The harvester
Important Information Gathering Tool on Internet
The Harvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources like search engines and PGP key servers.
This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective.
The sources supported are:
– Google –
emails,subdomains/hostnames
– Google profiles – Employee names
– Bing
search – emails, subdomains/hostnames,virtual hosts
– Pgp servers – emails,
subdomains/hostnames
– Linkedin – Employee names
– Exalead –
emails,subdomain/hostnames
New features:
– Time delays between requests
– XML and HTML
results export
– Search a domain in all sources
– Virtual host
verifier
– Shodan computer database integration
– Active enumeration (DNS
enumeration,DNS reverse lookups, DNS TLD expansion)
– Basic graph with
stats
Some Examples:
Searching emails accounts for the domain
microsoft.com, it will work with the first 500 google results:
./theharvester.py -d microsoft.com -l 500 -b google
Searching emails accounts for the domain microsoft.com in a PGP server, here it’s not necessary to specify the limit.
./theharvester.py -d microsoft.com -b pgp
Searching for user names that works in the company microsoft, we use google as search engine, so we need to specify the limit of results we want to use:
./theharvester.py -d microsoft.com -l 200 -b linkedin
Searching in all sources at the same time, with a limit of 200 results:
./theHarvester.py -d microsoft.com -l 200 -b all