# Identifying People

## Identifying People <a href="#identifying-people" id="identifying-people"></a>

We want to find out how is connected to the target. That can be site administrator, employees, owner, mods. Maybe one of the administrators have posted in a forum with their email, or in a newsgroup or somewhere else. Those posts could contain useful data about the stack or help us devlop a network diagram. We might also need to use social engineering.

In order to find people we might use the following sources:

* The company website
* Social media (LinkedIn, Facebook, Twitter etc)
* Forums and newsgroups
* Metadata from documents

#### Company Website <a href="#company-website" id="company-website"></a>

This is pretty obvious. Just look around on the website. Or download it. Or spider it with burp and then search the result.

Make sure to check out the blog. There you might have employees writing blogposts under their name.

#### Social Media <a href="#social-media" id="social-media"></a>

```
site:twitter.com companyname
site:linkedin.com companyname
site:facebook.com companyname
```

#### Metadata From Documents <a href="#metadata-from-documents" id="metadata-from-documents"></a>

You find some documents and then run exiftool on them to see if there is any interesting metadata.

```
site:example.com filetype:pdf
```

### Email Harvesting <a href="#email-harvesting" id="email-harvesting"></a>

theharvester - I have not had luck with this

```
theharvester -d example.com -l 500 -b all
```

### Check if emails have been pwned before <a href="#check-if-emails-have-been-pwned-before" id="check-if-emails-have-been-pwned-before"></a>

[https://haveibeenpwned.com](https://haveibeenpwned.com/)

## Users <a href="#users" id="users"></a>

social-searcher.com

Reddit\
Snoopsnoo


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://cybermuhdupa.gitbook.io/total-oscp-guide/recon-and-information-gathering-phase/identify-ip-addresses-and-subdomains/identifying-people.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.