Collecting valid e-mail accounts
Valid e-mail accounts are very handy to penetration testers since they can be used for exploiting trust relationships in phishing attacks, brute-force password auditing to mail servers, and as usernames in many IT systems.
This recipe illustrates how to get a list of valid public e-mail accounts by using Nmap.
http-google-email is not included in Nmap's official repository. So you need to download it from http://seclists.org/nmap-dev/2011/q3/att-401/http-google-email.nse and copy it to your local scripts directory. After copying
http-google-email.nse, you should update the script database with:
How to do it...
Open your favorite terminal and type:
$nmap -p80 --script ...