information gathering – theharvester

theHarvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources like search engines and PGP key servers.
This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective.

Backtrack 5 r1

/pentest/enumeration/theharvester

root@bt:/# cd /pentest/enumeration/theharvester
root@bt:/pentest/enumeration/theharvester# ./theHarvester.py -d test-site.com -l 100 -b all

Note drop the www. from the url your interested in, example http://www.test-stie.com becomes test-site.com

Usage: theharvester options

-d: Domain to search or company name
-b: Data source (google,bing,bingapi,pgp,linkedin,google-profiles,exalead,all)
-s: Start in result number X (default 0)
-v: Verify host name via dns resolution and search for virtual hosts
-f: Save the results into an HTML and XML file
-n: Perform a DNS reverse query on all ranges discovered
-c: Perform a DNS brute force for the domain name
-t: Perform a DNS TLD expansion discovery
-e: Use this DNS server
-l: Limit the number of results to work with(bing goes from 50 to 50 results,
-h: use SHODAN database to query discovered hosts
google 100 to 100, and pgp doesn’t use this option)

Examples:./theHarvester.py -d site-you-want-info-on.com -l 500 -b google
./theHarvester.py -d site-you-want-info-on.com -b pgp
./theHarvester.py -d site-you-want-info-on.com -l 200 -b linkedin

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s