GatherContacts is a Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results.
As part of reconnaissance when performing a penetration test, it is often useful to gather employee names that can then be massaged into email addresses and usernames. The usernames may come in handy for performing a password spraying attack for example. One easy way to gather employee names is to use the following Burp Suite Pro extension as described below.
To collect employee names with Burp, you’ll need to do the following steps.
Also ReadSQLMap v1.2.9 – Automatic SQL Injection & Database Takeover Tool
This extension uses the jsoup Java library. You will need to download jsoup and tell Burp where to find it as shown below.
Add the “Gather Contacts” extension from the Extender–>Extensions tab as shown below:
Click Add–>SelectFile … and browse to the “GatherContacts.jar” file that you download from this repository.
Configure the Extension to save output to a file. This is where your usernames will be written. You can optionally select the “Show in UI” option, but the output window truncates items when the list gets too long.
Configure your browser to use Burp as a proxy as you normally would. From the browser, do a Google or Bing search of the following form (don’t forget the “/in” on the end of “linkedin.com”:
site:linkedin.com/in “Company Name”
Each of the employee names in the search results will be written to the output file you specified, as a tab delimited list. You can click on additional pages of results to get more employee names written to the file.
You can gather a large list of employee names quickly and easily with this method. Try importing the list into Microsoft Excel where you can use formulas to turn employee names into the appropriate username format such as first initial followed by last name.
When you are done, unload the Extension so you don’t burden Burp with inspecting all responses.
Note: If you aren’t getting a name written to the output file as you expect, it could be that the name was already ouput by the extension since it was loaded. To reset everything, unload (uncheck) the extension and then reload it.
For those of you not familiar with Excel formula’s, here are some formulas for creating usernames and email addresses from the output above. (Assume column B contains the first name and column C contains the last name)
Randomize the order of your username list before spraying to avoid being detected in some cases. You can add a column of random numbers to your spreadsheet using the =RAND() formula, then sort by this column.
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…
Embark on the journey of becoming a certified Red Team professional with our definitive guide.…
This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…
This took me like 4 days (+2 days for an update), but I got it…
MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…