I was messing with something today and remembered episode 129 had a segment
on using a target company's website to generate passwords.? I tried it out
and with a bit tweaking it worked great.? But I also wanted a username list
that was targeted for the company.? I took a twist on creating passwords and
did some queries on Google such as "site:linkedin.com CompanyName".? In my
case, I found 26 pages of search results containing almost nothing but
people's full names.
I found a python script that pdp at gnucitizen had written to pull google
search results.? I did some hacking on it and came up with a script to
create a list of usernames using the targeted search results.? It creates
the basic variations of first initial, last name and firstname, last
initial.? I'm not a python scripter, so if you have any suggestions on
improvements please let me know.? I've got it dialed down to only take the
first page's results.? You can download it at
The only real defense I can think of against this is to make sure usernames
at your organization are not based on their names.? I know from experience
that people will absolutely HATE it, but it would work.
Any how, hopefully this is useful to someone else.
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com