Information Gathering

theHarvester – Easy Intelligence Gathering

The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.

This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization. theHarvester will gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).

Passive Sources:

  • google  =>  google search engine
  • googleCSE => google custom search engine
  • google-profiles  =>  google search engine, specific search for Google profiles
  • bing => microsoft search engine
  • bingapi => microsoft search engine, through the API (you need to add your Key in the discovery/bingsearch.py file)
  • dogpile => Dogpile search engine
  • pgp => pgp key server – pgp.rediris.es
  • linkedin => google search engine, specific search for Linkedin users
  • vhost => Bing virtual hosts search
  • twitter => twitter accounts related to an specific domain (uses google search)
  • googleplus => users that works in target company (uses google search)
  • yahoo => Yahoo search engine
  • baidu  => Baidu search engine
  • shodan => Shodan Computer search engine, will search for ports and banner of the discovered hosts

 

Active:

  • DNS brute force: this plugin will run a dictionary brute force enumeration
  • DNS reverse lookup: reverse lookup of ip´s discovered in order to find hostnames
  • DNS TDL expansion: TLD dictionary brute force enumeration

 

Modules that need API keys to work:

  • googleCSE: You need to create a Google Custom Search engine(CSE), and add your Google API key and CSE ID in the plugin (discovery/googleCSE.py)
  • shodan: You need to provide your API key in discovery/shodansearch.py

 

Dependencies:

Command Syntax:

./theHarvester.py -d <url> -l 300 -b <search engine name >
./theHarvester.py –d matriux.com –l 300 –b google

Download theHarvester