Email harvesting
Email harvesting is useful among others things in the OSINT phase of external and phishing
During an engagement, especially during social engineering attack or external penetration testing, the testers would want to collect as much information as possible on the company to be able to breach the client network perimeter. Thus, the gathering of email and others information about the employees and assets of the company is an important part of the mandate. Gathered emails can be used to conduct brute force attacks against exposed services or to perform phishing attacks.
Email Hunting Resources
Hunter.io
25 free research/month
API key
Does not give great result if you don't pay
Phonebook.cz
Completely free
Email addresses are not always valid
LinkedInT
Need the Hunter.io API key
Crosslinked
Python script
Does not always give a lot of output
Proxy support
Take into account the email format
Clearbit Connect
Extension for Google Mail
Does not always give a lot of results
Can be useful to find someone holding a specific position
Spiderfoot
Includes API from others third party.
Includes a GUI and CLI interfaces.
Give great results by experience.
Easy to install and use
Paid and free version (limit usage for free version)
Javascript Snippet to extract LinkedIn usernames
The list of usernames needs to be formatted for the correct usage.
Last updated