Normal view

There are new articles available, click to refresh the page.
Yesterday β€” 7 June 2023KitPloit - PenTest & Hacking Tools

LinkedInDumper - Tool To Dump Company Employees From LinkedIn API

Python 3 script to dump company employees from LinkedIn APIο’¬


LinkedInDumper is a Python 3 script that dumps employee data from the LinkedIn social networking platform.

The results contain firstname, lastname, position (title), location and a user's profile link. Only 2 API calls are required to retrieve all employees if the company does not have more than 10 employees. Otherwise, we have to paginate through the API results. With the --email-format CLI flag one can define a Python string format to auto generate email addresses based on the retrieved first and last name.


LinkedInDumper talks with the unofficial LinkedIn Voyager API, which requires authentication. Therefore, you must have a valid LinkedIn user account. To keep it simple, LinkedInDumper just expects a cookie value provided by you. Doing it this way, even 2FA protected accounts are supported. Furthermore, you are tasked to provide a LinkedIn company URL to dump employees from.

Retrieving LinkedIn Cookie

  1. Sign into www.linkedin.com and retrieve your li_at session cookie value e.g. via developer tools
  2. Specify the cookie value either persistently in the python script's variable li_at or temporarily during runtime via the CLI flag --cookie

Retrieving LinkedIn Company URL

  1. Search your target company on Google Search or directly on LinkedIn
  2. The LinkedIn company URL should look something like this: https://www.linkedin.com/company/apple


usage: linkedindumper.py [-h] --url <linkedin-url> [--cookie <cookie>] [--quiet] [--include-private-profiles] [--email-format EMAIL_FORMAT]

-h, --help show this help message and exit
--url <linkedin-url> A LinkedIn company url - https://www.linkedin.com/company/<company>
--cookie <cookie> LinkedIn 'li_at' session cookie
--quiet Show employee results only
Show private accounts too
--email-format Python string format for emails; for example:
[1] [email protected] > '{0}.{1}@example.com'
[2] [email protected] > '{0[0]}.{1}@example.com'
[3] [email protected] > '{0[0]}{1}@example.com'
[4] [email protected] > '{1}@example.com'
[5] [email protected] > '{0}@example.com'
[6] [email protected] > '{0[0]}{1[0]}@example.com'

Example 1 - Docker Run

docker run --rm l4rm4nd/linkedindumper:latest --url 'https://www.linkedin.com/company/apple' --cookie <cookie> --email-format '{0}.{1}@apple.de'

Example 2 - Native Python

# install dependencies
pip install -r requirements.txt

python3 linkedindumper.py --url 'https://www.linkedin.com/company/apple' --cookie <cookie> --email-format '{0}.{1}@apple.de'


The script will return employee data as semi-colon separated values (like CSV):

