Close
0%
0%

Improved E-mail Collector

This is a modified version of the e-mail collector script that is originally present in any install of the metasploit framework.

Similar projects worth following
The email collector originally search Google, Yahoo, and Bing in order to retrieve e-mail addresses from the targeted domain using a series of regular expression.
I actually wanted to improve it's efficience and so I added the search on : Ask, Aol, Yandex, Baidu, Lycos. I might add some more if some new search engines are created.
  • Hello World!

    pierrep05/16/2014 at 08:45 0 comments

    Well here is one of my first programming project.

    A fun part of pentesting is the gathering part, when a pentester looks for valuable information to assess his victim. A big part of information gathering has to do with e-mails and social networks in order to be able to exploit the human's weaknesses.

    Here's were the e-mail collectector come to action. The original version was searching three engines and I thought "Only three ?!". I went to work, looking into the orginal code to understand the structure and the way the script worked.

    Finally I was able to come up with a quite "neat" Metasploit module that is now able to search : 

    •  The firts three engines (original version) : Google, Bing, Yahoo
    • The new ones : Ask, Aol, Yandex, Baidu, Lycos.

    My goal was to have an email collector I hopefully would only use once during the assessment. The reason Yandex and Baidu engines are used is for Chinese and Russians to be able to use the script searching their country's search engine with which results may be more accurate.

    Unfortunatly I recently noticed the change of the code in the Lycos as Baidu engine which gave me badly formated results. You can try to run it and you will see. 

    Hopefully, the latest tries I gave to this script shown me that a previous error displayed in the shown response was actually coming from the Ask engine and now seems to be corrected.

    If you have a clue to correct one of the described bugs tell me and if it was not already corrected I will do so.

View project log

  • 1
    Step 1

    Download metasploit and ruby (required to use the script).

    # yaourt -S metasploit-git (compiled version)

     If you don't want to compile the Metasploit framework you can install a precompiled version of the framework 

    # yaourt -S metasploit
  • 2
    Step 2

    Download the email collector script.

    git clone https://github.com/pPailleux/Metasploit/
  • 3
    Step 3

    Copy the file to the right place, sice this script is intended to be gathering stuff it has to be in the "gather" folder of Metasploit.

    # cp ./search_email_collector_custom2.rb /usr/share/metasploit/modules/auxiliary/gather

View all 4 instructions

Enjoy this project?

Share

Discussions

pierrep wrote 05/17/2014 at 09:29 point
Note that the Baidu and Lycos search need to be updated as the search engines were recently updated so there's going to be a lil' update.

  Are you sure? yes | no

pierrep wrote 05/16/2014 at 15:11 point
The project is near to be completed, it actually was completed, but since Lycos and Baidu updated their search engines these two do not work anymore. I will update it as soon as possible.

  Are you sure? yes | no

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates