Gathering Information From Job Websites
People can leave a trace and be watched from job looking websites and search engines. For example, he/she can leave his/her CV and his/her ad on different job looking websites. We can get his/her e-mail address, phone number, address, hobbies, abilities from that CVs. You can determine your victim's weak points, and you can attack to him/her with social engineering.
Example Job Looking Websites;
Indeed
CareerBuilder Job Board
Monster
SimplyHired
Glassdoor
Handshake
ZipRecruiter
Information Gathering Tool For Linkedln
Detailed Expression: https://www.turkhackteam.org/sosyal-muhendislik/1873532-linkedin-bilgi-toplama-p4rs.html
What Is CrossLinked
CrossLinked makes a list of all workers' Linkedln accounts and their ranks (senior pentester etc.) in a company.
CrossLinked Link
https://github.com/m8r0wn/crosslinked
Click this link and go to GitHub adress.
Open terminal and type this;
Kod:
cd Desktop/We came to Desktop directory. After then,
Kod:
git clone https://github.com/m8r0wn/crosslinkedType this and download that tool.
After then,
Kod:
cd CrossLinked/Type this. We are in CrossLinked file now. And,
Kod:
pip3 install -r requirements.txtType this for necessary installing steps
It showed example using to us.
Now back to Terminal and start to using.
Kod:
python3 crosslinked.py -f 'twitter{first}.{last}' -t 45 -j 0.5 twitterType this. We'll learn Twitter accounts of workers with this
It said it wrote that account usernames in names.txt file. Type this for see them.
Kod:
cat names.txtAs you can see, we found accounts of belong to that company's workers.
Now, we'll make a list of their jobs in company.
Kod:
python3 crosslinked.py -v -f 'twitter\{f}{last}' -t 45 -j 0.5 twitterType this. We'll do this process with -v parameter.
Now, we can see that datas.
Let's look to them on Microsoft too.
Kod:
python3 crosslinked.py -f 'microsoft{f}.{last}' microsoftType this in Terminal.
As you can see, we reached to datas.
-t : Is about time out, default value is 25 seconds
-j : Is about how deep it's gonna dig, default is 0 but my recommendation is 0.5
I recorded a video for show the results to you. (First video is my)
[ame]https://www.youtube.com/watch?v=x20RigzL0-E[/ame]
[ame]https://www.youtube.com/watch?v=hVQFxzFi9rs[/ame]
Is It Illegal Gathering Information on Linkedln
A company which has more than 100 employees in it, can gather all public data in LinkedIn easily by developing a software. It can make this gathering process with continuously for update that informations.
Company must do these 2 processes for gathering information with software: Web Crawling and Web Scraping. The company collect of workers' profile links with Web Crawling in Linkedln. And start to gathering information (username, name and surname etc.) from them with Web Scraping.
Source: https://www.turkhackteam.org/sosyal-muhendislik/1909455-siteleri-uzerinden-veri-toplama.html
Translator: M3m0ry
Son düzenleme:
