_ _ _ _ _ ____
| | (_)_ __ | | _____ __| (_)_ __ / ___| ___ _ __ __ _ _ __ ___ _ __
| | | | '_ \| |/ / _ \/ _` | | '_ \ \___ \ / __| '__/ _` | '_ \ / _ \ '__|
| |___| | | | | < __/ (_| | | | | | ___) | (__| | | (_| | |_) | __/ |
|_____|_|_| |_|_|\_\___|\__,_|_|_| |_| |____/ \___|_| \__,_| .__/ \___|_|
|_|
Unauthenticated LinkedIn company OSINT tool. Given only a company profile URL, collects company info, employee names and positions, optionally generates email lists, and integrates DNSDumpster for domain recon.
Built for authorized security engagements and red team initial reconnaissance phases.
- Company profile scraping (name, description, industry, size, headquarters, website)
- Employee list extraction via headless browser (handles dynamic JS-rendered content)
- Email list generation from a provided format pattern (e.g.
{first_initial}{lastname}@domain.com) - Email verification via SMTP probing and common verification APIs
- DNSDumpster integration for domain recon from the company domain
- Multi-format report export: JSON, CSV, HTML
- Pure CLI interface, no credentials required
Requirements: Python 3.10+, Google Chrome or Chromium
git clone https://github.com/ch3ngo/linkedin-scraper.git
cd linkedin-scraper
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
playwright install chromiumpython3 -m linkedin_scraper --url "https://www.linkedin.com/company/target-company/"python3 -m linkedin_scraper \
--url "https://www.linkedin.com/company/target-company/" \
--email-format "{first}.{last}@target.com" \
--verify-emailspython3 -m linkedin_scraper \
--url "https://www.linkedin.com/company/target-company/" \
--dnsdumpster \
--domain target.compython3 -m linkedin_scraper \
--url "https://www.linkedin.com/company/target-company/" \
--email-format "{first_initial}{last}@target.com" \
--verify-emails \
--dnsdumpster \
--domain target.com \
--output ./output/ \
--format json csv html| Pattern | Example result |
|---|---|
{first}.{last}@domain.com |
john.doe@domain.com |
{first_initial}{last}@domain.com |
jdoe@domain.com |
{first}_{last}@domain.com |
john_doe@domain.com |
{first}@domain.com |
john@domain.com |
{last}@domain.com |
doe@domain.com |
| Format | File |
|---|---|
| JSON | output/report_<timestamp>.json |
| CSV | output/employees_<timestamp>.csv |
| HTML | output/report_<timestamp>.html |
linkedin-scraper/
├── linkedin_scraper/
│ ├── __main__.py # CLI entry point
│ ├── modules/
│ │ ├── company.py # Company info scraper
│ │ ├── employees.py # Employee list scraper (headless browser)
│ │ ├── email_gen.py # Email list generator
│ │ ├── email_verify.py # Email verification module
│ │ └── dnsdumpster.py # DNSDumpster integration
│ └── utils/
│ ├── browser.py # Headless browser helpers (Playwright)
│ ├── exporter.py # Multi-format report exporter
│ └── logger.py # Logging configuration
├── tests/
├── docs/
├── output/ # Generated reports (gitignored)
├── requirements.txt
└── README.md
This tool is intended for use in authorized security engagements only. Scraping LinkedIn without authorization may violate LinkedIn's Terms of Service and applicable laws. The author assumes no responsibility for misuse. Always obtain written authorization before running OSINT tools against any target.
MIT