,
Inthis digital age, privacy and security are critical concerns for everyone, especially professionals who use social networking platforms, like LinkedIn to build their professional network or advance their careers. Besides, the rise of online threats and data breaches has made it more challenging to keep our personal and professional information secure. Therefore, it is essential to understand the potential risks and take necessary precautions to protect our data.
One way to ensure our security on LinkedIn is by using Open-Source Intelligence (OSINT) tools. These tools allow us to collect and analyze information about ourselves and others on LinkedIn, helping us identify potential security risks and take appropriate actions.
OSINT tools collect information from publicly available sources, such as social media profiles, news articles, and government records. Using these tools, we can monitor our online presence and detect any suspicious activity related to our LinkedIn profile. Also, we can use these tools to investigate potential connections or job opportunities on LinkedIn to ensure that they are legitimate.
- Overall, using OSINT tools is an effective way to maintain our privacy and security on LinkedIn. We can protect our personal and professional information from cyber threats by staying vigilant and taking necessary precautions.
When conducting OSINT searches or investigations, starting with the most essential steps is advisable. If you have an email address or telephone number to locate an account, you should first head to the main login page of the website or app. This simple method is often overlooked or not mentioned in OSINT-related blogs and websites, but it can be beneficial.
In the past, it was possible to use the password reset page to locate an account. However, things have changed now. If you attempt to use the password reset page instead of the main login page on social media platforms or apps, the target will be alerted if you match the contact on the password reset page but not the login page. This is especially true if you mistype the password. Therefore, sticking to the main login page for your searches is best.
Aside from relying on Google to find contacts or conducting an OSINT (Open-Source Intelligence) search, we can also use G-Dork or other search engines to gather information from LinkedIn without needing to log in. Another advantage of using search engines to conduct OSINT on LinkedIn is viewing specific pages and browsing LinkedIn from the search engine results page. Some examples are below:
site: http://linkedin.com/in/name surname
site: http://linkedin.com/in/company
Above are only a few, but in case you snoop about below, here is a cheat sheet along my G-Dork Post for more info.
Credits:
https://gist.github.com/sundowndev/283efaddbcf896ab405488330d1bbc06
- https://cybertrainer.uk/wp-content/uploads/2021/10/google-dork-cheatsheet.pdf
- https://www.exploit-db.com/google-hacking-database
Togather more information about a target, it can be helpful to use tools like Google Images, Flickr Image Search, or TinEye to perform a reverse image search on their profile pictures or any other pictures where their face is visible. This can unearth any other images of the target online, providing valuable insights into their interests, hobbies, and social circles.
In addition to image searches, it’s also a good idea to check the target’s main profile page for any contact information they may have provided. If contact information is not available there, their CV may include it. This can help you further your research and contact the target.
While many other types of data can be checked, these are the main points to focus on when researching a target. Additionally, there are various GitHub tools available that can aid in this process. By utilizing these resources, you can gather a wealth of information about your target and better understand their online presence.
Also, OSINT Linkedin Attack Surface is another key reference when digging for data.
Some GitHub Tools
Linkedin-profile-scraper-api
Linkedin-profile-scraper-api is a tool that scrapes LinkedIn profiles and returns structured data in JSON format. It was developed by Josephlimtech using Puppeteer, a headless browser.
This scraper extracts publicly available data from LinkedIn profiles, including:
- Profile: name, title, location, picture, description, and URL
- Experiences: title, company name, location, duration, start date, end date, and description
- Education: school name, degree name, start date, and end date
- Volunteer experiences: title, company, description, start date, and end date
- Skills: name and endorsement count
The scraper needs a session cookie from a logged-in LinkedIn account for operation. The repository provides instructions for obtaining this cookie and setting up the scraper.
Kindly note that this tool must be used responsibly according to LinkedIn’s terms of service. Any misuse could result in your LinkedIn account being restricted or permanently banned.
Please always respect the privacy and personal data of others.
- If you encounter issues while using the tool, please report them on the repository’s issues page. It’s essential to exercise caution when dealing with third-party apps and your main profile. To avoid any potential harm, creating a dummy account for testing or investigating is better than using your own.
Linkedin-Learning-Courses-Downloader
Linkedin-Learning-Courses-Downloader by Ahmedayman is designed to download LinkedIn Learning courses in your preferred video quality. It provides a simple and easy-to-use GUI for Windows. The features of this tool include:
- Downloading in the video quality you like (720p, 540p, or 360p)
- Automatic download of exercise files and subtitles
- Ability to download multiple courses at a time
- Automated extraction of LinkedIn Learning login token from Chrome, Firefox, or Microsoft Edge
In terms of Open Source Intelligence (OSINT), this tool could be used to gather educational content from LinkedIn Learning for analysis. For instance, an OSINT analyst could use this tool to download courses related to a specific topic and then analyze the course content to gain insights into the current trends, techniques, or skills being taught in that field.
However, it’s important to note that any use of this tool should comply with LinkedIn’s terms of service and respect copyright laws. Misuse could lead to restrictions or bans on your LinkedIn account.
Please remember that this tool is intended for personal use to download content for offline viewing and should not be used to infringe upon the rights of the content creators or LinkedIn.
Always use such tools responsibly and ethically.
LinkedIn-Email-Scraper
The `LinkedIn-Email-Scraper` is a powerful Python script developed by `TufayelLUS` that can extract public email addresses from LinkedIn profiles. By accessing publicly available data, this tool can collect the email addresses of individuals for analysis.
