The supported sources are:
- Google – emails,subdomains/hostnames
- Bing search – emails, subdomains/hostnames
- Pgp servers – emails, subdomains/hostnames
- Linkedin – user names
Lets take a look at the options which are available:
Code:
01 root@666:/pentest/enumeration/google/theharvester# ./theHarvester.py 02 03 ************************************* 04 *TheHarvester Ver. 1.6 * 05 *Coded by Christian Martorella * 06 *Edge-Security Research * 07 *cmartorella@edge-security.com * 08 ************************************* 09 10 Usage: theharvester options 11 12 -d: domain to search or company name 13 -b: data source (google,bing,pgp,linkedin) 14 -s: start in result number X (default 0) 15 -v: verify host name via dns resolution 16 -l: limit the number of results to work with(bing goes from 50 to 50 results, 17 google 100 to 100, and pgp does'nt use this option) 18 19 Examples:./theharvester.py -d microsoft.com -l 500 -b google 20 ./theharvester.py -d microsoft.com -b pgp 21 ./theharvester.py -d microsoft -l 200 -b linkedin
Code:
01 root@666:/pentest/enumeration/google/theharvester# ./theHarvester.py -d cnn.com -l 500 -b bing 02 03 ************************************* 04 *TheHarvester Ver. 1.6 * 05 *Coded by Christian Martorella * 06 *Edge-Security Research * 07 *cmartorella@edge-security.com * 08 ************************************* 09 10 Searching for cnn.com in bing : 11 ====================================== 12 13 Limit: 500 14 Searching results: 0 15 Searching results: 50 16 Searching results: 100 17 Searching results: 150 18 Searching results: 200 19 Searching results: 250 20 Searching results: 300 21 Searching results: 350 22 Searching results: 400 23 Searching results: 450 24 25 Accounts found: 26 ==================== 27 28 @cnn.com 29 cnnfutures@cnn.com 30 ==================== 31 32 Total results: 2 33 34 Hosts found: 35 ==================== 36 37 www.cnn.com 38 edition.cnn.com 39 money.cnn.com 40 sportsillustrated.cnn.com 41 amfix.blogs.cnn.com 42 live.cnn.com 43 news.blogs.cnn.com 44 politicalticker.blogs.cnn.com 45 marquee.blogs.cnn.com 46 weather.cnn.com 47 m.cnn.com 48 transcripts.cnn.com 49 www.cnnstudentnews.cnn.com 50 ac360.blogs.cnn.com 51 campbellbrown.blogs.cnn.com 52 newsource.cnn.com 53 cgi.cnn.com 54 joybehar.blogs.cnn.com 55 topics.edition.cnn.com 56 internationaldesk.blogs.cnn.com 57 us.cnn.com 58 larrykinglive.blogs.cnn.com 59 topics.cnn.com 60 weather.edition.cnn.com 61 cnnwire.blogs.cnn.com 62 scitech.blogs.cnn.com 63 on.cnn.com 64 ricksanchez.blogs.cnn.com 65 archives.cnn.com 66 community.cnn.com 67 sports.si.cnn.com 68 arabic.cnn.com 69 quiz.cnn.com 70 newsroom.blogs.cnn.com 71 cgi.money.cnn.com 72 partners.cnn.com 73 pagingdrgupta.blogs.cnn.com 74 features.blogs.fortune.cnn.com 75 tech.fortune.cnn.com 76 insession.blogs.cnn.com 77 business.blogs.cnn.com 78 behindthescenes.blogs.cnn.com 79 olympics.blogs.cnn.com 80 afghanistan.blogs.cnn.com 81 gdyn.cnn.com 82 premium.cnn.com 83 inthefield.blogs.cnn.com 84 ypwr.blogs.cnn.com 85 premium.edition.cnn.com 86 edition1.cnn.com 87 drgupta.cnn.com 88 edition2.cnn.com 89 wallstreet.blogs.fortune.cnn.com 90 tips.blogs.cnn.com 91 mxp.blogs.cnn.com
Lets show a example which will show a few more email address’s:
Code:
01 root@666:/pentest/enumeration/google/theharvester# ./theHarvester.py -d 53.com -l 500 -b google 02 03 ************************************* 04 *TheHarvester Ver. 1.6 * 05 *Coded by Christian Martorella * 06 *Edge-Security Research * 07 *cmartorella@edge-security.com * 08 ************************************* 09 10 Searching for 53.com in google : 11 ====================================== 12 13 Limit: 500 14 Searching results: 0 15 Searching results: 100 16 Searching results: 200 17 Searching results: 300 18 Searching results: 400 19 20 Accounts found: 21 ==================== 22 23 josh.paskewicz@53.com 24 @53.com 25 info@tapioles53.com 26 @.53.com 27 rachael.smith@53.com 28 nan.horton@53.com 29 aler...@53.com 30 alertingservice@53.com 31 j.brinkman@53.com 32 Jerome.Gilbert@53.com 33 Gilbert@53.com 34 michelle.weddington@53.com 35 ==================== 36 37 Total results: 12 38 39 Hosts found: 40 ==================== 41 42 www.53.com 43 reo.53.com 44 direct.53.com 45 premierissue.53.com 46 retire.53.com 47 ir.53.com 48 tdsc.53.com 49 secure.53.com 50 ra.53.com 51 2Fwww.53.com 52 Www.53.com 53 252Fwww.53.com 54 espanol.53.com 55 employee.53.com 56 bnjhz.php?...53.com 57 express.53.com 58 www.ra.53.com 59 Ra.53.com 60 3Dreo.53.com 61 wwww.53.com 62 Retire.53.com 63 @.53.com 64 www.express.53.com 65 mxism.php?...53.com 66 pngyo.php?...53.com
This is just one of the may tools which can aid a penetration tester in the passive reconnaissance process.
No comments:
Post a Comment