1.3 The Harvester

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Course
Time
2 hours
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:02
Hi. Welcome. The module to and Cyber is crafting the perfect email course. Now that we know what reconnaissance, let's go ahead and jump in and go over a couple of tools that I like to use for re Kon,
00:15
one of the most commonly used tools to gather information, including email addresses. Host names employee named sub domains. Some everything like that is called the Harvester,
00:26
So why is it commonly used
00:28
first? It's very simple and quick to run. That's why it's always my go to first choice when doing recon on an organization.
00:37
So what exactly is the harvester again? It's a built in Cali Lennox or Bruce Wayne or Lennox Package that can be used to gather email addresses, sub domains, hosting
00:47
employeesnames
00:48
and things like that. And he uses public sources like search engines, along with the showed on database.
00:58
So first we're gonna go over just a couple of quick commands. We can learn how to use it.
01:02
One of the first basic commands you'll do is simply of the harvester. All one word. No space
01:08
and what that does. Is it list all of thehyperfix, sir? Options available?
01:14
Um,
01:15
few. The common tags or switches that I always use our dash, Dean, which is your domain to search
01:22
Dash L, which limits the number of results and Dash B is your data source.
01:27
So full basic command is gonna look similar to the one I've got here on the screen. And that's the Harvester Dash d google dot com, which will search for the google dot com domain dash l 500 which limits the number of results to 500
01:46
and dash be Google,
01:49
which will use Google as our data source.
01:56
So again, we're gonna hop into using the harvester
02:00
and let's pop over to my pre built Callie V M here.
02:07
All right, so now we've got our Callie v em up. We're gonna go in, log in with the user name of route
02:15
and just the default password, which is tour t 00 our route backwards.
02:25
All right, so this will go ahead and log us in
02:35
first thing we're gonna go ahead and do is pop open a terminal here. You do that with control T or just click the little terminal link.
02:46
All right, so it's going to make this a little bit bigger.
02:53
All right? man I talked about was simply the harvester
02:59
hit. Enter. It will tell you exactly what the harvester is along with the usage options and some examples. So we're gonna go ahead and do the harvester.
03:10
Make sure you spell everything right. Dash d for domain, and we're gonna search for sy berry dot I t
03:19
um Go ahead, Go through those switches, Dash B. We're gonna use Google as our data source.
03:25
We're going to output that into an each semi file that we weaken.
03:30
See it for future reference. And we will Just name is Cyberia, God
03:37
TML,
03:39
and we're gonna go and limit the results. Just so the search was a little bit quicker, and that is Dash L
03:46
and we're gonna do hold to 100 results. So go ahead and enter.
03:52
As you can see, that starts the search,
03:55
and I've actually done this one already. So it's going to minimize this while it searches. It's pretty quick. It usually only takes just a minute or two,
04:05
but it's going over your files here, and you can see I've already got my cyber dot html file. Open that up
04:15
and it'll just open. And Firefox That's my default browser for HTML. It's here. It'll show you the results. So it looks like we did find four email addresses so these could be used for a phishing attack.
04:29
And it looks like we've also resolved a few of the domains here, too, I p's
04:34
and that could come in handy if you're going to do any other further attacks.
04:43
All right, so put back into our slide show.
04:47
And now that we've used the Harvester,
04:51
let's go ahead and go over just a really quick quiz.
04:56
So the 1st 1 the first question I've got for you guys, is what command continues to list all the options for the harvester,
05:01
and this is the first command that we went over.
05:05
And yet it's simply the Harvester,
05:11
All right. Second question. If he wanted to limit your results to the 1st 100 which switch did you use with the Harvester Command?
05:20
Just a second to think about it here.
05:25
And yet that's right. Just dash l
05:28
along with the number 100.
05:32
So those pretty easy questions. Let's go ahead and build a full command out. If we wanted to use the heart, Mr Toe, look for e mails in the Cali dot or domain
05:41
using Google as the source and limiting our results to the 1st 200
05:46
How would we do that?
05:53
I'm gonna go ahead and show you on this one here. So let's pop back into our
05:59
Callie V. M.
06:00
And we're here. Let's put exit out of this.
06:03
We'll open our terminal again. And this show all the results that we had already clear. Just so we're a little more organized. So we want to use the harvester
06:15
to look for emails in the Cali dot org's
06:18
domain.
06:19
So what is the first switch we would use?
06:28
That's right. Dash D four domain and we want to look for callie
06:32
dot org's.
06:33
So what is our data source gonna be?
06:36
Question wanted us to use Google. So that is a dash B
06:43
to specify our data soon,
06:46
and we want a limited results. The 1st 200
06:51
again yet Dash L
06:54
200
06:56
and I always like to output things into a steam off. I'll just cause it's easier to track than having to go back and scroll through your terminal, so we're going to go and do that as well and that is Dash F
07:05
and this is going to be Callie. Html. Since that is the one we're using,
07:12
enter
07:15
and again, it will just simply run,
07:16
and we'll let this one run all the way through.
07:23
It'll go through its search.
07:40
All right, So it shows no, I p addresses. Found it did find a couple of e mails,
07:46
and it also resolve a few the host ings in tow, i p So let's go and open that report,
07:51
and you will just refresh years. They've got all our files.
07:56
And that was callie dot html.
08:01
You know, pop right open again. It just shows us everything that we found the email names and the hosts.
08:09
One last thing before we go here.
08:13
If you ever forget
08:16
what switches to use for anything,
08:18
it's super simple. Just taking the harvester
08:22
and that will pull up all of the different uses options, along with some examples,
08:28
just in case you do forget
08:33
popped back into our quiz.
08:35
And so we did this one together. So you have the harvester dash d for domain Callie d'accord
08:41
dash B for a data source, which is Google dash L to limit the results to 200. And again, I like to throw in that dash f just so I can see the results into a 90 mile and XML file.
08:54
Also, not just because it's easier to read, but because you can use those files and imports of that information, some automation stuff that we're gonna dio a little bit later on.
Up Next
Phishing

In this online course, you will learn how to craft the perfect phishing email to allow you to teach your team how to avoid actual phishing attempts.

Instructed By