You’ll need to install Python and the `requests` module on your system to use this tool. To access private profiles, you’ll also need a LinkedIn account. Once these requirements are sorted, you can import the `linkedin.py` class file or modify it according to your needs. You can also refer to the `demo.py` file for usage reference.
This tool is designed for Open Source Intelligence (OSINT) purposes. For example, an OSINT analyst could use it to gather email addresses from LinkedIn profiles of people working in a specific industry or for a particular company. This data can then be analyzed to gain critical insights into the industry or company.
Linkedin-data-extractor
The `LinkedIn-data-extractor` GitHub repository by `alokm014` is a Python script that extracts email, name, and other target data from the user’s description using Python & Selenium. The tool automates the browser and scrapes LinkedIn profiles. Here’s a summary of how it works:
- You’ll need Python and the `requests` module.
- To access private profiles, you must have a LinkedIn account.
- You can refer to `LinkedIn_Email_Extractor.ipynb` for usage reference. You can modify it as per your requirements.
- You can import the `linkedin.py` class file or modify it to meet your needs. To use this tool, you can create an instance of the LinkedIn class and call the `single-scan` method with the profile URL you want to scrape.
Linkedin-Crawler-Bot
The LinkedIn-Crawler-Bot is a Python-based tool created by Akash Bhuiyan aimed at crawling LinkedIn, a famous professional networking platform. Although the specifics of this bot’s functionalities need to be explained in the search results, it is known that LinkedIn crawlers extract data from LinkedIn profiles or public directories.
This tool can be used for Open Source Intelligence (OSINT) purposes, as it can collect publicly available information from LinkedIn, such as job titles, employment history, education, skills, and more from individual profiles or visitor data from public directories. This information can be helpful in various OSINT applications, including recruitment, market research, and competitive analysis.
For instance, it can help identify potential job candidates based on their skills and experience, understand market trends, or gather company information, such as size, industry, and employee roles.
An extra that might help…
RecruitEm
RecruitEm ( RE ) is a powerful and free tool that you can use to search for people on LinkedIn and other social networks. With RE, you can perform X-ray searches on various platforms, including Google, to find publicly available LinkedIn and social network profiles.
To use RE, select the social network you want to search and type in relevant keywords in each field. The tool will then create a basic boolean string that searches for publicly available web pages using Google. You can use boolean operators like AND, OR, etc., to refine your search and get more targeted results.
Once you find the profiles you need, you can edit the boolean string in the search box to refine your results further. RecruitEm is perfect for recruiters and researchers who want to find people on social networks based on specific criteria. It’s a handy tool that can help you save time and effort when searching for people on social networks & and for OSINT purposes.
In conclusion
LinkedIn’s Open Source Intelligence (OSINT) & related tools can be beneficial in safeguarding the privacy and security of our accounts on the platform. By effectively making use of the various websites and GitHub tools that are available, we can gather valuable information regarding our account activity, connections, and engagement. This information can then be analyzed to identify any potential security threats and take necessary actions to prevent them.
For instance, the LinkedIn Advanced Search feature can filter search results based on various criteria such as industry, location, and keywords. This can help us find and connect with relevant professionals while ensuring our profile is visible only to those who matter.
Similarly, the LinkedIn Sales Navigator can be used to gain insights into our target audience and identify potential leads. By tracking their activity on the platform, we can create a personalized approach to engage with them and build a meaningful relationship.
The GitHub tools, such as the LinkedIn2Username script and the LinkedIn Scraper, can gather additional information about our contacts, including their usernames, email addresses, and other relevant details. This can help us verify their identity and ensure we communicate with the right person.
By using these tools and taking necessary actions to maintain the privacy and security of our accounts, we can effectively protect our personal and professional information from potential threats.
Stay Tuned for more & Share 4 all!
Links Rewrap
https://www.osintdojo.com/diagrams/linkedin
https://www.osintme.com/index.php/2020/04/26/how-to-conduct-osint-on-linkedin
https://github.com/josephlimtech/linkedin-profile-scraper-api
https://github.com/ahmedayman4a/Linkedin-Learning-Courses-Downloader
https://github.com/TufayelLUS/LinkedIn-Email-Scraper
https://github.com/alokm014/linkedin-data-extractor
https://github.com/AkashBhuiyan/Linkedin-Crawler-Bot
https://gist.github.com/sundowndev/283efaddbcf896ab405488330d1bbc06
https://cybertrainer.uk/wp-content/uploads/2021/10/google-dork-cheatsheet.pdf
https://www.exploit-db.com/google-hacking-database
https://0x00sec.org/t/osint-0x02-linkedin-is-not-just-for-jobs/6774
https://www.osintdojo.com/diagrams/linkedin
https://www.osintme.com/index.php/2020/04/26/how-to-conduct-osint-on-linkedin
https://images.google.com
https://www.flickr.com/search
https://tineye.com
https://github.com/josephlimtech/linkedin-profile-scraper-api
https://github.com/ahmedayman4a/Linkedin-Learning-Courses-Downloader
https://github.com/TufayelLUS/LinkedIn-Email-Scraper
https://github.com/alokm014/linkedin-data-extractor
https://github.com/AkashBhuiyan/Linkedin-Crawler-Bot
https://gist.github.com/sundowndev/283efaddbcf896ab405488330d1bbc06
https://cybertrainer.uk/wp-content/uploads/2021/10/google-dork-cheatsheet.pdf
https://www.exploit-db.com/google-hacking-database
https://0x00sec.org/t/osint-0x02-linkedin-is-not-just-for-jobs/6774
Comments
Post a Comment