-
Notifications
You must be signed in to change notification settings - Fork 187
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
86d979f
commit 7b2e038
Showing
1 changed file
with
24 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -3,6 +3,8 @@ OSINT Tool: Generate username lists from companies on LinkedIn. | |
|
|
||
| This is a pure web-scraper, no API key required. You use your valid LinkedIn username and password to login, it will create several lists of possible username formats for all employees of a company you point it at. | ||
|
|
||
| Login is done with Selenium in a spawned browser window. Maintaining a working CLI login flow was a lot of work, and this resolves many issues while supporting login challenges and 2FA. | ||
|
|
||
| Use an account with a lot of connections, otherwise you'll get crappy results. Adding a couple connections at the target company should help - this tool will work up to third degree connections. Note that [LinkedIn will cap search results](https://www.linkedin.com/help/linkedin/answer/129/what-you-get-when-you-search-on-linkedin?lang=en) to 1000 employees max. You can use the features '--geoblast' or '--keywords' to bypass this limit. Look at help below for more details. | ||
|
|
||
| **WARNING**: LinkedIn has recently (Sept 2020) been hitting li2u users with the monthly commercial search limit. It's a bit mysterious as to when/why this happens. When you hit the limit, you won't be able to search again until the 1st of the month. If you know of a workaround, please let me know. | ||
|
|
@@ -24,58 +26,50 @@ You'll need to provide the tool with LinkedIn's company name. You can find that | |
|
|
||
| Here's an example to pull all employees of Uber: | ||
| ``` | ||
| $ python linkedin2username.py [email protected] uber-com | ||
| $ python linkedin2username.py -c uber-com | ||
| ``` | ||
|
|
||
| Here's an example to pull a shorter list and append the domain name @uber.com to them: | ||
| ``` | ||
| $ python linkedin2username.py [email protected] uber-com -d 5 -n 'uber.com' | ||
| $ python linkedin2username.py -c uber-com -d 5 -n 'uber.com' | ||
| ``` | ||
|
|
||
| # Full Help | ||
| ``` | ||
| usage: linkedin2username.py [-h] [-p PASSWORD] [-n DOMAIN] [-d DEPTH] | ||
| [-s SLEEP] | ||
| username company | ||
| usage: linkedin2username.py [-h] -c COMPANY [-n DOMAIN] [-d DEPTH] | ||
| [-s SLEEP] [-x PROXY] [-k KEYWORDS] [-g] [-o OUTPUT] | ||
| positional arguments: | ||
| username A valid LinkedIn username. | ||
| company Company name. | ||
| OSINT tool to generate lists of probable usernames from a given company's LinkedIn page. | ||
| This tool may break when LinkedIn changes their site. | ||
| Please open issues on GitHub to report any inconsistencies. | ||
| optional arguments: | ||
| -h, --help show this help message and exit | ||
| -p PASSWORD, --password PASSWORD | ||
| Specify your password on in clear-text on the command | ||
| line. If not specified, will prompt and not display on | ||
| screen. | ||
| -c COMPANY, --company COMPANY | ||
| Company name exactly as typed in the company linkedin profile page URL. | ||
| -n DOMAIN, --domain DOMAIN | ||
| Append a domain name to username output. [example: '-n | ||
| uber.com' would ouput [email protected]] | ||
| Append a domain name to username output. [example: "-n uber.com" would | ||
| output [email protected]] | ||
| -d DEPTH, --depth DEPTH | ||
| Search depth. If unset, will try to grab them all. | ||
| Search depth (how many loops of 25). If unset, will try to grab them | ||
| all. | ||
| -s SLEEP, --sleep SLEEP | ||
| Seconds to sleep between pages. defaults to 3. | ||
| Seconds to sleep between search loops. Defaults to 0. | ||
| -x PROXY, --proxy PROXY | ||
| HTTPS proxy server to use. Example: "-p | ||
| https://localhost:8080" WARNING: WILL DISABLE SSL | ||
| VERIFICATION. | ||
| Proxy server to use. WARNING: WILL DISABLE SSL VERIFICATION. | ||
| [example: "-p https://localhost:8080"] | ||
| -k KEYWORDS, --keywords KEYWORDS | ||
| Filter results by a a list of command separated | ||
| keywords. Will do a separate loop for each keyword, | ||
| potentially bypassing the 1,000 record limit. | ||
| [example: "-k 'sales,human resources,information | ||
| technology'] | ||
| -g, --geoblast Attempts to bypass the 1,000 record search limit by | ||
| running multiple searches split across geographic | ||
| regions. | ||
| Filter results by a a list of command separated keywords. | ||
| Will do a separate loop for each keyword, | ||
| potentially bypassing the 1,000 record limit. | ||
| [example: "-k 'sales,human resources,information technology'] | ||
| -g, --geoblast Attempts to bypass the 1,000 record search limit by running | ||
| multiple searches split across geographic regions. | ||
| -o OUTPUT, --output OUTPUT | ||
| Output Directory, defaults to li2u-output | ||
| ``` | ||
|
|
||
| # Toubleshooting | ||
| Sometimes LinkedIn does weird stuff or returns weird results. Sometimes it doesn't like you logging in from new locations. If something looks off, run the tool once or twice more. If it still isn't working, please open an issue. | ||
|
|
||
| Multi-factor authentication (MFA, 2FA) is not supported in this tool. | ||
|
|
||
| *This is a security research tool. Use only where granted explicit permission from the network owner.* | ||