 β–ˆβ–ˆβ–“     β–ˆβ–ˆβ–“ β–ˆβ–ˆβ–ˆβ–„    β–ˆ  β–ˆβ–ˆ β–„β–ˆβ–€β–“β–ˆβ–ˆβ–ˆβ–ˆβ–ˆ β–“β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–„  β–ˆβ–ˆβ–“ β–ˆβ–ˆβ–ˆβ–„    β–ˆ β–“β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–„  β–ˆ    β–ˆβ–ˆ  β–ˆβ–ˆβ–ˆβ–„ β–„β–ˆβ–ˆβ–ˆβ–“ β–ˆβ–ˆβ–“β–ˆβ–ˆβ–ˆ  β–“β–ˆβ–ˆβ–ˆβ–ˆβ–ˆ  β–ˆβ–ˆβ–€β–ˆβ–ˆβ–ˆ  
β–“β–ˆβ–ˆβ–’ β–“β–ˆβ–ˆβ–’ β–ˆβ–ˆ β–€β–ˆ β–ˆ β–ˆβ–ˆβ–„β–ˆβ–’ β–“β–ˆ β–€ β–’β–ˆβ–ˆβ–€ β–ˆβ–ˆβ–Œβ–“β–ˆβ–ˆβ–’ β–ˆβ–ˆ β–€β–ˆ β–ˆ β–’β–ˆβ–ˆβ–€ β–ˆβ–ˆβ–Œ β–ˆβ–ˆ β–“β–ˆβ–ˆβ–’β–“β–ˆβ–ˆβ–’β–€β–ˆ& #9600; β–ˆβ–ˆβ–’β–“β–ˆβ–ˆβ–‘ β–ˆβ–ˆβ–’β–“β–ˆ β–€ β–“β–ˆβ–ˆ β–’ β–ˆβ–ˆβ–’
β–’β–ˆβ–ˆβ–‘ β–’β–ˆβ–ˆβ–’β–“β–ˆβ–ˆ β–€β–ˆ β–ˆβ–ˆβ–’β–“β–ˆβ–ˆβ–ˆβ–„β–‘ β–’β–ˆβ–ˆβ–ˆ β–‘β–ˆβ–ˆ β–ˆβ–Œβ–’β–ˆβ–ˆβ–’β–“β–ˆβ–ˆ β–€β–ˆ β–ˆβ–ˆβ–’β–‘β–ˆβ–ˆ β–ˆβ–Œβ–“β–ˆβ–ˆ β–’β–ˆβ–ˆβ–‘β–“β–ˆβ–ˆ β–“β–ˆβ–ˆβ–‘β–“β–ˆβ–ˆβ–‘ β–ˆβ–ˆβ–“β–’β–’β–ˆβ–ˆβ–ˆ β–“β–ˆβ–ˆ β–‘β–„β–ˆ β–’
β–’β–ˆβ–ˆβ–‘ β–‘β–ˆβ–ˆβ–‘β–“β–ˆβ–ˆβ–’ β–β–Œβ–ˆβ–ˆβ–’β–“β–ˆβ–ˆ β–ˆβ–„ β–’β–“β–ˆ β–„ β–‘β–“β–ˆβ–„ β–Œ&# 9617;β–ˆβ–ˆβ–‘β–“β–ˆβ–ˆβ–’ β–β–Œβ–ˆβ–ˆβ–’β–‘β–“β–ˆβ–„ β–Œβ–“β–“β–ˆ β–‘β–ˆβ–ˆβ–‘β–’β–ˆβ–ˆ β–’β–ˆβ–ˆ β–’β–ˆβ–ˆβ–„β–ˆβ–“β–’ β–’β–’β–“β–ˆ β–„ β–’β–ˆβ–ˆβ–€β–€β–ˆβ–„
β–‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–’β–‘β–ˆβ–ˆβ–‘β–’β–ˆβ–ˆβ–‘ β–“β–ˆβ–ˆβ–‘β–’β–ˆβ–ˆβ–’ β–ˆβ–„β–‘β–’β–ˆβ–ˆβ–ˆβ–ˆβ–’β–‘β–’β–ˆβ–ˆβ–ˆβ–ˆβ–“ β–‘β–ˆβ–ˆβ–‘β–’β–ˆβ–ˆβ–‘ β–“β–ˆβ–ˆβ–‘β–‘β–’β–ˆβ–ˆβ–ˆβ–ˆβ–“ β–’β–’β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–“ β–’β–ˆβ–ˆβ–’ β–‘β–ˆβ–ˆβ–’β–’β–ˆβ–ˆβ–’ β–‘ β–‘β–‘β–’β–ˆβ–ˆβ–ˆβ–ˆ& #9618;β–‘β–ˆβ–ˆβ–“ β–’β–ˆβ–ˆβ–’
β–‘ β–’β–‘β–“ β–‘β–‘β–“ β–‘ β–’β–‘ β–’ β–’ β–’ β–’β–’ β–“β–’β–‘β–‘ β–’β–‘ β–‘ β–’β–’β–“ β–’ β–‘β–“ β–‘ β–’β–‘ β–’ β–’ β–’β–’β–“ β–’ β–‘β–’β–“β–’ β–’ β–’ β–‘ β–’β–‘ β–‘ β–‘β–’β–“β–’β–‘ β–‘ β–‘β–‘β–‘ β–’β–‘ β–‘β–‘ β–’β–“ β–‘β–’β–“β–‘
β–‘ β–‘ β–’ β–‘ β–’ β–‘β–‘ β–‘β–‘ β–‘ β–’β–‘β–‘ β–‘β–’ β–’β–‘ β–‘ β–‘ β–‘ β–‘ β–’ β–’ β–’ β–‘β–‘ β–‘β–‘ β–‘ β–’β–‘ β–‘ β–’ β–’ β–‘β–‘β–’β–‘ β–‘ β–‘ β–‘ β–‘ β–‘β–‘β–’ β–‘ β–‘ β–‘ β–‘ β–‘β–’ β–‘ β–’β–‘
β–‘ β–‘ β–’ β–‘ β–‘ β–‘ β–‘ β–‘ β–‘β–‘ β–‘ β–‘ β–‘ β–‘ β–‘ β–’ β–‘ β–‘ β–‘ β–‘ β–‘ β–‘ β–‘ β–‘β–‘β–‘ β–‘ β–‘ β–‘ β–‘ β–‘β–‘ β–‘ β–‘β–‘ β–‘
β–‘ β–‘ β–‘ β–‘ β–‘ β–‘ β–‘ β–‘ β–‘ β–‘ β–‘ β–‘ β–‘ β–‘ β–‘ β–‘ β–‘
β–‘ β–‘ β–‘ by LRVT

