Collecting valid email accounts and IP addresses from web servers
Valid email accounts are useful in penetration testing engagements because they can be used for exploiting trust relationships in phishing attacks, password auditing of mail servers, and as usernames in many different systems.
This recipe illustrates how to find a list of public email accounts with Nmap.
How to do it...
- Open your terminal and enter the following command:
$ nmap -p <Web Server Port> --script http-grep <target>
- Nmap will crawl the web application and return any interesting information found, including email addresses:
PORTÂ Â Â Â STATE SERVICEÂ Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â ...