Userrecon -- Find Social Media Accounts

Now days Social media is getting very popular. Their are lots of social media sites around us, like Twitter, Instagram, Facebook, YouTube, Reddit, Pinterest, Tumblr, Medium etc. Userrecon is a grate tool to discover social media accounts by usernames. Everyone knows that information gathering is a very important in penetration testing, but information collected from one social media is not enough.

This is very helpful for a security researcher . We can collect many information of a human. We can generate a bigger password list. Userrecon can help to find a username across 75+ social media sites. This tool is very helpful in location tracking and footprinting.



Userrecon is a shell script, it is very easy to use. To use this tool we need to download/clone it from Github by applying following command :

git clone https://github.com/jaykali/userrecon
The screenshot of preceding command is following:

https://github.com/thelinuxchoice/userrecon

Then we go to the userrecon folder using cd command :


cd userrecon
and then we give the script executable permission by using following command:

chmod +x userrecon.sh
The screenshot is following:

chmod +x userrecon.sh

Now we can run this this tool by applying following command:

./userrecon.sh

Then the tool userrecon will start, as the following screenshot:

userrecon main menu

Here userrecon asks for username of our target. We just need to type the username and press Enter, userrecon will start scanning, like following screenshot:

userrecon targets

Userrecon scan over 75 social media website for a given username. After scanning userrecon will save a log in txt file we can check the social media accounts by using those discovered links. Isn't it easy and super cool ?
 
For any kind of question ask us in the comment section. We always reply. Also follow us on Medium & Twitter.

1 comment:

  1. I tired the script out - Useful for at least KNOWING about the various services and URLs (so thank you for that!), and it does indeed give good negative findings - but there's too many false positives. The script 'finds' too many profiles that don't exist.. it should check for the custom 404's coming back from many of these servers to be truly useful. Probably a lot more work to do that, of course.

    ReplyDelete

Please do not spam here. It is comment box not a spambox. Promotional links are not allowed.

Powered by Blogger.