Scrapping e-mail accounts from web servers
Finding valid e-mail accounts is an important task during a penetration test. E-mail accounts are often used as usernames in some systems and web applications. Attackers often target the highly sensitive information that is stored in them. Compromising e-mail access credentials often means access to more sensitive information.
This recipe shows you how to use Nmap to discover valid e-mail accounts that could be used in latter attacks.
How to do it…
To collect valid e-mail addresses from the web servers, use the following command:
$nmap -p80 --script http-grep --script-args http-grep.builtins=e-mail <target>
The e-mail addresses found in the web server will be included in the script output:
PORT STATE SERVICE REASON 443/tcp open https syn-ack | http-grep: | (1) https://www.packtpub.com/books/subscription/mapt-b2b: | (1) e-mail: | + [email protected] | (2) https://www.packtpub.com/books/info/packt...