Theharvester in Kali Linux

Description: theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).

It is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet.

Passive Information Gathering by theharvester

google: google search engine- www.google.com·
googleCSE: google custom search engine·
google-profiles: google search engine, specific search for Google profiles:
bing: microsoft search engine – www.bing.com·
bingapi: microsoft search engine, through the API (you need to add your Key in the discovery/bingsearch.py file)·
pgp: pgp key server – pgp.rediris.es·
linkedin: google search engine, specific search for Linkedin users·
vhost: Bing virtual hosts search·
twitter: twitter accounts related to an specific domain (uses google search)·
googleplus: users that works in target company (uses google search)·
shodan: Shodan Computer search engine, will search for ports and banner of the discovered hosts (http://www.shodanhq.com/)

Active Information Gathering

DNS brute force: this plugin will run a dictionary brute force enumeration
DNS reverse lookup: reverse lookup of ip´s discovered in order to find hostnames
DNS TDL expansion: TLD dictionary brute force enumeration

Getting Started with Theharvester

In Kali Linux theharvester tool is inbuilt and can be run a simple command in terminal

#theharvester

Theharvester Usage Options

Lot of tools are included in to theharvester package and can be used to by using switch like -d switch is used to define domain names and -l is used to limit number of the result. In the following image you can see all available switch.