Nmap Development mailing list archives
Re: [NSE] New script: google-people-enum.nse
From: David Muscut <davidmuscut () gmail com>
Date: Tue, 14 Feb 2017 14:38:53 +0200
Hi Paulino, Is it possible to use this script to enumerate email addresses without knowing the correct prefix (i.e. the string before the @) or do you need a good username library to start with? - D On Thu, Jan 19, 2017 at 11:17 PM, Paulino Calderon <paulino () calderonpale com
wrote:
Hello list, Today we polished (and published) a new NSE script that we use internally during social engineering engagements. We hope you find it useful. description = [[ Attempts to enumerate valid email addresses using Google's Internal People API. If a valid email address is found, it also grabs the display name and photo from the profile. This script uses 'unpwdb' for username guessing but you can provide your own list (--script-args userdb=/tmp/user.lst). A valid Google account must be provided to communicate with the API. References: https://developers.google.com/people/api/rest/ TODO: * Implement OAUTH to replace username and password. ]] --- -- @usage -- nmap -sn --script google-people-enum --script-args='username=<username>,password=<password>' <domain> -- @usage -- nmap -sn --script google-people-enum --script-args='username=< username>,password=<password>,domain=<domain>' <target> -- -- @output -- Host script results: -- | google-people-enum: -- | users: -- | -- | user1 () example com: -- | photo: https://lh3.googleusercontent. com/XXXXXXXXXXXXX/photo.jpg -- | name: User 1 -- | -- | user2 () example com: -- |_ photo: https://lh3.googleusercontent. com/XXXXXXXXXXXXXXX/photo.jpg google-people-enum.nse: https://github.com/cldrn/nmap- nse-scripts/blob/master/scripts/google-people-enum.nse Paulino Calderon Pale || www.calderonpale.com || @calderpwn on Twitter _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] New script: google-people-enum.nse Paulino Calderon (Jan 19)
- Re: [NSE] New script: google-people-enum.nse David Muscut (Feb 14)
- Re: [NSE] New script: google-people-enum.nse Paulino Calderon (Feb 14)
- Re: [NSE] New script: google-people-enum.nse David Muscut (Feb 14)