theHarvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources like search engines and PGP key servers.
This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective.
Backtrack 5 r1
/pentest/enumeration/theharvester
root@bt:/# cd /pentest/enumeration/theharvester
root@bt:/pentest/enumeration/theharvester# ./theHarvester.py -d test-site.com -l 100 -b all
Note drop the www. from the url your interested in, example http://www.test-stie.com becomes test-site.com
Usage: theharvester options
-d: Domain to search or company name
-b: Data source (google,bing,bingapi,pgp,linkedin,google-profiles,exalead,all)
-s: Start in result number X (default 0)
-v: Verify host name via dns resolution and search for virtual hosts
-f: Save the results into an HTML and XML file
-n: Perform a DNS reverse query on all ranges discovered
-c: Perform a DNS brute force for the domain name
-t: Perform a DNS TLD expansion discovery
-e: Use this DNS server
-l: Limit the number of results to work with(bing goes from 50 to 50 results,
-h: use SHODAN database to query discovered hosts
google 100 to 100, and pgp doesn’t use this option)
Examples:./theHarvester.py -d site-you-want-info-on.com -l 500 -b google
./theHarvester.py -d site-you-want-info-on.com -b pgp
./theHarvester.py -d site-you-want-info-on.com -l 200 -b linkedin
myexploit 