Buster – An advanced tool for Email Reconnaissance
Buster tool is a Python language-based tool used for Enumeration and Reconnaissance purposes. We can gather the information that is linked to an email address. Buster Tool is an OSINT tool, so it extracts information for Open Source or from Public platforms.
Advanced features of Buster Tool:
- Buster gets social accounts that are linked to email addresses from multiple sources (like gravatar, about.me, Skype, LinkedIn, previous data leaks).
- Buster gets links to where the email was found using Google search, Twitter, dark search, and paste sites.
- Buster also returns breaches associated with the target email.
- Buster gets the domains list that is associated with the email address.
- Buster creates possible emails and usernames of a target person.
- Buster enumerates to find usernames from email.
- Buster also finds the work mail of a person of an organization.
What are API keys?
API key or Application Programming Interface key enables internal applications, client-facing applications, application collaborations with your businesses partners to talk with each other and share the data and information. An API key is responsible for connecting one program to share functionality, among others. To communicate or merge with another API key, an API key is a must. We can consider API keys as the user authentication for web-based applications and mobile devices – the API call starts with one API calling the other one and granting that e pass the API key to gain access.
How do API Keys work?
Endpoints manage API keys and, with the application,web-based interface generally referred to as projects by developers. Although API keys are not very strong, like authentication tokens it can provide a security layer to identify the project behind a call. Developers can write a code for API keys to restrict or block project usage to specified scenarios or a range of IP addresses.
For example, the keys verify end-user authorization by determining if calls have received permission to access a specific application service. This is an essential function because end-users may have authorized access to some but not all of the individual services within an application.
Note: Buster tool also uses the hunter.io website to get information from company emails. The starting searches “company email” don’t require a key (API). If you want company emails, we suggest that you should sign up for an account on hunter.io.
When you get the API key, add it to the file “api-keys.yaml” and rerun the following command.
python3 setup.py install
Installation of Buster Tool in Kali Linux
Step 1: Open your Kali Linux terminal and move to the desktop using the following command. On the desktop, we have to create a directory in which we will install the tool or clone the tool from GitHub.
Step 2: Now, we are on the desktop. We will create a new directory called Buster using the following command.
Step 3: You have created the directory Buster on the Desktop. Move to this directory using the following command.
Step 4: Now you are under the Buster directory. Here you have to clone the Buster tool from GitHub. To clone the tool, use the following command.
git clone git://github.com/sham00n/buster
Step 5: Now, the tool has been cloned successfully to the Buster directory. Now list out the contents of the tool using the following commands.
Step 6: You can see a new directory buster has been created. Move to this directory using the following command.
Step 7: List out the content of the directory using the following command.
Step 8: Run the setup.py file to install essential requirements.
sudo python3 setup.py install
Step 9: Now our requirements are ready, check the help page of the tool to get a better understanding of tool usage.
Working with Buster Tool
Example 1: Get info of a single email(exists or not, social media where email was used, data breaches, pastes, and links to where it was found)
buster -e firstname.lastname@example.org
You will get the information about the email address if it really exists or not, social media handles connected to the email, data breaches, Pastebin links, etc.
2. In the below Screenshot, We have got the Validation results of our provided email address. Associated links and accounts details are also mentioned.
Example 2: Query for a list of emails
buster --list /home/kali/Desktop/email.txt
1. Buster also provides the functionality to accept multiple email addresses and provide the results.
2. emails.txt contents are shown in the below screenshot.
Example 3: Generate emails that match the pattern and checks if they exist or not
buster -e j********9@g****.com -f john -l doe -b ****1989
Buster also generates the email address according to the patterns provided in the input query. So in the below screenshot 8 Possible emails can be generated.
Example 4: Generate a company email and returns info associated with it
buster -f john -l doe -c geeksforgeeks.org
Buster allows generating email addresses using the company domain, in this example the user is john doe, and the company is geeksforgeeks.org.
Example 5 : Generating Valid Usernames
buster -f gaurav -m gdg -l gandal -b 14052001
Buster allows generating usernames by taking some common inputs like first name, middle name, last name, and birthdate.
Example 6: Generate 100+ emails in the format email@example.com and returns the valid ones
buster -u gauravgandal
Buster allows generating customized 100+ email addresses using the input format