I was introduced to Google Profiles by a link in a Twitter post from geekgrl. As soon as I saw it all I could think of was what a great reconnaissance tool it would be. So, I created a Google search which would give me all profiles for a given company name and this is what I got:
site:www.google.com intitle:"Google Profile" "Companies I've worked for" "at company_name"
This could probably be refined but works well enough for this quick demo.
The next step is to put this into an app which I've named gpscan. My first attempt used a ruby gem which returned results from a Google AJAX search but unfortunately I could only get it to retrieve 4 results, even though it told me there were 256 for my selected target. I put a call for help out on Twitter and got some great help from Matias Brutti who gave me a copy of his Google screen scraping code which allowed me to pull back the full list of results. Matt is working on his own app called ESearchy which is a reconnaissance tool to collect email addresses from loads of different sources including search engines, GPG servers, usenets, LinkedIn and GoogleGroups. He liked my idea of hitting Google Profiles so has now incorporated my search into his tool as well.
gpscan is a ruby app so obviously needs ruby but I don't think it needs anything beyond the standard install. I unfortunately don't have a clean machine to test this on. If anyone finds that it does require any specific libraries/gems that aren't installed by default let me know.
gpscan needs to be executable, to set this run
chmod u+x gpscan.rb
Simple, just run gpscan passing it the name of the company to search for, for example:
To search for a company name with a space simply enclose it in quotes:
./gpscan.rb "rolls royce"
This is a quick proof of concept tool so I'd be surprised if there weren't at least a couple of problems.
If you find any bugs or want to report any problems you can contact me.
gpscan is commented up in Ruby Doc format.