Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] New script: google-people-enum.nse

From: Paulino Calderon <paulino () calderonpale com>
Date: Tue, 14 Feb 2017 07:50:01 -0600
Hi,

Unfortunately the API does not let you list all email addresses without knowing them. You will have to create your own 
username list, keep in mind that a lot of places use the same naming scheme so we have been able to obtain dozens of 
valid email addresses just following the naming scheme with common names and last names.

Cheers.


On Feb 14, 2017, at 6:38 AM, David Muscut <davidmuscut () gmail com> wrote:

Hi Paulino,

Is it possible to use this script to enumerate email addresses without knowing the correct prefix (i.e. the string 
before the @) or do you need a good username library to start with?

- D

On Thu, Jan 19, 2017 at 11:17 PM, Paulino Calderon <paulino () calderonpale com <mailto:paulino () calderonpale com>> 
wrote:
Hello list,

Today we polished (and published) a new NSE script that we use internally during social engineering engagements. We 
hope you find it useful.

description = [[
Attempts to enumerate valid email addresses using Google's Internal People API. If a valid email address is found, it
also grabs the display name and photo from the profile.

This script uses 'unpwdb' for username guessing but you can provide your own list (--script-args 
userdb=/tmp/user.lst).
A valid Google account must be provided to communicate with the API.

References:
https://developers.google.com/people/api/rest/ <https://developers.google.com/people/api/rest/>

TODO:
* Implement OAUTH to replace username and password.
]]

---
-- @usage
-- nmap -sn --script google-people-enum --script-args='username=<username>,password=<password>' <domain>
-- @usage
-- nmap -sn --script google-people-enum --script-args='username=<username>,password=<password>,domain=<domain>' 
<target>
--
-- @output
-- Host script results:
-- | google-people-enum:
-- |   users:
-- |
-- |       user1 () example com <mailto:user1 () example com>:
-- |         photo: https://lh3.googleusercontent.com/XXXXXXXXXXXXX/photo.jpg 
<https://lh3.googleusercontent.com/XXXXXXXXXXXXX/photo.jpg>
-- |         name: User 1
-- |
-- |       user2 () example com <mailto:user2 () example com>:
-- |_        photo: https://lh3.googleusercontent.com/XXXXXXXXXXXXXXX/photo.jpg 
<https://lh3.googleusercontent.com/XXXXXXXXXXXXXXX/photo.jpg>

google-people-enum.nse: https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/google-people-enum.nse 
<https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/google-people-enum.nse>



Paulino Calderon Pale ||  www.calderonpale.com <http://www.calderonpale.com/> || @calderpwn on Twitter


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev <https://nmap.org/mailman/listinfo/dev>
Archived at http://seclists.org/nmap-dev/ <http://seclists.org/nmap-dev/>




_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: