I Spy with InSpy

Darin Roberts//

Do you ever find yourself on an engagement and need just a few more names with which to conduct a password spray? Everyone knows the more emails you have, the higher chance of getting in with one of the easy to guess (and often used) passwords. InSpy is a great way to get some names to convert to emails. InSpy is authored by Johnathan Broche and was last updated August 24, 2018.

The following is from https://github.com/gojhonny/InSpy:

InSpy is a python based LinkedIn enumeration tool. Inspy has two functionalities: TechSpy and EmpSpy.

  • TechSpy – Crawls LinkedIn job listings for technologies used by the provided company. InSpy attempts to identify technologies by matching job descriptions to keywords from a new line delimited file.
  • EmpSpy – Crawls LinkedIn for employees working at the provided company. InSpy searches for employees by title and/or departments from a new line delimited file. InSpy may also create emails for the identified employees if the user specifies an email format.

Installing and running InSpy is pretty straightforward. First clone the repository.

And then install.

Running InSpy is pretty easy as well. You need to provide the company name and then a wordlist to use. InSpy has 2 built in wordlists, a large list and a small list. Note that the large list does not contain words from the small list. If you want to use the built-in lists, I recommend running the command twice, once with the large list and once with the small list. You will get different results.

Large list output:

Small list output:

When I first ran this during a test, I gathered almost 200 additional names. I noticed there was a “Timed out” warning. I ran the command a second time and got a different number of names returned. I am unsure as to why this happened. However, in preparing for the blog, the same thing happened.

You can see that at different times, I got different results. Running the command multiple times might yield a larger return.

Another option is to have InSpy create the list of emails for you. This can save a step as you don’t have to modify the outfile after you get the list of names.

Speaking of the outfile, you can have the output be in CSV, HTML, or JSON format. For my work, .csv is just fine.

Overall, InSpy v3.0 is another useful recon tool.

Ready to learn more?

Level up your skills with affordable classes from Antisyphon!

Pay-What-You-Can Training

Available live/virtual and on-demand