CrossLinked: Enumerating company employee data from LinkedIn company pages
Link to tool: https://github.com/m8r0wn/CrossLinked
LinkedIn remains a treasure trove of highly valuable information regarding businesses and businesspeople. Digital Investigators often use LinkedIn as their starting point for any investigation of a corporate / financial crimes nature. Whilst there are several OSINT resources available from the Github repositories that can help investigators with regards to LinkedIn – they vary considerably in capabilities. At the same time, Microsoft has taken steps to apply greater security restrictions such as rate-limiting to prevent user data from being harvested by third-party tools. However, in this OSINT Tool Review, we will introduce ‘CrossLinked’, a lightweight Python-based script that has somewhat of an effective capability concerning investigations on LinkedIn.
CrossLinked is a LinkedIn enumeration tool that conducts searches on search engines and scrapes relevant information from results. This means that the script itself does not access nor scrape directly from LinkedIn – thus avoiding detection from the platform’s security systems. The script outputs its results in a TXT file which can of course be used as a starting point for individual investigations.
The script itself is relatively flexible, it can allow the user to apply timeouts per search, apply jitters between each request, customise search arguments by adding a header, specify which search engine to use and only parse names that contain the company name in the title. What we especially like is that the script’s developer has implemented proxy support, enabling users to mask their traffic with a single proxy by adding a
--proxy argument within the command-line interface. For users that want to use multiple proxies and rotate through them, this can be achieved by creating a
proxies.txt file and adding that file to the aforementioned argument.
Overall, the script is lightweight, simple to use and very straightforward to deploy against targets. The output is somewhat effective – inevitably several false positives were contained within the output file. However, our tests found that the script successfully identified the majority of employees working across several medium-sized enterprises – indicating that the script is relatively accurate and can be used to establish a starting point for an investigation against a particular company. Admittedly, the false positives produced by the script is essentially a trade-off when taking into account that it does not directly communicate with LinkedIn. Nevertheless, for what the tool aims to do, it is quite effective.