Collecting valid e-mail accounts

Valid e-mail accounts are very handy to penetration testers since they can be used for exploiting trust relationships in phishing attacks, brute-force password auditing to mail servers, and as usernames in many IT systems.

This recipe illustrates how to get a list of valid public e-mail accounts by using Nmap.

Getting ready

The script http-google-email is not included in Nmap's official repository. So you need to download it from http://seclists.org/nmap-dev/2011/q3/att-401/http-google-email.nse and copy it to your local scripts directory. After copying http-google-email.nse, you should update the script database with:

#nmap --script-updatedb

How to do it...

Open your favorite terminal and type:

$nmap -p80 --script ...

Get Nmap 6: Network Exploration and Security Auditing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.