Discovering Email Addresses

Email Address Discovery

CrossLinked

URL: https://github.com/m8sec/CrossLinked

CrossLinked is a LinkedIn enumeration tool that uses search engine scraping to collect valid employee names from an organization. This technique provides accurate results without the use of API keys, credentials, or accessing LinkedIn directly!

# Usage, Company name must be as appears on LinkedIn

# Format email addresses
crosslinked -f '{first}.{last}@domain.com' 'company_name'
# Format with firstname as a single letter
crosslinked -f '{f}.{last}@domain.com' 'company_name'

# Format as a domain account
crosslinked -f 'DOMAIN\{first}{l}' 'company_name'

Hunter.io

URL: https://hunter.io/

Hunter.io is an web service that is used for finding email addresses and contacts from businesses. The most common option is to perform a domain search.

Hunter.io will return all found addresses and sources for the address for the searched domain. Hunter.io will also present the most common email pattern for the domain in question as shown below.

This can also be used to filter between generic email addresses such as info@microsoft.com and personal addresses such as EricHolk@microsoft.com (As shown above).

The results can also be further filtered by department such as HR or Management as shown above.

Look at an individual results we are able to expanded the sources to see where Hunter.io pulled this information from.

Confirmed valid addresses are marked with a tick and green shield icon. However, it is also possible to perform manual verification on an address to see if it really exists using Hunter.io

The manual verification method will attempt to verify the mail address by querying the MX records for that domain.

Phonebook.cz

URL: https://phonebook.cz/

Phonebook.cz can be used to search email addresses, domains and URLs contained within breaches.

The results will link back to IntelligenceX which gives a small insight into which breaches the search string has occurred in.

URL: https://intelx.io/

IntelligenceX also provides an insight into what type of data has been exposed by breaches for the account in question. The results have been redacted below, as they contain plain text passwords for the related email accounts.

The full results for the raw data dumps are not available without a paid account. However, it is likely these are available online elsewhere.

Address Verification

Email-Checker.net

URL: https://email-checker.net/validate

Email-Checker.net can be used to test for valid email accounts.

Hunter.io

URL: https://hunter.io/email-verifier

Hunter.io can also be used to verify if an email address is valid.

Resources

Hunter.io: https://hunter.io/

Phonebook.cz: https://phonebook.cz/

VoilaNorbert: https://www.voilanorbert.com/

Email Hippo: https://tools.verifyemailaddress.io/

Email Checker: https://email-checker.net/validate