During a penetration testing it is important to conduct a company profiling, search online for information available on social networks like Facebook, Twitter, Google+, and LinkedIn that will help to find the system used by the company. On internet there is too much information and data related to any company and can be used for malicious intent.
Hackers start by creating fake profiles with information to be as working with a competitor, a Job recruiter, old colleagues or a good looking person to have target trust. Next they will start to buy connections and make their profile looks legitimate. Finally, they send a lot of requests searching for the vulnerable employee.
Linkedin Klepto an open source tool that can be used for this purpose and to conduct corporate espionage. The tool been firstly introduced at Black Hat 2013 by Barracuda Labs and allow the following:
- Auto-create Yahoo Email account, LinkedIn bait Account and verification
- Grant bait account permission to your linkedin app
- Send batch invitations to open networks or other found profiles fitting your search criteria
- Monitor the activities of your connections/targets, and aggregate connection information
You can download LinkedIn Klepto on the following link: https://github.com/dingzj/linkedin_klepto