[NSE] New script: google-people-enum.nse

[Paulino Calderon <paulino () calderonpale com>]

Hello list,

Today we polished (and published) a new NSE script that we use internally during social engineering engagements. We 
hope you find it useful.

description = [[
Attempts to enumerate valid email addresses using Google's Internal People API. If a valid email address is found, it 
also grabs the display name and photo from the profile.

This script uses 'unpwdb' for username guessing but you can provide your own list (--script-args userdb=/tmp/user.lst). 
A valid Google account must be provided to communicate with the API.

References:
https://developers.google.com/people/api/rest/

TODO:
* Implement OAUTH to replace username and password.
]]

---
-- @usage
-- nmap -sn --script google-people-enum --script-args='username=<username>,password=<password>' <domain>
-- @usage
-- nmap -sn --script google-people-enum --script-args='username=<username>,password=<password>,domain=<domain>' <target>
--
-- @output
-- Host script results:
-- | google-people-enum: 
-- |   users: 
-- |     
-- |       user1 () example com: 
-- |         photo: https://lh3.googleusercontent.com/XXXXXXXXXXXXX/photo.jpg
-- |         name: User 1
-- |     
-- |       user2 () example com: 
-- |_        photo: https://lh3.googleusercontent.com/XXXXXXXXXXXXXXX/photo.jpg

google-people-enum.nse: https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/google-people-enum.nse

Attachment: google-people-enum.nse
Description:

Paulino Calderon Pale ||  www.calderonpale.com || @calderpwn on Twitter

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/