Information Gathering using theHarvester
Why do WE use TheHarvester?
And what can WE do with it?
TheHarvester has been developed in Python by Christian Martorella. It is a tool which provides us information about e-mail accounts, user names and hostnames/subdomains from different public sources like search engines and PGP key server.
This tool is designed to help the penetration tester on an earlier stage; it is an effective, simple and easy to use. The sources supported are:
Google – emails, subdomains
Google profiles – Employee names
Bing search – emails, subdomains/hostnames, virtual hosts
Pgp servers – emails, subdomains/hostnames
LinkedIn – Employee names
Exalead – emails, subdomain/hostnames
Time delays between requests
XML results export
Search a domain in all sources
Virtual host verifier
If you are using Kali Linux, open the terminal and type:
-d [url] -l 300 -b [search engine name] #theHarvester
-l 300 -b google
-d [url] will be the remote site from which you wants to fetch the juicy information.
-l will limit the search for specified number.
-b is used to specify search engine name.
From above information of email address we can identify pattern of the email addresses assigned to the employees of the organization.
To get all the information about the website u can use the command as:#theHarvester
-l 300 -b all
You can use then the gathered informations to sent some nice emails to your victim and when your email contain a virus and the victim will open it you'll get session at the target machine.
This is very usefully if you want to break through a company network which is protected by a firewall.https://github.com/laramies/theHarvester
EXPECT US #blackhat #Anonymous #GLOBAL