Information Gathering Video Tutorials

How to Gather Email Addresses with TheHarvester – Kali Linux 2018.1

March 8, 2018
2 Min Read

theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).

Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet.

Passive Sources

  • Google: Google search engine – www.Google.com
  • GoogleCSE: Google custom search engine
  • Google-Profiles: Google search engine, specific search for Google profiles
  • Bing: microsoft search engine – www.bing.com
  • Bing API: microsoft search engine, through the API (you need to add your Key in the discovery/bingsearch.py file)
  • DogPile: Dogpile search engine – www.dogpile.com
  • PGP: pgp key server – mit.edu
  • Linkedin: Google search engine, specific search for Linkedin users
  • vhost: Bing virtual hosts search
  • Twitter: twitter accounts related to an specific domain (uses Google search)
  • Google+: users that works in target company (uses Google search)
  • Yahoo: Yahoo search engine
  • Baidu: Baidu search engine
  • Shodan: Shodan Computer search engine, will search for ports and banner of the discovered hosts (ShodanHQ.com)

Active Sources

  • DNS brute force: this plugin will run a dictionary brute force enumeration
  • DNS reverse lookup: reverse lookup of ip´s discovered in order to find hostnames
  • DNS TDL expansion: TLD dictionary brute force enumeration

Modules that need API keys to work:

Since theHarvester makes use of third party information sources, some of these require you to have API keys to work. That is, you need to go and sign up for the specific service, register your app with them and they provide you with a key that lets you access the service. Only the following two need API keys:

  • GoogleCSE: You need to create a Google Custom Search engine(CSE), and add your Google API key and CSE ID to the file: discovery/GoogleCSE.py
  • Shodan: Add your API key in discovery/shodansearch.py

Installation and Usage:

git clone https://github.com/laramies/theHarvester.git
cd theHarvester && ls
python theHarvester.py

Video:

https://youtu.be/NioRu6s4_xk

Tags