So far it looks to be working very well.  A big thanks to Robin Wood (digininja), Larry Pesce (haxorthematrix) and Carlos Perez (Carlos_Perez or darkoperator) for their help.  All three were extremely willing to help me add functions, correct bugs and provide advice.

Technorati Tags: Metasploit module, reconnoiter project, username generation

One of the things that I really liked about the podcast was that the guys spent some time on how it could be better.  The requests I heard were the following:

• Configure what format it generates the user names into.  Perhaps you already know the format a client uses and need just want a dictionary.  Why have a bunch of user names that you know are bad.
• Add some kind of GUI or website.  Good point.  Particularly for the Yahoo version of the script.  That API key is insanely long to put in as a command line argument.
• Instead of spewing to STDOUT, save it to a file.  Larry has already provided the code for this and implemented it into both scripts.

I’ve been kicking around a couple other ideas, but will need to get some time to implement them.  I’ve also got another script in mind that may or may not help deduce what the user name format for a company might be.  Depends on how the target has their email server configured.  No hacking, just taking note of what the email server tells me.

You can check out the episode at pauldotcom.com.  Thanks guys!

Technorati Tags: pauldotcom episode 170, reconnoiter project, security tools, social media, username generation

I’d like to make the Yahoo script less ugly to use.  Putting a huge API key in as a command argument strikes me as kinda lame.  The results from it are very consistent though.  So I actually prefer using it to the google version of the script.  You can download the Yahoo script here:  usernameGenYahoo.txt The Google script is here:  usernameGen-v2.1.1.txt

Please let me know if you find any bugs with them, want additional functionality or if you just found them useful.

Technorati Tags: penetration testing, username generation, username generator

Now Linkedin generally lets people decide how much information they want displayed to people they don’t know. If you aren’t connected to them, all you may see is their description if you find them by company. No names. In my case, I’m connected with a lot of people, so this pollutes the process. So, I logged out of Linkedin to see how an outside might do this.

For this scenario, I’m an attacker who wants to find out about Company XYZ. I’m not employed by them, but they have something I want. I’m not connected to anyone on Linkedin at the target. In fact, I may not even have a Linkedin account. How do I get this information? Kevin Johnson at InGuardians has already done some awesome work on how people are willing to accept invitations on social networking sites from almost anyone. But lets say that I don’t want to get connected to my target. Who would have this information?

Google of course! Everyone wants Google to be able to find things on their website. Linkedin is no different. So I do a query on the company name like this “site:linkedin.com Company XYZ”. Sure enough, I get pages of people who work at or did work at Company XYZ. With a bit of Python scripting I download the results, mix the names into common username variations and I have my username list.

Here’s the script I hacked up to make this work. usernameGen.txt PDP at gnucitizen.org wrote the original script. I just polished up the regular expression and pointed the starting URL to Google’s mobile search to simplify the HTML. Then I added the username generation. Was a fun little puzzle for the evening.

Technorati Tags: social networking, username generation, web security