Jan 26, 2021 by Alexandre Croix | 7522 views
This blog post will talk about email addresses.
Searching by the real name of your target can be very frustrating if its name is very common. It is easy to get lost in the results. There may a lot of John Doe but only one email@example.com. Another important point, email addresses ARE usernames on many websites. By knowing an email address you can discover other systems the target may use.
Usually, company e-mail follows a pattern. Patterns might be:
Another method to find the pattern used in a specific company is to use some tools like Hunter.io or Email format. These websites allow us to perform research on domain names to find email addresses used somewhere on the Internet.
Hunter.io has 3,428 addresses for the domain apple.com. It informs us the most common pattern is firstname.lastname@example.org. If you create an account, you will be able to see the complete addresses.
This feature allows an analyst to find the address of his target easily.
Of course, it is possible to find a personal address with hunter.io but is not something that occurs very often. A good tool to find information about personal addresses is the Email reputation tool.
This free tool provides a lot of good information about a specific email address.
On the example, we can see a Reddit, Linkedin, Instagram, Github,... accounts liked to this mail address.
Sometimes, it is necessary to check if an address is valid (or still used) but you are not able to find any information about it. In this case, you can use an Email-verifier. The Mailtester Ninja is a good example. The tool accepts a specific address or a bulk of several addresses and tests all of them to find valid ones.
The above figure shows an example with the domain name cylab.be. The tool is able to find a valid address from all first-name/last-name combinations.
In this blog post, we present a quick OSINT overview of email addresses. It is obviously possible to go deeper and find other information with different tools (leaked database for example), but the goal of these OSINT posts is to provide a small introduction on this very interesting field.
We will continue next weeks with other OSINT subjects!
This blog post is licensed under CC BY-SA 4.0