CrossLinked – OSINT tool for email discovery
Share
One part of the OSINT methodology is finding information about people related to the target organization. CrossLinked is an open source tool that allows the enumeration of valid user names and email accounts in an organization.
This tool uses scraping from the different Internet search engines against the LinkedIn application. This technique provides accurate results without using API keys and without directly accessing LinkedIn.
How does it work?
In order to use this specific tool, it is necessary to have Python installed on the system, more specifically in its Pyhton3 version.
To install it, you only need to clone the tool repository with the most updated version of the code:
In this way, a folder will be created that will contain the scripts used by the tool and where the files generated with each use will be saved by default.
In order to use CrossLinked, it is necessary to be clear about what account nomenclature the target organization uses. For example, for an organization that uses the form “{f}{last name}@domain.com” for its corporate emails (the first letter of the first name and the first or second last name), it will be entered in this way in the tool.
The format used by CrossLinked can be of three types:
A basic example of use could be:
The -f option is used to specify the nomenclature, while the -o option is used to specify the name of the files to be generated.
Additionally, it is recommended that for best results you add the company name as it appears on LinkedIn immediately following the nomenclature, not the domain name. From the way:
Results
The result of the execution would be something like:
Once executed, two types of files are generated:
- .txt file that stores only the collected names.
- .csv file that stores all the information obtained (name, job title and URL of the user on LinkedIn).
Conclusion
There are several well-known OSINT tools for recognizing email accounts, such as Hunter.io, Snov.io or Harvester among others. But this tool can be used especially at the beginning of the recognition phase, since it allows reliable information to be obtained without the need for API keys or credentials for its operation.
Additionally, connecting to LinkedIn to obtain the information makes it a very reliable tool that obtains updated data, with 88% in real time and the remaining 12% in the last 29 days.
Therefore, we can consider CrossLinked as a highly recommended tool to perform this part of the recognition.
Javier Muñoz , Cybersecurity Analyst at Zerolynx.