top of page
  • OTW

OSINT, Part 3: Extracting Employee Names from Companies (Tesla and Breitbart) on LinkedIn

Updated: Dec 28, 2022

Welcome back, my aspiring cyber warriors!

The Internet is the deepest and widest data repository in the history of the world! Those who can extract and cultivate intelligence from it, will be empowered like none other!

This data can be used for offensive security and forensic investigations, among many other applications.

Crosslinked is one more tool for automating the gathering of this data from the huge repository. Crosslinked is Python script for extracting company employee names from LinkedIn. Of course, we could do this manually, but this tool will save us many tens of hours of tedious work.

Step #1: Fire Up Kali

The first step, of course, is to fire up our trusty Kali and open a terminal.

Step #2: Download and install

Crosslinked is not built into Kali, nor is it in our Kali repository but we can find it on Simply clone it from m8r0wn's repository.

kali > git clone

Next, we need to download and install crosslinked's requirements. There should be a file named requirements.txt in our new crosslinked directory.

kali > cd crosslinked

kali > pip3 install -r requirements.txt

Step #3: Crosslinked Help

Before we begin working with crosslinked, let's look at its cursory help file.

kali > crosslinked -h

In it's simplest form, the crosslinked syntax looks like this; <name format> <company>

It's also important to note that you must give yourself permission to run the script.

kali > chmod 755

Step #4: Extracting Tesla Employees from LinkedIn

Now that we have everything setup with crosslinked script, let's see whether we can find employees of Tesla, Elon Musk's electric car company. To do so, we need to specify the name format and the company name.

kali > ./ -f '{first}.{last}'' tesla

Where: is the command

-f format option of the names

'{first}.{last}' the name format to use

tesla the company we are searching

When the script has completed its run, crosslinked should place a file in the default directory named names.txt. We can find it by simply doing a long listing.

To see the contents of this file, simply use the command more before the file name. As we can see above, crosslinked was able to extract the names of hundreds of people who work at Elon Musk's Tesla.

kali > more names.txt

Step #6: Extract the People Working at Breitbart News

Let's see if we can do the same task against another company. Let's find the employees of Breitbart News, the hate-mongering, conspiracy promoting, racist and mysogynist online magazine.

We already have the Tesla employees in the names.txt file, so unless we want to append the Breitbart employees to that file, we will need to direct crosslinked to create a new file. We can do that using the -o switch (see the help screen above).

kali > ./ -f '{first}.{last}@breitbart' breitbart -o breitbart.txt

Now, crosslinked goes out and extracts the Breitbart employee names from LinkedIn. When we do a long listing on our default directory, we find the file breitbart.txt that we directed crosslinked to create in the command above.

kali > ls -l

We can see the contents of that file by prefacing the file name with "more".

kali > more breitbart.txt

As you can see, crosslinked was capable of extracting hundreds of employees' names from LinkedIn that work at Breitbart News. These are the people you can thank for defiling the public discourse with hate-filled, racist, xenophobic, and misogynist misinformation.


The Internet harbors a vast wealth of information just waiting to untethered. Crosslinked helps us automate the process of extracting employee names for particular companies from LinkedIn, which may be crucial in a digital forensic investigation or penetration testing environment.

11,878 views1 comment

Recent Posts

See All
bottom of page