{"id":15116238,"url":"https://github.com/infobyte/emploleaks","last_synced_at":"2025-05-15T13:08:53.732Z","repository":{"id":174326753,"uuid":"630931997","full_name":"infobyte/emploleaks","owner":"infobyte","description":"An OSINT tool that helps detect members of a company with leaked credentials","archived":false,"fork":false,"pushed_at":"2025-02-18T19:10:54.000Z","size":219,"stargazers_count":584,"open_issues_count":10,"forks_count":44,"subscribers_count":10,"default_branch":"main","last_synced_at":"2025-04-08T04:09:21.092Z","etag":null,"topics":["bugbounty","cybersecurity","leaked-secrets","osint","pentesting","redteam"],"latest_commit_sha":null,"homepage":"https://fardadaysec.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/infobyte.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-04-21T13:48:42.000Z","updated_at":"2025-04-04T17:27:03.000Z","dependencies_parsed_at":"2024-11-09T16:21:29.237Z","dependency_job_id":"a8f3d3cf-61f7-4cc3-809a-93b135255a5b","html_url":"https://github.com/infobyte/emploleaks","commit_stats":null,"previous_names":["infobyte/bh_tool","infobyte/emploleaks"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infobyte%2Femploleaks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infobyte%2Femploleaks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infobyte%2Femploleaks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infobyte%2Femploleaks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/infobyte","download_url":"https://codeload.github.com/infobyte/emploleaks/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254346625,"owners_count":22055808,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","cybersecurity","leaked-secrets","osint","pentesting","redteam"],"created_at":"2024-09-26T01:44:14.793Z","updated_at":"2025-05-15T13:08:48.724Z","avatar_url":"https://github.com/infobyte.png","language":"Python","funding_links":[],"categories":["Python","pentesting"],"sub_categories":[],"readme":"# πŸ”Ž EmploLeaks\n\nThis is a tool designed for Open Source Intelligence (OSINT) purposes, which helps to gather information about employees of a company.\n\n## πŸš€ How it Works\n\nThe tool starts by searching through LinkedIn to obtain a list of employees of the company. Then, it looks for their social network profiles to find their personal email addresses. Finally, it uses those email addresses to search through a custom COMB database to retrieve leaked passwords. You an easily add yours and connect to through the tool.\n\n## πŸ’» Installation\n\nTo use this tool, you'll need to have Python 3.10 installed on your machine. Clone this repository to your local machine and install the required dependencies using pip in the *cli* folder:\n\n```\ncd cli\npip install -r requirements.txt\n```\n\n### OSX\nWe know that there is a problem when installing the tool due to the *psycopg2* binary. If you run into this problem, you can solve it running:\n\n```\ncd cli\npython3 -m pip install psycopg2-binary`\n```\n\n## πŸ“ˆ Basic Usage\n\nTo use the tool, simply run the following command:\n\npython3 cli/emploleaks.py\n\nIf everything went well during the installation, you will be able to start using EmploLeaks:\n\n```\n___________ .__ .__ __\n\\_ _____/ _____ ______ | | ____ | | ____ _____ | | __ ______\n | __)_ / \\____ \\| | / _ \\| | _/ __ \\__ \\ | |/ / / ___/\n | \\ Y Y \\ |_\u003e \u003e |_( \u003c_\u003e ) |_\\ ___/ / __ \\| \u003c \\___ \\\n/_______ /__|_| / __/|____/\\____/|____/\\___ \u003e____ /__|_ \\/____ \u003e\n \\/ \\/|__| \\/ \\/ \\/ \\/\n\nOSINT tool πŸ•΅ to chain multiple apis\nemploleaks\u003e\n```\n\nRight now, the tool supports two functionalities:\n - Linkedin, for searching all employees from a company and get their personal emails.\n - A GitLab extension, which is capable of finding personal code repositories from the employees.\n - If defined and connected, when the tool is gathering employees profiles, a search to a COMB database will be made in order to retrieve leaked passwords.