A collection of scripts I use on pentests. Hopefully they can be of use to you as well!
A python based LinkedIn employee enumerator. This script is great for social engineering assessments where clients ask one to provide employee emails.
InSpy - A LinkedIn employee enumerator by Jonathan Broche (@g0jhonny)
optional arguments:
-h, --help show this help message and exit
-c COMPANY, --company COMPANY
Company name
-d [DEPT], --dept [DEPT]
Department or title to query employees against. Inspy
searches through a predefined list by default.
-e EMAILFORMAT, --emailformat EMAILFORMAT
Email output format. Acceptable formats:
first.last@xyz.com, last.first@xyz.com, flast@xyz.com,
lastf@xyz.com
-i [INPUTFILENAME], --inputfilename [INPUTFILENAME]
File with list of departments or titles to query
employees against (one item per line)
-o [OUTFILENAME], --outfilename [OUTFILENAME]
Output results to text file
./InSpy.py -c "acme corp"
--------------------------------------------------------------------------
InSpy v1.0 - LinkedIn User Enumerator, Jonathan Broche (@g0jhonny)
--------------------------------------------------------------------------
[*] Searching for employees working at acme corp with 'sales' in their title
[*] Searching for employees working at acme corp with 'hr' in their title
[*] Searching for employees working at acme corp with 'marketing' in their title
[*] Searching for employees working at acme corp with 'finance' in their title
[*] Searching for employees working at acme corp with 'accounting' in their title
[*] Searching for employees working at acme corp with 'director' in their title
[*] Searching for employees working at acme corp with 'administrative' in their title
[*] Searching for employees working at acme corp with 'lawyer' in their title
[*] Searching for employees working at acme corp with 'it' in their title
[*] Searching for employees working at acme corp with 'security' in their title
[*] Proud Arkie Accounts Receivable specialist at Acme Corp.
[*] Brian Russo Finance Manager at Acme corp
[*] Paul Samuelson Director of Customer Support at ACME Corp. Production Resources
[*] Steve Smith Developer at Acme Corp
[*] Sarah Rhodes Director of Sales at Acme Corp
[*] Frances Jones Assistant to the Director at Acme Corp
...snip...
[*] Done! 29 employees found.
[*] Completed in 28.7s
Provide InSpy with the email format of the respective corporation and it'll output the emails for you.
./InSpy.py -c 'acme corp' -e flast@acme.com
--------------------------------------------------------------------------
InSpy v1.0 - LinkedIn User Enumerator, Jonathan Broche (@g0jhonny)
--------------------------------------------------------------------------
[*] Searching for employees working at acme corp with 'sales' in their title
[*] Searching for employees working at acme corp with 'hr' in their title
[*] Searching for employees working at acme corp with 'marketing' in their title
[*] Searching for employees working at acme corp with 'finance' in their title
[*] Searching for employees working at acme corp with 'accounting' in their title
[*] Searching for employees working at acme corp with 'director' in their title
[*] Searching for employees working at acme corp with 'administrative' in their title
[*] Searching for employees working at acme corp with 'lawyer' in their title
[*] Searching for employees working at acme corp with 'it' in their title
[*] Searching for employees working at acme corp with 'security' in their title
[*] Proud Arkie, Accounts Receivable specialist at Acme Corp., parkie@acme.com
[*] Brian Russo, Finance Manager at Acme corp, brusso@acme.com
[*] Paul Samuelson, Director of Customer Support at ACME Corp. Production Resources, psamuelson@acme.com
[*] Steve Smith, Developer at Acme Corp, ssmith@acme.com
[*] Sarah Rhodes, Director of Sales at Acme Corp, srhodes@acme.com
[*] Frances Jones, Assistant to the Director at Acme Corp, fjones@acme.com
...snip...
[*] Done! 29 employees found.
[*] Completed in 29.0s
This script will take an IP address range or a list of addresses/ranges and either expand them into single IPs or combine them into a supernet. Very useful for those abnormal scopes.
EasyScope by Jonathan Broche (@g0jhonny)
optional arguments:
-h, --help show this help message and exit
-r RANGE RANGE, --range RANGE RANGE
A set of two IP addresses
-f FILE, --file FILE File containing one subnet (e.g., 192.168.1.1/24) or
IP range (e.g. 192.168.1.1-192.168.1.254) per line
-o OUTFILE, --outfile OUTFILE
File to write results to
-e, --expand Expand IP adddresses/ranges into single IP addresses
-c, --combine Combine IPs addresses/ranges into supernets
Expanding arbitrary IP address range with EasyScope
./easyscope.py -e -r 192.168.1.1 192.168.1.5
--------------------------------------------------
EasyScope v1.0 by Jonathan Broche (@g0jhonny)
--------------------------------------------------
[*] Validating IP addresses
Results are here! Standby...
192.168.1.1
192.168.1.2
192.168.1.3
192.168.1.4
192.168.1.5
[*] Done!
[*] Completed in 0.01s
Combining IP ranges into supernets with EasyScope
# cat subnets.txt
192.168.0.1/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
./easyscope.py -c -f subnets.txt
--------------------------------------------------
EasyScope v1.0 by Jonathan Broche (@g0jhonny)
--------------------------------------------------
[*] Validating IP addresses
Results are here! Standby...
192.168.0.0/22
[*] Done!
[*] Completed in 0.00s