Hey all, I was messing with something today and remembered episode 129 had a segment on using a target company's website to generate passwords. I tried it out and with a bit tweaking it worked great. But I also wanted a username list that was targeted for the company. I took a twist on creating passwords and did some queries on Google such as "site:linkedin.com CompanyName". In my case, I found 26 pages of search results containing almost nothing but people's full names.
I found a python script that pdp at gnucitizen had written to pull google search results. I did some hacking on it and came up with a script to create a list of usernames using the targeted search results. It creates the basic variations of first initial, last name and firstname, last initial. I'm not a python scripter, so if you have any suggestions on improvements please let me know. I've got it dialed down to only take the first page's results. You can download it at http://www.jwnetworkconsulting.com/downloads/usernameGen.txt The only real defense I can think of against this is to make sure usernames at your organization are not based on their names. I know from experience that people will absolutely HATE it, but it would work. Any how, hopefully this is useful to someone else. Jason
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