\n\n\n### Retrieving Linkedin Profiles\n\nFirst, you must set the plugin to use, which in this case is *linkedin*. After, you should set your authentication tokens and the run the *impersonate* process:\n\n```\nemploleaks\u003e use --plugin linkedin\nemploleaks(linkedin)\u003e setopt JSESSIONID\nJSESSIONID: \n[+] Updating value successfull\nemploleaks(linkedin)\u003e setopt li-at\nli-at: \n[+] Updating value successfull\nemploleaks(linkedin)\u003e show options\nModule options:\n\nName Current Setting Required Description\n---------- ----------------------------------- ---------- -----------------------------------\nhide yes no hide the JSESSIONID field\nJSESSIONID ************************** no active cookie session in browser #1\nli-at AQEDAQ74B0YEUS-_AAABilIFFBsAAAGKdhG no active cookie session in browser #1\n YG00AxGP34jz1bRrgAcxkXm9RPNeYIAXz3M\n cycrQm5FB6lJ-Tezn8GGAsnl_GRpEANRdPI\n lWTRJJGF9vbv5yZHKOeze_WCHoOpe4ylvET\n kyCyfN58SNNH\nemploleaks(linkedin)\u003e run impersonate\n[+] Using cookies from the browser\nSetting for first time JSESSIONID\nSetting for first time li_at\n```\n\nli\\_at and JSESSIONID are the authentication cookies of your LinkedIn session on the browser. You can use the Web Developer Tools to get it, just sign-in normally at LinkedIn and press right click and Inspect, those cookies will be in the Storage tab.\n\nNow that the module is configured, you can run it and start gathering information from the company:\n\n```\nemploleaks(linkedin)\u003e run find EvilCorp\nβ ™ Gathering Information[+] Added 1 new names.\nπŸ’» Listing profiles:\n 0: \n\tfull name: Joaquin Rodriguez Viruliento\n\tprofile name: joaquinrodriguezviruliento\n\toccupation: Security Researcher at EvilCorp\n\tpublic identifier: joaquinrodriguezviruliento\n\turn: urn:li:member:15736913\nβœ” Getting and processing contact info of \"Joaquin Rodriguez Viruliento\"\n\tContact info:\n\t\twebsite 0. http://www.evilcorp.com\n\t\ttwitter 0. limpiamicerca\n\nβœ” Done\n\n```\n\n### Get Linkedin accounts + Leaked Passwords\n\nWe created a custom *workflow*, where with the information retrieved by Linkedin, we try to match employees' personal emails to potential leaked passwords. In this case, you can connect to a database (in our case we have a custom indexed COMB database) using the *connect* command, as it is shown below:\n\n```\nemploleaks(linkedin)\u003e connect --user myuser --passwd mypass123 --dbname mydbname --host 1.2.3.4\n[+] Connecting to the Leak Database...\n[*] version: PostgreSQL 12.15\n```\n\nOnce it's connected, you can run the *workflow*. With all the users gathered, the tool will try to search in the database if a leaked credential is affecting someone:\n\n```\nemploleaks(linkedin)\u003e run_pyscript workflows/check_leaked_passwords.py EvilCorp\n[-] Failing login... trying again!\n[-] Failing login... trying again!\n[+] Connected to the LinkedIn api successfull\nThe following command could take a couple of minutes, be patient\n Listing profiles:\nβœ” Getting and processing contact info of \"seΓ±or girafales\"\nβœ” Getting and processing contact info of \"kiko\"\nβœ” Getting and processing contact info of \"el chavo del 8\"\n[...]\n[+] Password for \"seΓ±or girafales\" exists\n[*] Email: girafales@gmail.com\n+------------------+\n| passwords leaked |\n+------------------+\n| laFQqAOSL69 |\n+------------------+\n```\n\nAs a conclusion, the tool will generate a console output with the following information:\n\n- A list of employees of the company (obtained from LinkedIn)\n- The social network profiles associated with each employee (obtained from email address)\n- A list of leaked passwords associated with each email address.\n\n## πŸ“° How to build the indexed COMB database\n\nAn imortant aspect of this project is the use of the indexed COMB database, to build your version you need to [download the torrent first](comb.torrent). Be careful, because the files and the indexed version downloaded requires, at least, 400 GB of disk space available.