Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Creating usernames using Google and Linkedin
From: larry at pauldotcom.com (Larry Pesce)
Date: Fri, 12 Jun 2009 10:06:20 -0400

Wow, this works like a freaking champ.  Now to NOT throttle it to the
first page of google results. :-)

Jason, you can be sure I'll be adding this to my recon methodologies,
whether this script, or though CEWL.

Thanks!

- L

Jason Wood wrote:
Hey all,
I was messing with something today and remembered episode 129 had a
segment on using a target company's website to generate passwords.  I
tried it out and with a bit tweaking it worked great.  But I also wanted
a username list that was targeted for the company.  I took a twist on
creating passwords and did some queries on Google such as
"site:linkedin.com <http://linkedin.com> CompanyName".  In my case, I
found 26 pages of search results containing almost nothing but people's
full names.

I found a python script that pdp at gnucitizen had written to pull
google search results.  I did some hacking on it and came up with a
script to create a list of usernames using the targeted search results. 
It creates the basic variations of first initial, last name and
firstname, last initial.  I'm not a python scripter, so if you have any
suggestions on improvements please let me know.  I've got it dialed down
to only take the first page's results.  You can download it at
http://www.jwnetworkconsulting.com/downloads/usernameGen.txt 

The only real defense I can think of against this is to make sure
usernames at your organization are not based on their names.  I know
from experience that people will absolutely HATE it, but it would work.

Any how, hopefully this is useful to someone else. 

Jason


------------------------------------------------------------------------

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]