Time
6 minutes
Difficulty
Intermediate

Video Transcription

00:04
Hello, everyone, Welcome back to breaking stuff with Joe. I was always in your host, Joe Perry, and you were watching this on Cyber Eri on demand. Today we're going to be talking about an awesome open source scanning and intelligence tool called the Harvester. The harvester is a spectacular utility that combines multiple different open source or oh, since sources
00:23
in order to provide you with intelligence about a given target.
00:26
It's a very simple tool to use very effective and provide astonishing amounts of information by querying multiple databases and providing as much information as you could possibly hope for as part of your enumeration of footprint process. So it's a great tool. We're gonna spend a little bit of time seeing just how easy it is to use here on breaking stuff of joke on cyber Eri on demand.
00:48
So here we are in our trusty Callie BM, and we're just going to very quickly run this tool. It's a pretty straightforward like he said, very easy to use, so we're gonna give two examples with it and see what we get back.
01:00
So the command just to invoke it, we're gonna go ahead and run the harvester
01:03
from anywhere on the command line in Cali. And you can see this is the help we're gonna get back, and it's gonna give us a little bit of information about how to structure or command. We can see the different data sources that are available,
01:15
and then we can see some of the different options. For example, using Google Dorking instead of a normal Google search, which is to say, using carefully formatted Google searches to find more, potentially more dramatic results.
01:26
We have some port scan options. We can use D. N s servers, that sort of think.
01:30
But we don't really need to go that in depth to see just how functional this tool is, instead weaken just very easily.
01:38
So technically is gonna indicate the domain that we're targeting in this case. We're gonna go ahead and look at what we can find from Google, mostly because that's a sight that we trust not to expose anyone's p I i, too easily to the open Internet. And we want to avoid, you know, accidentally giving away someone's P. I here on breaking stuff with Joe. That's a quick way to get in a lot of trouble.
01:57
So here we go, the harvester.
02:00
There we go, d google dot com
02:06
and they were going to say attack l l is going to indicate the limits the number of maximum results you want to receive. Generally speaking, you'll see that Sector 500. It's like that in all the examples they give and 500 is generally a pretty good sweet spot. If you've got 10,000 responses coming in, you're probably not gonna be able to use all of them
02:23
as well as if you have some more automated scanning happening behind this.
02:28
That's gonna quickly get you into a domain where it's just difficult to perform those searches in a reasonable time frame. So 500 usually pretty safe number. And we're going to use this attack me to indicate our data source. So we're going to go ahead and Google search what we confined about ghouls domain.
02:45
And you see, it'll kind of just spit out this nice little banner here, tell you what version you're working with. A little bit of credit to Christian Marta rela Sure hope I spoke. Pronounce that right and it's performing the searching Google. So it searches on 100 results at a time. Pretty straightforward process. It doesn't take terribly long to execute
03:01
most of the time when I've run this, be it for actually use for just in tests,
03:07
usually not looking at more than maybe 30 seconds to a minute. Here, you can see it's returned.
03:13
Oftentimes you want output. The results to a file to make it a little bit easier to deal with here were just kind of demonstrating what you get so you can see we've got about me dot google dot com and an Associated I P address. We have accounts, ad settings, books, cloud code, all of these different things you can find on Google. These are all the different domains that Google are all the different sub domains
03:31
the Google makes available to the Internet
03:34
again. This is it mostly an open source scanning tool. It's not a tool that you're going to see in extreme use. Uh, it's a pretty simple just you know, you're you're seeing just the domains that were made public. You're not really digging into people's internal security, which is important when you're performing the fingerprinting and foot printing stage.
03:53
It's key not to attract the attention of your target here
03:57
because you could very easily be shut down well before you've ever gotten started.
04:01
So that was the first example. We're gonna run one more example of the harvester,
04:04
and it's going to be the same target
04:06
cool dot com.
04:09
But in this case, we're going to give
04:12
a different data source. In this case, we're going to say, Tell me on linked in everything you could find. Maybe it's people who work for Google, maybe people whose public profile says Google, just let's get some results from linked it
04:25
and show you just how useful this is. It this could be now obviously these are all public facing, You know, These were linked in profiles that people are allowed to view and index and easily see. But this is a great way to enable a social engineering attack. You know, you can use this to gather up lots of information about people associated with the company
04:42
again, I picked Google specifically because it will not be
04:46
well, I guess we don't have any users coming back from London on Google, so we could try it with cyber ery instead.
04:50
But I'm specifically picking these results because I know that they're not going to give you any one's p. I we don't like, say we don't want that in any breaking stuff Joe videos. But this is again is just gonna search through LinkedIn and find people who are related to whatever you're searching. So, for example, for us, it primarily on Cyber Aires domain is going to return people who are
05:11
t. A's who posted about cyber bury who you know in some way this is associated with their public profile. So when you're talking about enabling, doesn't look like we got anything from that, either. When you're talking about enabling socially social engineering, this is a great first step to see if anybody has anything you know that's easily found by this tool to tell you just straight out. Hey,
05:30
this is not a good partner, you know, This is not a good security posture. This person has information about the company.
05:35
They might be someone that you can target and reach out to. So I am pleased to see that, at least at the initial scan now, obviously we're not doing very deep results, but an initial scan you're not finding too much about our site on the open source search for linked it that says good things about our security posture in about the security posture of people working with us.
05:54
But it's still a useful example to show you the different data sources that can use here with the harvester.
05:59
It's gonna be all there is for today's video. Thank you all for watching so much. This has been breaking stuff with joke, talking about the harvester here on Cyberia on demand.

How to Use theHarvester (BSWJ)

In this course, we will be reviewing a reconnaissance and information-gathering tool known as “theharvester”. This program is used by hackers and cybersecurity professionals alike to gather crucial points of information on targets. This includes names of organizational members, email addresses, web host, domain names, and even open ports.

Instructed By

Instructor Profile Image
Joe Perry
Senior Technical Instructor at FireEye, Inc
Instructor