Theharvester in Kali Linux
Description: theHarvester tool in Kali linux is used for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).
It is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet.
Passive Information Gathering by theharvester
- google: google search engine- www.google.com·
- googleCSE: google custom search engine·
- google-profiles: google search engine, specific search for Google profiles:
- bing: microsoft search engine – www.bing.com·
- bingapi: microsoft search engine, through the API (you need to add your Key in the discovery/bingsearch.py file)·
- pgp: pgp key server – pgp.rediris.es·
- linkedin: google search engine, specific search for Linkedin users·
- vhost: Bing virtual hosts search·
- twitter: twitter accounts related to an specific domain (uses google search)·
- googleplus: users that works in target company (uses google search)·
- shodan: Shodan Computer search engine, will search for ports and banner of the discovered hosts (http://www.shodanhq.com/)
Active Information Gathering
- DNS brute force: this plugin will run a dictionary brute force enumeration
- DNS reverse lookup: reverse lookup of ip´s discovered in order to find hostnames
- DNS TDL expansion: TLD dictionary brute force enumeration
Getting Started with Theharvester
In this article I am going to email harvesting by using email harvester too in Kali Linux called theharvester.
It is inbuilt tool, So you don’t have tension how to install and more you can run a simple command in terminal to use theharvester tool
Theharvester Usage Options
Lot of tools are included in to theharvester package and can be used to by using switch like -d switch is used to define domain names and -l is used to limit number of the result. In the following image you can see all available switch.
Theharvester Usage Example
Search from email addresses from a domain (-d example.com), limiting the results to 500 (-l 500), using Google (-b google):
#theharvester -d example.com -l 500 -b google