RECON: TheHarvester

September 8, 2016 | Views: 11925

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

You read the title, you may have heard of this interesting add-on for any pentester. If you haven’t, read on. It’s certainly worth it.

Reconnaissance is the key first part to any pentest and any pentester worth their salt will tell you it’s the most important part. Why? Because this part gives you the opportunities to get into your victims system. The more attack surfaces you have the better you can exploit them. So let me introduce you to The Harvester.

You can install it by using apt-get install theharvester in Kali Linux, calling it from the terminal by simply typing its name in.

Once loaded it’s simple to use and it pulls in a lot of data. Email addresses, domains, sub-domains, as much as it can find to do with your target.

Start with the -d tag. This specifies the domain that you’re looking to scan for anything that may give you more of an attack surface. For instance, -d google.com will bring up results relating to google.com but if you use a less known site then you won’t find as much.

Along with the -d tag you will also need to specify which search engine you would like it to use to search for all the results. The tag for this is -b and then the search engine. Here’s an example of how your code would look if you were simply looking for something quickly without any further options. Let’s run it against something we know, Microsoft.

As you can see, we’ve found three emails and seven domains and sub-domains along with their IP addresses. This is great for Microsoft who have this shut down as much as they do. But what about a different company? How about Marriott hotels?

A whopping twenty one emails and a few portals. So that’s 21 emails that could be subject to social engineering plus some sub-domains that you could potentially exploit. See why this tool is so useful?

There are other options to tab onto it, for instance -h uses SHODAN to query any discovered hosts. It’s down to you to experiment with how you would like to use it. Keep in mind, this isn’t an active scan of their website or spidering their content. The harvester uses search engines to find things related to the domain you put in. This is all using the power of search engines, cutting out the work you would have to do yourself otherwise.

You can follow me on twitter and feel free to chat.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
2 Comments
  1. Looks interesting, a good time saver. Thanks for the post up.

  2. I tweeted about this. When I get Kali up and running again at home, I’ll give this a whirl. I suppose people can be nosey, but equally you can check out their own company and the digital footprint their staff leave.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel