Ready to Start Your Career?

RECON: TheHarvester

KnightsCode 's profile image

By: KnightsCode

September 8, 2016

You read the title, you may have heard of this interesting add-on for any pentester. If you haven't, read on. It's certainly worth it.Reconnaissance is the key first part to any pentest and any pentester worth their salt will tell you it's the most important part. Why? Because this part gives you the opportunities to get into your victims system. The more attack surfaces you have the better you can exploit them. So let me introduce you to The Harvester.You can install it by using apt-get install theharvester in Kali Linux, calling it from the terminal by simply typing its name in. Once loaded it's simple to use and it pulls in a lot of data. Email addresses, domains, sub-domains, as much as it can find to do with your target.Start with the -d tag. This specifies the domain that you're looking to scan for anything that may give you more of an attack surface. For instance, -d will bring up results relating to but if you use a less known site then you won't find as much.Along with the -d tag you will also need to specify which search engine you would like it to use to search for all the results. The tag for this is -b and then the search engine. Here's an example of how your code would look if you were simply looking for something quickly without any further options. Let's run it against something we know, Microsoft.As you can see, we've found three emails and seven domains and sub-domains along with their IP addresses. This is great for Microsoft who have this shut down as much as they do. But what about a different company? How about Marriott hotels?A whopping twenty one emails and a few portals. So that's 21 emails that could be subject to social engineering plus some sub-domains that you could potentially exploit. See why this tool is so useful?There are other options to tab onto it, for instance -h uses SHODAN to query any discovered hosts. It's down to you to experiment with how you would like to use it. Keep in mind, this isn't an active scan of their website or spidering their content. The harvester uses search engines to find things related to the domain you put in. This is all using the power of search engines, cutting out the work you would have to do yourself otherwise.You can follow me on twitter and feel free to chat.
Schedule Demo