emploleaks: OSINT tool that helps detect members of a company with leaked credentials

by do son · November 6, 2023

EmploLeaks

This is a tool designed for Open Source Intelligence (OSINT) purposes, which helps to gather information about employees of a company.

🚀 How it Works

The tool starts by searching through LinkedIn to obtain a list of employees of the company. Then, it looks for their social network profiles to find their personal email addresses. Finally, it uses those email addresses to search through a custom COMB database to retrieve leaked passwords. You can easily add yours and connect to it through the tool.

Use

To use the tool, simply run the following command:

python3 cli/emploleaks.py

If everything went well during the installation, you will be able to start using EmploLeaks:

Right now, the tool supports two functionalities:

Linkedin, for searching all employees from a company and getting their personal emails.
- A GitLab extension, which is capable of finding personal code repositories from the employees.
If defined and connected, when the tool is gathering employees’ profiles, a search to a COMB database will be made in order to retrieve leaked passwords.

Retrieving Linkedin Profiles

First, you must set the plugin to use, which in this case is linkedin. After, you should set your credentials and run the login process:

emploleaks> use --plugin linkedin

emploleaks(linkedin)> setopt USER myemail@domain.com

[+] Updating value successfull

emploleaks(linkedin)> setopt PASS mypass1234

[+] Updating value successfull

emploleaks(linkedin)> show options

Module options:



Name    Current Setting     Required    Description

------  ------------------  ----------  ---------------------------

USER    myemail@domain.com  yes         linkedin account's username

PASS    ********            yes         linkedin accout's password

hide    yes                 no          hide the password field

emploleaks(linkedin)> run login

[+] Session established.

Now that the module is configured, you can run it and start gathering information from the company:

emploleaks(linkedin)> run find EvilCorp

[+] Added 25 new names.

[+] Added 22 new names.

🦄 Listing profiles:

🔑 Getting and processing contact info of "XYZ ZYX"

	Contact info:

	email: xya@gmail.com

	full name: XYZ XYZ

	profile name: xyz-xyz

	occupation: Sr XYZ

	public identifier: xyz-zyx

	urn: urn:li:member:67241221

Get Linkedin accounts + Leaked Passwords

We created a custom workflow, where with the information retrieved by Linkedin, we try to match employees’ personal emails to potentially leaked passwords. In this case, you can connect to a database (in our case we have a custom-indexed COMB database) using the connect command, as shown below:

emploleaks(linkedin)> connect --user myuser --passwd mypass123 --dbname mydbname --host 1.2.3.4

[+] Connecting to the Leak Database...

[*] version: PostgreSQL 12.15

Once it’s connected, you can run the workflow. With all the users gathered, the tool will try to search in the database if a leaked credential is affecting someone:

As a conclusion, the tool will generate a console output with the following information:

A list of employees of the company (obtained from LinkedIn)
The social network profiles associated with each employee (obtained from email address)
A list of leaked passwords associated with each email address.