In the context of penetration testing, email address gathering refers to the process of collecting email addresses for the purpose of conducting a security assessment. This can involve collecting email addresses from various sources, such as the organization’s website, social media accounts, and public databases.
Email address gathering is quite important in penetration testing for a variety of reasons, many of which I will be explaining soon. You should also understand that there are a whole lot of ways to gather the email address of an organization/web application we are trying to perform penetration testing on. Many of these ways are tedious, don’t come up with the result needed and some methods are just not practical enough and finally, some are not viable when it comes to real-life applicability. You might be wondering why it’s necessary to gather email addresses but having the email address of people that work within an organization is useful when there is a need to perform social engineering during a penetration test, and thus we know where to channel our energy. It might be really useful to have the email address of people within an organization because that would enable us to know about their email address structure as well maybe it is first.lastname@company.com or whichever way it is. Below are listed ways to gather the email address of people that work within an organization.
