Email Address Discovery

Generic Email Address Discovery

Email Finder

Find emails via search engines using a domain.

• https://github.com/Josue87/EmailFinder

./emailfinder -d domain.com

emailGuesser

Guess email addresses based on multiple inputs and preferences. The tool will then try and check that the generated email address is valid.

• https://github.com/WhiteHatInspector/emailGuesser

python3 emailGuesser.py

o365 User Discovery

OneDrive Enum

Enumerate valid o365 users

• https://github.com/nyxgeek/onedrive_user_enum

python3 onedrive_enum.py -t microsoft -d microsoft.com -U firstlastname.txt

G-Suite User Discovery

G-Suite email finding

Find valid email accounts using Gmail/G-Suite

• https://github.com/evilsocket/legba

legba http.enum --payloads <employees-names.txt> --http-success-string "COMPASS" --http-success-codes 204 --quiet --target "https://mail.google.com/mail/gxlu?email={PAYLOAD}@broadcom.com"

Email Address Discovery via LinkedIn

linkedin2username

Generate username lists for companies on LinkedIn

• https://github.com/initstring/linkedin2username

python3 linkedin2username.py -u <GitHub Email> -c linkedin <Company> -p

Email Address Discovery via Third Party Sources

The following websites actively track and record valid email addresses for marketing purposes. But, we can make use of them in offensive security too.

• Hunter.io

• https://rocketreach.co