Discovering valid e-mail accounts using Google Search

Finding valid e-mail accounts is an important task during a penetration test. E-mail accounts are often used as usernames in some systems and web applications. Attackers often target the highly sensitive information that is stored in them.

This recipe shows you how to use Nmap to discover valid e-mail accounts that could be used as usernames in some web applications or during brute force password auditing, to find weak credentials.

Getting ready

For this task we need an NSE script that is not distributed with Nmap officially. Download the NSE script http-google-search.nse from http://seclists.org/nmap-dev/2011/q3/att-401/http-google-email.nse.

Update your NSE script database by executing the following ...

Get Nmap 6: Network Exploration and Security Auditing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Nmap 6: Network Exploration and Security Auditing Cookbook by Paulino Calderon Pale

Discovering valid e-mail accounts using Google Search

Getting ready

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly