theharvester es una herramienta para la recopilación de cuentas de correo electrónico, nombres de usuario y nombres de host / subdominios de diferentes fuentes públicas. Es una herramienta muy simple, pero muy eficaz.
Las fuentes de apoyo son:
root@bt:/pentest/enumeration/google/theharvester# ./theHarvester.py
*************************************
*TheHarvester Ver. 1.6 *
*Coded by Christian Martorella *
*Edge-Security Research *
*[email protected] *
*************************************
Usage: theharvester options
-d: domain to search or company name
-b: data source (google,bing,pgp,linkedin)
-s: start in result number X (default 0)
-v: verify host name via dns resolution
-l: limit the number of results to work with(bing goes from 50 to 50 results,
google 100 to 100, and pgp does'nt use this option)
Examples:./theharvester.py -d microsoft.com -l 500 -b google
./theharvester.py -d microsoft.com -b pgp
./theharvester.py -d microsoft -l 200 -b linkedin
root@bt:/pentest/enumeration/google/theharvester# ./theHarvester.py -d hotmail.com -l 1 -b google
*************************************
*TheHarvester Ver. 1.6 *
*Coded by Christian Martorella *
*Edge-Security Research *
*[email protected] *
*************************************
Searching for hotmail.com in google :
======================================
Limit: 1
Searching results: 0
1
2
3
4
5
6
7
8
9
[SNIP]
Accounts found:
====================
@hotmail.com
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[SNIP]
====================
Total results: 39
Hosts found:
====================
www.hotmail.com
m.hotmail.com
root@bt:/pentest/enumeration/google/theharvester#
Una de las herramientas que se deben tener en nuestra caja de herramientas para hacer pentesting :)