emploleaks: OSINT tool that helps detect members of a company with leaked credentials

by ddos · Published · Updated

EmploLeaks

This is a tool designed for Open Source Intelligence (OSINT) purposes, which helps to gather information about employees of a company.

🚀 How it Works

The tool starts by searching through LinkedIn to obtain a list of employees of the company. Then, it looks for their social network profiles to find their personal email addresses. Finally, it uses those email addresses to search through a custom COMB database to retrieve leaked passwords. You can easily add yours and connect to it through the tool.

Use

To use the tool, simply run the following command:

python3 cli/emploleaks.py

If everything went well during the installation, you will be able to start using EmploLeaks:

Right now, the tool supports two functionalities:

  • Linkedin, for searching all employees from a company and getting their personal emails.
    • A GitLab extension, which is capable of finding personal code repositories from the employees.
  • If defined and connected, when the tool is gathering employees’ profiles, a search to a COMB database will be made in order to retrieve leaked passwords.

Retrieving Linkedin Profiles

First, you must set the plugin to use, which in this case is linkedin. After, you should set your credentials and run the login process:

emploleaks> use --plugin linkedin
emploleaks(linkedin)> setopt USER myemail@domain.com
[+] Updating value successfull
emploleaks(linkedin)> setopt PASS mypass1234
[+] Updating value successfull
emploleaks(linkedin)> show options
Module options:

Name    Current Setting     Required    Description
------  ------------------  ----------  ---------------------------
USER    myemail@domain.com  yes         linkedin account's username
PASS    ********            yes         linkedin accout's password
hide    yes                 no          hide the password field
emploleaks(linkedin)> run login
[+] Session established.

 

Now that the module is configured, you can run it and start gathering information from the company:

emploleaks(linkedin)> run find EvilCorp
[+] Added 25 new names.
[+] Added 22 new names.
🦄 Listing profiles:
🔑 Getting and processing contact info of "XYZ ZYX"
	Contact info:
	email: xya@gmail.com
	full name: XYZ XYZ
	profile name: xyz-xyz
	occupation: Sr XYZ
	public identifier: xyz-zyx
	urn: urn:li:member:67241221

 

Get Linkedin accounts + Leaked Passwords

We created a custom workflow, where with the information retrieved by Linkedin, we try to match employees’ personal emails to potentially leaked passwords. In this case, you can connect to a database (in our case we have a custom-indexed COMB database) using the connect command, as shown below:

emploleaks(linkedin)> connect --user myuser --passwd mypass123 --dbname mydbname --host 1.2.3.4
[+] Connecting to the Leak Database...
[*] version: PostgreSQL 12.15

 

Once it’s connected, you can run the workflow. With all the users gathered, the tool will try to search in the database if a leaked credential is affecting someone:

As a conclusion, the tool will generate a console output with the following information:

  • A list of employees of the company (obtained from LinkedIn)
  • The social network profiles associated with each employee (obtained from email address)
  • A list of leaked passwords associated with each email address.

Install

Tags: EmploLeaks