\n\nOnce the torrent has been completelly downloaded you will get a file folder as following:\n\n```\nβ”œβ”€β”€ count_total.sh\nβ”œβ”€β”€ data\nβ”‚ β”œβ”€β”€ 0\nβ”‚ β”œβ”€β”€ 1\nβ”‚ β”‚ β”œβ”€β”€ 0\nβ”‚ β”‚ β”œβ”€β”€ 1\nβ”‚ β”‚ β”œβ”€β”€ 2\nβ”‚ β”‚ β”œβ”€β”€ 3\nβ”‚ β”‚ β”œβ”€β”€ 4\nβ”‚ β”‚ β”œβ”€β”€ 5\nβ”‚ β”‚ β”œβ”€β”€ 6\nβ”‚ β”‚ β”œβ”€β”€ 7\nβ”‚ β”‚ β”œβ”€β”€ 8\nβ”‚ β”‚ β”œβ”€β”€ 9\nβ”‚ β”‚ β”œβ”€β”€ a\nβ”‚ β”‚ β”œβ”€β”€ b\nβ”‚ β”‚ β”œβ”€β”€ c\nβ”‚ β”‚ β”œβ”€β”€ d\nβ”‚ β”‚ β”œβ”€β”€ e\nβ”‚ β”‚ β”œβ”€β”€ f\nβ”‚ β”‚ β”œβ”€β”€ g\nβ”‚ β”‚ β”œβ”€β”€ h\nβ”‚ β”‚ β”œβ”€β”€ i\nβ”‚ β”‚ β”œβ”€β”€ j\nβ”‚ β”‚ β”œβ”€β”€ k\nβ”‚ β”‚ β”œβ”€β”€ l\nβ”‚ β”‚ β”œβ”€β”€ m\nβ”‚ β”‚ β”œβ”€β”€ n\nβ”‚ β”‚ β”œβ”€β”€ o\nβ”‚ β”‚ β”œβ”€β”€ p\nβ”‚ β”‚ β”œβ”€β”€ q\nβ”‚ β”‚ β”œβ”€β”€ r\nβ”‚ β”‚ β”œβ”€β”€ s\nβ”‚ β”‚ β”œβ”€β”€ symbols\nβ”‚ β”‚ β”œβ”€β”€ t\n```\n\nAt this point, you could import all those files with the command `create_db`:\n\n```\nemploleaks\u003e create_db --dbname leakdb --user leakdb_user --passwd leakdb_pass --comb /home/pasta/Downloads/comb\n[*] The full database occups more than 200 GB, take this in account\n[*] Creating the database\nERROR: database \"leakdb\" already exists\nERROR: role \"leakdb_user\" already exists \nALTER ROLE\nALTER DATABASE\nGRANT\nALTER SYSTEM\nALTER SYSTEM\nALTER SYSTEM\nALTER SYSTEM\nALTER SYSTEM\nALTER SYSTEM\nALTER SYSTEM\nALTER SYSTEM\nALTER SYSTEM\nALTER SYSTEM\n[+] Connecting to the Leak Database...\n[+] Importing from /home/pasta/Downloads/comb/data/1/m\n[+] Importing from /home/pasta/Downloads/comb/data/1/d\n[+] Importing from /home/pasta/Downloads/comb/data/1/v\n[+] Importing from /home/pasta/Downloads/comb/data/1/0\n[+] Importing from /home/pasta/Downloads/comb/data/1/8\n[+] Importing from /home/pasta/Downloads/comb/data/1/u\n[+] Importing from /home/pasta/Downloads/comb/data/1/k\n[+] Importing from /home/pasta/Downloads/comb/data/1/r\n[+] Importing from /home/pasta/Downloads/comb/data/1/7\n[+] Importing from /home/pasta/Downloads/comb/data/1/h\n[+] Importing from /home/pasta/Downloads/comb/data/1/o\n[+] Importing from /home/pasta/Downloads/comb/data/1/t\n[+] Importing from /home/pasta/Downloads/comb/data/1/f\n[+] Importing from /home/pasta/Downloads/comb/data/1/n\n[+] Importing from /home/pasta/Downloads/comb/data/1/symbols\n[+] Importing from /home/pasta/Downloads/comb/data/1/g\n[+] Importing from /home/pasta/Downloads/comb/data/1/q\n[+] Importing from /home/pasta/Downloads/comb/data/1/a\n[+] Importing from /home/pasta/Downloads/comb/data/1/e\n[+] Importing from /home/pasta/Downloads/comb/data/1/l \n[+] Importing from /home/pasta/Downloads/comb/data/1/y \n[+] Importing from /home/pasta/Downloads/comb/data/1/s \n[+] Importing from /home/pasta/Downloads/comb/data/1/3 \n[+] Importing from /home/pasta/Downloads/comb/data/1/6 \n[*] Creating index... \n```\n\nThe importer takes a lot of time for that reason we recommend to run it with patience.\n\n## πŸ“Œ Next Steps\n\nWe are integrating other public sites and applications that may offer about a leaked credential. We may not be able to see the plaintext password, but it will give an insight if the user has any compromised credential:\n \n - Integration with Have I Been Pwned?\n - Integration with Firefox Monitor\n - Integration with Leak Check\n - Integration with BreachAlarm\n\n Also, we will be focusing on gathering even more information from public sources of every employee. Do you have any idea in mind? Don't hesitate to reach us:\n\n - Javi Aguinaga: jaguinaga@faradaysec.com\n - Gabi Franco: gabrielf@faradaysec.com\n\n Or you con DM at [@pastacls](https://twitter.com/pastacls) or [@gaaabifranco](https://twitter.com/gaaabifranco) on Twitter.\n\n## πŸ“ License\n\nThis tool is licensed under the MIT License. See the `LICENSE` file for more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfobyte%2Femploleaks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finfobyte%2Femploleaks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfobyte%2Femploleaks/lists"}