Hi. Welcome. The module to and Cyber is crafting the perfect email course. Now that we know what reconnaissance, let's go ahead and jump in and go over a couple of tools that I like to use for re Kon,
one of the most commonly used tools to gather information, including email addresses. Host names employee named sub domains. Some everything like that is called the Harvester,
So why is it commonly used
first? It's very simple and quick to run. That's why it's always my go to first choice when doing recon on an organization.
So what exactly is the harvester again? It's a built in Cali Lennox or Bruce Wayne or Lennox Package that can be used to gather email addresses, sub domains, hosting
and things like that. And he uses public sources like search engines, along with the showed on database.
So first we're gonna go over just a couple of quick commands. We can learn how to use it.
One of the first basic commands you'll do is simply of the harvester. All one word. No space
and what that does. Is it list all of thehyperfix, sir? Options available?
few. The common tags or switches that I always use our dash, Dean, which is your domain to search
Dash L, which limits the number of results and Dash B is your data source.
So full basic command is gonna look similar to the one I've got here on the screen. And that's the Harvester Dash d google dot com, which will search for the google dot com domain dash l 500 which limits the number of results to 500
and dash be Google,
which will use Google as our data source.
So again, we're gonna hop into using the harvester
and let's pop over to my pre built Callie V M here.
All right, so now we've got our Callie v em up. We're gonna go in, log in with the user name of route
and just the default password, which is tour t 00 our route backwards.
All right, so this will go ahead and log us in
first thing we're gonna go ahead and do is pop open a terminal here. You do that with control T or just click the little terminal link.
All right, so it's going to make this a little bit bigger.
All right? man I talked about was simply the harvester
hit. Enter. It will tell you exactly what the harvester is along with the usage options and some examples. So we're gonna go ahead and do the harvester.
Make sure you spell everything right. Dash d for domain, and we're gonna search for sy berry dot I t
um Go ahead, Go through those switches, Dash B. We're gonna use Google as our data source.
We're going to output that into an each semi file that we weaken.
See it for future reference. And we will Just name is Cyberia, God
and we're gonna go and limit the results. Just so the search was a little bit quicker, and that is Dash L
and we're gonna do hold to 100 results. So go ahead and enter.
As you can see, that starts the search,
and I've actually done this one already. So it's going to minimize this while it searches. It's pretty quick. It usually only takes just a minute or two,
but it's going over your files here, and you can see I've already got my cyber dot html file. Open that up
and it'll just open. And Firefox That's my default browser for HTML. It's here. It'll show you the results. So it looks like we did find four email addresses so these could be used for a phishing attack.
And it looks like we've also resolved a few of the domains here, too, I p's
and that could come in handy if you're going to do any other further attacks.
All right, so put back into our slide show.
And now that we've used the Harvester,
let's go ahead and go over just a really quick quiz.
So the 1st 1 the first question I've got for you guys, is what command continues to list all the options for the harvester,
and this is the first command that we went over.
And yet it's simply the Harvester,
All right. Second question. If he wanted to limit your results to the 1st 100 which switch did you use with the Harvester Command?
Just a second to think about it here.
And yet that's right. Just dash l
along with the number 100.
So those pretty easy questions. Let's go ahead and build a full command out. If we wanted to use the heart, Mr Toe, look for e mails in the Cali dot or domain
using Google as the source and limiting our results to the 1st 200
How would we do that?
I'm gonna go ahead and show you on this one here. So let's pop back into our
Callie V. M.
And we're here. Let's put exit out of this.
We'll open our terminal again. And this show all the results that we had already clear. Just so we're a little more organized. So we want to use the harvester
to look for emails in the Cali dot org's
So what is the first switch we would use?
That's right. Dash D four domain and we want to look for callie
So what is our data source gonna be?
Question wanted us to use Google. So that is a dash B
to specify our data soon,
and we want a limited results. The 1st 200
again yet Dash L
and I always like to output things into a steam off. I'll just cause it's easier to track than having to go back and scroll through your terminal, so we're going to go and do that as well and that is Dash F
and this is going to be Callie. Html. Since that is the one we're using,
and again, it will just simply run,
and we'll let this one run all the way through.
It'll go through its search.
All right, So it shows no, I p addresses. Found it did find a couple of e mails,
and it also resolve a few the host ings in tow, i p So let's go and open that report,
and you will just refresh years. They've got all our files.
And that was callie dot html.
You know, pop right open again. It just shows us everything that we found the email names and the hosts.
One last thing before we go here.
If you ever forget
what switches to use for anything,
it's super simple. Just taking the harvester
and that will pull up all of the different uses options, along with some examples,
just in case you do forget
popped back into our quiz.
And so we did this one together. So you have the harvester dash d for domain Callie d'accord
dash B for a data source, which is Google dash L to limit the results to 200. And again, I like to throw in that dash f just so I can see the results into a 90 mile and XML file.
Also, not just because it's easier to read, but because you can use those files and imports of that information, some automation stuff that we're gonna dio a little bit later on.