Seven Layers delivers comprehensive, dependable, and cost-effective solutions tailored to our clients’ needs and budgets. We offer cutting edge defensive security strategies to provide you with the ability to protect key systems and information – and can pair those with traditional information technology services to keep your business up and running, so you can focus on the business that is important to you.

    We provide penetration testing services and vulnerability assessments for peace of mind, risk management, and regulatory compliance. And because your employees are often your first line of defense - or weakness – we offer employee education in computer security and corporate security policies.

    Our support services cover your full suite of end user desktops, in-house servers, cloud-based servers, and cloud services. This includes seamless support for employees in all locations, whether they are in corporate offices, or are remote users. We will manage and develop content management systems, customized software and web applications, as well as working with off the shelf applications.


     

    EmailGen (found here) is an email harvester that was based off of another tool but simplified.  Those are my words, not those of the maker.  Prior to using this tool, you could setup a free Hunter.io account and use the API but that is not necessary.

    From their Github page:



    The example given is as follows:

    ./EmailGen.rb -c "Microsoft" -d "microsoft.com" -f "{first}.{last}@{domain}" -o microsoft-emails.txt

    Searching on a known domain:


    It harvests 470 email addresses.  Here's what I can tell you about those email addresses:

    1.  Some of them are legitimate.
    2.  Some of them have never existed and I don't know where they came from.  If you Google some of those invalid email addresses, you come up with nothing. 
    3.  Some of the targets you'd like to get are in the list and some of them aren't.  For example, this list contains all of the C-level positions except for the CFO.
    4.  It takes SECONDS to create this list which is awesome.
    5.  This list is by far the most comprehensive list of addresses and it would be a great way to start off a phishing campaign. 
    6.  ^^ To that point, if this were a black box audit, I don't have a better / faster way of generating this type of list.

    When we view the list, the valid addresses mostly appear in the top and when you get down to the bottom, especially 450-470, those addresses are a mystery. 


    If you were trying to rule out good from bad, there are tools that can help with that as well but that's for another day.


    Cybersecurity solutions for small businesses.

    info@sevenlayers.com
    877.468.0911

    © 2021 Seven Layer Networks, Inc. | All rights reserved.