{"id":13438500,"url":"https://github.com/initstring/linkedin2username","last_synced_at":"2025-04-08T04:13:34.677Z","repository":{"id":40649856,"uuid":"122536766","full_name":"initstring/linkedin2username","owner":"initstring","description":"OSINT Tool: Generate username lists for companies on LinkedIn","archived":false,"fork":false,"pushed_at":"2024-01-15T23:06:39.000Z","size":271,"stargazers_count":1405,"open_issues_count":2,"forks_count":190,"subscribers_count":31,"default_branch":"master","last_synced_at":"2025-04-01T03:33:05.340Z","etag":null,"topics":["hacking","osint","penetration-testing","pentesting"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/initstring.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-02-22T21:21:15.000Z","updated_at":"2025-03-31T19:27:22.000Z","dependencies_parsed_at":"2023-11-28T10:25:49.858Z","dependency_job_id":"567b6966-2e5b-481e-814c-8b139bc62036","html_url":"https://github.com/initstring/linkedin2username","commit_stats":null,"previous_names":[],"tags_count":29,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/initstring%2Flinkedin2username","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/initstring%2Flinkedin2username/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/initstring%2Flinkedin2username/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/initstring%2Flinkedin2username/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/initstring","download_url":"https://codeload.github.com/initstring/linkedin2username/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247773719,"owners_count":20993639,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacking","osint","penetration-testing","pentesting"],"created_at":"2024-07-31T03:01:06.060Z","updated_at":"2025-04-08T04:13:34.646Z","avatar_url":"https://github.com/initstring.png","language":"Python","funding_links":[],"categories":["Asset Discovery","\u003ca id=\"a76463feb91d09b3d024fae798b92be6\"\u003e\u003c/a\u003e侦察\u0026\u0026信息收集\u0026\u0026子域名发现与枚举\u0026\u0026OSINT","[↑](#contents)Email Discovery","\u003ca id=\"170048b7d8668c50681c0ab1e92c679a\"\u003e\u003c/a\u003e工具","Username Enumeration"],"sub_categories":["Email Discovery","\u003ca id=\"05ab1b75266fddafc7195f5b395e4d99\"\u003e\u003c/a\u003e未分类-OSINT"],"readme":"# linkedin2username\nOSINT Tool: Generate username lists from companies on LinkedIn.\n\nThis is a pure web-scraper, no API key required. You use your valid LinkedIn username and password to login, it will create several lists of possible username formats for all employees of a company you point it at.\n\nHere's what you get:\n- first.last.txt: Usernames like Joe.Schmoe\n- f.last.txt:     Usernames like J.Schmoe\n- flast.txt:      Usernames like JSchmoe\n- firstl.txt:     Usernames like JoeS\n- first.txt       Usernames like Joe\n- lastf.txt       Usernames like SchmoeJ\n- rawnames.txt:   Full name like Joe Schmoe\n- metadata.txt    CSV file which is full_name,occupation\n\nOptionally, the tool will append @domain.xxx to the usernames.\n\n![](drawing.jpeg)\n\n## Warnings\n\nDo not blame me if your LinkedIn account gets rate limited, or even banned. This is a security research tool - use it only after reading the code and fully understanding what it is doing.\n\nI have not heard of any account bans since the tool was written, but rate limiting does occasionally kick in when the \"commercial search limit\" is hit. That has been temporary so far (measured monthly).\n\n## Using the tool\n\n### Pre-requisites\n\nInstall the Python dependencies with `pip3 install -r ./requirements.txt`.\n\nYou'll also need Chrome, Chromium, or Firefox installed in typical paths that can be discovered by Selenium. A web browser will be spawned temporarily to handle the login.\n\n### Full usage\n```\nusage: linkedin2username.py [-h] -c COMPANY [-n DOMAIN] [-d DEPTH]\n  [-s SLEEP] [-x PROXY] [-k KEYWORDS] [-g] [-o OUTPUT]\n\nOSINT tool to generate lists of probable usernames from a given company's LinkedIn page.\nThis tool may break when LinkedIn changes their site.\nPlease open issues on GitHub to report any inconsistencies.\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -c COMPANY, --company COMPANY\n                        Company name exactly as typed in the company linkedin profile page URL.\n  -n DOMAIN, --domain DOMAIN\n                        Append a domain name to username output.\n                        [example: \"-n targetco.com\" would output jschmoe@targetco.com]\n  -d DEPTH, --depth DEPTH\n                        Search depth (how many loops of 25). If unset, will try to grab them\n                        all.\n  -s SLEEP, --sleep SLEEP\n                        Seconds to sleep between search loops. Defaults to 0.\n  -x PROXY, --proxy PROXY\n                        Proxy server to use. WARNING: WILL DISABLE SSL VERIFICATION.\n                        [example: \"-p https://localhost:8080\"]\n  -k KEYWORDS, --keywords KEYWORDS\n                        Filter results by a a list of command separated keywords.\n                        Will do a separate loop for each keyword,\n                        potentially bypassing the 1,000 record limit. \n                        [example: \"-k 'sales,human resources,information technology']\n  -g, --geoblast        Attempts to bypass the 1,000 record search limit by running\n                        multiple searches split across geographic regions.\n  -o OUTPUT, --output OUTPUT\n                        Output Directory, defaults to li2u-output\n```\n\n\n### Examples\nYou'll need to provide the tool with LinkedIn's company name. You can find that by looking at the URL for the company's page. It should look something like `https://linkedin.com/company/targetco`. It may or may not be as simple as the exact name of the company.\n\nHere's an example to pull all employees of targetco:\n\n```\n$ python linkedin2username.py -c targetco\n```\n\nHere's an example to pull a shorter list and append the domain name @targetco.com to them:\n\n```\n$ python linkedin2username.py -c targetco -d 5 -n 'targetco.com'\n```\n\n### Tips\n\nUse an account with a lot of connections, otherwise you'll get crappy results. Adding a couple connections at the target company should help - this tool will work up to third degree connections. Note that [LinkedIn will cap search results](https://www.linkedin.com/help/linkedin/answer/129/what-you-get-when-you-search-on-linkedin?lang=en) to 1000 employees max. You can use the features '--geoblast' or '--keywords' to bypass this limit. Look at help below for more details.\n\n## Toubleshooting\n\nWhen LinkedIn changes things, the tool may break. The API used here is not documented, and it may take some fiddling around to get it working again. Please open issues if you notice something weird.\n\nYou can verify Selenium works on your machine like this:\n\n```\n$ python3\n\nfrom selenium import webdriver\ndriver = webdriver.Firefox() # or webdriver.Chrome()\ndriver.get(\"https://linkedin.com/login\")\n```\n\nYou can try the `--proxy` flag to inspect traffic with Burp. Right now, it is not inspecting the logins from the Selenium browser as you can see pretty clearly what is happening there.\n\n*This is a security research tool. Use only where granted explicit permission from the network owner.*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finitstring%2Flinkedin2username","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finitstring%2Flinkedin2username","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finitstring%2Flinkedin2username/lists"}