Early in 2018 I wrote a blog about InSpy. InSpy is a great reconnaissance tool that gathers usernames from LinkedIn. My first blog can be found here.
A few months ago, a co-worker mentioned to me that InSpy was now requiring an API key. I found out that the updated version did in fact require an API key. The version that I initially used was 2.0.2 and the updated version is 3.0.1. Up until the other day, I have just used the old version of InSpy on my engagements. It has been working and I haven’t had any problems. Figuring out the latest version has been on my ToDo list, and I finally got to it.
My initial reaction to this was incredulity. Why break something that was working? I figured that someone was trying to capitalize on a great product, trying to get some money from writing a very effective script. However, upon further review, I shouldn’t have been so negative. The changes made are awesome, and I was completely wrong.
First, let’s go through the requirements. It turns out that the only change to use InSpy is that you need a HunterIO API key. HunterIO is another tool that I use on just about every engagement. It has great recon information, and almost always finds the email pattern for a given company as well as returning multiple email addresses. Using HunterIO does require a login, but I only use the “Free” version, so my access does not require me to pay any money. There are benefits to paying for their service, but I haven’t done so yet.
The only thing that you need to do to sign in with hunter.io is an email address.
Once you are logged in, you can get access to your API key.
Now that we have the API key, let’s see what we need to do with it. On the instructions with InSpy, it says we need to put the API key on line 29 of the script. Open up the script with your favorite text editor in Linux and find line 29. It looks something like this.
Put the API key in between the quotes and save the script.
Running the script is a little different between version 2 and version 3. The following is the command used for employees of Black Hills using version 2.0.2.
The following is the script and output from version 3.0.1.
The CSV output is very similar. However, on the output from version 3, there is a third column that contains the email addresses. Again, this is a handy feature.
I really like the updates to InSpy. I was wary at first, but after taking the time to input my already available API key, InSpy is more useful than before. If you have been using the older version, it is definitely worth the update!
Enjoy this post? Share with your Twitter followers:
For Penetration Testing, Security Assessments, Red Team Engagements, and Threat Hunting: Contact Us!
Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts.