CrossLinked is a LinkedIn enumeration tool that uses search engine scraping to collect valid employee names from an organization. This technique provides accurate results without the use of API keys, credentials, or accessing LinkedIn directly!
Scrape public LinkedIn profile data at scale with Proxycurl APIs.
• Scraping Public profiles are battle tested in court in HiQ VS LinkedIn case.
• GDPR, CCPA, SOC2 compliant
• High rate limit – 300 requests/minute
• Fast – APIs respond in ~2s
• Fresh data – 88% of data is scraped real-time, other 12% are not older than 29 days
• High accuracy
• Tons of data points returned per profile
Built for developers, by developers.
Install the last stable release from PyPi:
pip3 install crosslinkedInstall and run the latest code using Poetry:
git clone https://github.com/m8sec/subscraper
cd subscraper
poetry install
poetry run crosslinked -hInstall the most recent code from GitHub:
git clone https://github.com/m8sec/crosslinked
cd crosslinked
pip3 install .CrossLinked assumes the organization’s account naming convention has already been identified. This is required for execution and should be added to the CMD args based on your expected output. See the Naming Format and Example Usage sections below:
{first.{last} = john.smith
CMP\{first}{l} = CMP\johns
{f}{last}@company.com = jsmith@company.comTo be compatible with alternate naming conventions CrossLinked allows users to control the index position of the name extracted from search text. Should the name not be long enough, or errors encountered with the search string, CrossLinked will revert back to its default format.
Note: the search string array starts at 0. Negative numbers can also be used to count backwards from the last value.
# Default output
python3 crosslinked.py -f '{first}.{last}@company.com' Company
John David Smith = john.smith@company.com
# Use the second-to-last name as "last"
python3 crosslinked.py -f '{0:first}.{-2:last}@company.com' Company
John David Smith = john.david@company.com
Jane Doe = jane.doe@company.com
# Use the second item in the array as "last"
python3 crosslinked.py -f '{first}.{1:last}@company.com' Company
John David Smith = john.david@company.com
Jane Doe = jane.doe@company.comBy default, CrossLinked will use google and bing search engines to identify employees of the target organization. After execution, two files (names.txt & names.csv) will appear in the current directory, unless modified in the CMD args.
Parse section below for more.python3 crosslinked.py -f '{first}.{last}@domain.com' company_namepython3 crosslinked.py -f 'domain\{f}{last}' -t 15 -j 2 company_nameAccount naming convention changed after execution and now your hitting CAPTCHA requests? No Problem!
CrossLinked includes a names.csv output file, which stores all scraping data including: name, job title, and url. This can be ingested and parsed to reformat user accounts as needed.
python3 crosslinked.py -f '{f}{last}@domain.com' names.csvThe latest version of CrossLinked provides proxy support to rotate source addresses. Users can input a single proxy with --proxy 127.0.0.1:8080 or use multiple via --proxy-file proxies.txt.
> cat proxies.txt
127.0.0.1:8080
socks4://111.111.111.111
socks5://222.222.222.222
> python3 crosslinked.py --proxy-file proxies.txt -f '{first}.{last}@company.com' -t 10 "Company"positional arguments:
company_name Target company name
optional arguments:
-h, --help show help message and exit
-t TIMEOUT Max timeout per search (Default=15)
-j JITTER Jitter between requests (Default=1)
Search arguments:
--search ENGINE Search Engine (Default='google,bing')
Output arguments:
-f NFORMAT Format names, ex: 'domain\{f}{last}', '{first}.{last}@domain.com'
-o OUTFILE Change name of output file (omit_extension)
Proxy arguments:
--proxy PROXY Proxy requests (IP:Port)
--proxy-file PROXY Load proxies from file for rotationContribute to the project by:
bomber is an application that scans SBOMs for security vulnerabilities. So you've asked a vendor…
Embed a payload within a PNG file by splitting the payload across multiple IDAT sections.…
Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…
Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…