[i] Company Name: apple
[i] Company X-ID: 162479
[i] LN Employees: 1000 employees found
[i] Dumping Date: 17/10/2022 13:55:06
[i] Email Format: {0}.{1}@apple.de
Katrin;Honauer;[email protected];Software Engineer at Apple;N/A;Heidelberg;https://www.linkedin.com/in/katrin-honauer
Raymond;Chen;[email protected];Recruiting at Apple;N/A;Austin, Texas Metropolitan Area;https://www.linkedin.com/in/raytherecruiter

[i] Successfully crawled 2 unique apple employee(s). Hurray ^_-


LinkedIn will allow only the first 1,000 search results to be returned when harvesting contact information. You may also need a LinkedIn premium account when you reached the maximum allowed queries for visiting profiles with your freemium LinkedIn account.

Furthermore, not all employee profiles are public. The results vary depending on your used LinkedIn account and whether you are befriended with some employees of the company to crawl or not. Therefore, it is sometimes not possible to retrieve the firstname, lastname and profile url of some employee accounts. The script will not display such profiles, as they contain default values such as "LinkedIn" as firstname and "Member" in the lastname. If you want to include such private profiles, please use the CLI flag --include-private-profiles. Although some accounts may be private, we can obtain the position (title) as well as the location of such accounts. Only firstname, lastname and profile URL are hidden for private LinkedIn accounts.

Finally, LinkedIn users are free to name their profile. An account name can therefore consist of various things such as saluations, abbreviations, emojis, middle names etc. I tried my best to remove some nonsense. However, this is not a complete solution to the general problem. Note that we are not using the official LinkedIn API. This script gathers information from the "unofficial" Voyager API.

Kubestroyer - Kubernetes Exploitation Tool


Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests

About The Project

Kubestroyer is a Golang exploitation tool that aims to take advantage of Kubernetes clusters misconfigurations.

The tool is scanning known Kubernetes ports that can be exposed as well as exploiting them.

Getting Started

To get a local copy up and running, follow these simple example steps.


  • Go 1.19
    wget https://go.dev/dl/go1.19.4.linux-amd64.tar.gz
    tar -C /usr/local -xzf go1.19.4.linux-amd64.tar.gz


Use prebuilt binary


Using go install command :

$ go install github.com/Rolix44/[email protected]


build from source:

  1. Clone the repo
    $ git clone https://github.com/Rolix44/Kubestroyer.git
  2. build the binary
    $ go build -o Kubestroyer cmd/kubestroyer/main.go 


Parameter Description Mand/opt Example
-t / --target Target (IP, domain or file) Mandatory -t localhost, / -t ./domain.txt
--node-scan Enable node port scanning (port 30000 to 32767) Optionnal -t localhost --node-scan
--anon-rce RCE using Kubelet API anonymous auth Optionnal -t localhost --anon-rce
-x Command to execute when using RCE (display service account token by default) Optionnal -t localhost --anon-rce -x "ls -al"

Currently supported features

  • Target

    • List of multiple targets
    • Input file as target
  • Scanning

    • Known ports scan
    • Node port scan (30000 to 32767)
    • Port description
  • Vulnerabilities

    • Annon RCE on Kubelet
      • Choose command to execute


  • Choose the pod for anon RCE
  • Etcd exploit
  • Kubelet read-only API parsing for information disclosure

See the open issues for a full list of proposed features (and known issues).


Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request


Distributed under the MIT License. See LICENSE.txt for more information.


Rolix - @Rolix_cy - [email protected]

Project Link: https://github.com/Rolix44/Kubestroyer

Before yesterdayKitPloit - PenTest & Hacking Tools

DCVC2 - A Golang Discord C2 Unlike Any Other

This multi operating system compatible tool was created to leverage Discord's voice channels for command and control operations. This tool operates entirely over the Real-Time Protocol (RTP) primarily leveraging DiscordGo and leaves no pesky traces behind in text channels. It is a command line based tool meaning all operations will occur strictly from the terminal on either Windows/Linux/OSX. Please use responsibly but have fun! ;)


  1. Updated (wrong link before) Read about DCVC2
  2. You need a Discord account.
  3. You need a Discord server.
  4. Increase voice chat speed to 96kbps in settings.
  5. You need 2 Discord bots. I found it easiest to give both bots admin perms over the discord server but you can fine tune them to only need voice permissions. The best guide to create bots is here.


git clone https://github.com/3NailsInfoSec/DCVC2.git
cd DCVC2
go mod download
go build server.go
go build agent.go


When you execute the server and agent you should see both join the voice channel you specify:

Shell commands:

cmd> whoami


I added 2 hardcoded additions besides basic shell usage:

cmd> screenshot


cmd> download
download file path>C:\Users\sm00v\Downloads\34954477.jpg


Twitter: @sm00v

Github: @sm00v