In this tutorial, we are going to cover one of widely used Kali Linux tool named “theharvester” which is used by the Pentester & Ethical Hackers for the Advanced Information Gathering.
As you know email address is very important information, and sometimes an organization has a private email address. They use those emails only for confidential conversation.
You should know about email addresses, which are available publicly from different database like Google, bing, yahoo etc.
Let us take an overview of theharvester Tool.
The main objective for which “theharvester” tool is used is to Gather Information from distinct public sources including Search Engines, SHODAN Computer Database and PGP Key Servers. The information which this tool gather includes E-mails, Sub-Domains, Hosts, Employee names, Banners and Open Port.
Penetration testers used this tool in the early stages of the penetration test so that they can easily understand the footprints of customers on the Internet. This tool is not only useful for penetration testers but it can also be used by anyone that wants to know what an attacker can see about their organization.
Features of newly rewritten “theharvester” tool are:
- Time delays between request
- All sources search
- Virtual host verifier
- Active enumeration (DNS enumeration, Reverse lookups, TLD expansion)
- Integration with SHODAN computer database, to get the open ports and banners
- Save to XML and HTML
- Basic graph with stats
- New sources
Google: google search engine – www.google.com
Google-profiles: google search engine, specific search for Google profiles
Bing: microsoft search engine – www.bing.com
Bingapi: microsoft search engine, through the API (you need to add your Key in the discovery/bingsearch.py file)
Pgp: pgp key server – pgp.rediris.es
Linkedin: google search engine, specific search for Linkedin users
Shodan: Shodan Computer search engine, will search for ports and banner of the discovered hosts (http://www.shodanhq.com/)
Vhost: Bing virtual hosts search
DNS brute force: this plugin will run a dictionary brute force enumeration
DNS reverse lookup: reverse lookup of ip´s discovered in order to find hostnames
DNS TDL expansion: TLD dictionary brute force enumeration
Getting Started with “theharvestor” tool:
This tool comes preloaded in Kali Linux and to run it simply type the following command without quotes and hit enter:
Syntax to use “theharvester” tool:
#theHarvester -d [url] -l 300 -b [search engine name]
-d [url] will be the remote site from which you wants to fetch the information.
-l will limit the search for specified number.
-b is used to specify search engine name.
#theHarvester -d cvcc.edu -l 8 -b google
Information gathering is most important and basic phase of penetration testing. Make sure your emails should not be public. some emails may be available public for example email@example.com, firstname.lastname@example.org, email@example.com etc.
If you have any question related this topic please comment below. if you like this post please share on Facebook, twitter.
You may also like to read these awesome related posts