Scythe Lab

In this lab, Subject Matter Expert Dean Pompilio demonstrates Scythe, an interesting account enumerator tool that allows you to do account harvesting. You will use this tool to find out where your target has accounts on various Web sites.

You install Scythe into your Kali instance from GitHub using the following steps:

· Go to www.GitHub.com

· Enter Scythe into the site's search function

· Choose ChrisJohnRiley/Scythe from the list that is returned

In this lesson, you will learn: - how to run the program and understand the list of modules it supports

• what the current settings are

• how to set a directory for where all the modules are located

• about the different modules

• how to search on user name and/or email address

• how to edit the account file

• about options you can specify, such as the list option, directory for the modules, sorting by category

• how to specify the ability to run threads

• how to specify the retry time

• how to specify how the summary is shown

• how to specify how to save the output

SME Pompilio demonstrates the system with two different sets of specifications and notes that the summary gives information on where the accounts are located on all the various Web sites. He notes that it is important to consider the value of aggregation – that a Social Engineer gathers bits and pieces about the target from various places around the Internet and then may be able to infer certain information about their target's interests. This can provide fodder for engaging in Social Engineering techniques such as phishing and spearphishing.