google for using it. Do this inside of a corporate environment and you may also get punched in the face.

DISCLAIMER: The special sauce here is the approach to searching. I am not a coder by trade so admittedly, this code could be a whole lot better. Any suggestions for improvement would be greatly welcomed.

INSPIRATION: Heavily inspired by Reconnoiter: http://sourceforge.net/projects/reconnoiter/ Thank you Jason Wood!

LEFT TO DO: LOTS!!!

Support unicode

Break sections into functions:

  • Fetcher
  • Parser
  • Uniquer
  • Mangler
  • Spammer (email address appender) 

Command line switches for user name output format/separator –lf –fl –sep –all

All suggestions welcome!!!

Posted by Dennis Antunes

@antunesdennis

Mentoring the SANS Sec 542 in Foxboro, MA beginning 4/13/2011.

Before you register email me at stratmofo at gmail dot com for a special discount code!

About the author