Hey guys,
This is gonna be a quick post on a cool project I’ve been working on.

I take a class on Pentesting (HDE by See-Security) and my instructor gave us a project to complete. The project was to create a python program that, when given a company name, does the following:

  • Collects a list of employees from LinkedIn
  • Collects a list of emails posted in public websites (via google search or other search engine)
  • Create a list of emails for the employees using a pattern the company is likely using (based on the public emails we found)
  • Verify the which emails exists (via SMTP or any other service) - delete those that doesn’t.
  • Perform dictionary attack against the domain in order to find new subdomains via DNS queries.
  • Go over IP C-classes the program found in the previous task and do a perform a reverse DNS resolve for all those C-Class.

We were given a free hand in regards to how we implement the project.
I chose to create my own modules in Recon-ng.
This is the final result:

It has been fun creating these modules and it gave me a pretty good idea of what is possible in regards to OSINT.
The modules are available in my GitHub

Until next time…