(http://www.edge-security.com/img/logo-theharvester.jpg)
TheHarvester es una herramienta para recopilar cuentas de correo electrónico, nombres de usuario y nombres de host o subdominios de diferentes fuentes públicas como motores de búsqueda y los servidores de claves PGP.
Esta herramienta está destinada a ayudar a los probadores de penetración en las primeras etapas del proyecto, es una herramienta muy simple, pero muy eficaz.
Las fuentes de apoyo son los siguientes:
Google - correos electrónicos, subdominios o nombres de host
Google perfiles - los nombres de los empleados
Bing - correos electrónicos, subdominios o nombres de hosts, servidores virtuales
Pgp servidores, correos electrónicos, subdominios o nombres de host
Linkedin - Los nombres de los empleados
Exalead - correos electrónicos, nombres de host o subdominio
Nuevas características:
Los retrasos entre las solicitudes
Resultados de exportación XML y HTML
Buscar un dominio en todas las fuentes
Verificador de host virtual
Shodan equipo base de datos de la integración
Enumeración de activo (enumeración DNS, las búsquedas de DNS inversas, la expansión de DNS TLD)
Gráfico básico con estadísticas[/align]
Utilizando la Tool
root@bt:~# cd /pentest/enumeration/theharvester
root@bt:/pentest/enumeration/theharvester# ./theHarvester.py
*************************************
*TheHarvester Ver. 2.1 (reborn) *
*Coded by Christian Martorella *
*Edge-Security Research *
*[email protected] *
*************************************
Usage: theharvester options
-d: Domain to search or company name
-b: Data source (google,bing,bingapi,pgp,linkedin,google-profiles,exalead,all)
-s: Start in result number X (default 0)
-v: Verify host name via dns resolution and search for virtual hosts
-f: Save the results into an HTML and XML file
-n: Perform a DNS reverse query on all ranges discovered
-c: Perform a DNS brute force for the domain name
-t: Perform a DNS TLD expansion discovery
-e: Use this DNS server
-l: Limit the number of results to work with(bing goes from 50 to 50 results,
-h: use SHODAN database to query discovered hosts
google 100 to 100, and pgp doesn't use this option)
Examples:./theharvester.py -d microsoft.com -l 500 -b google
./theharvester.py -d microsoft.com -b pgp
./theharvester.py -d microsoft -l 200 -b linkedin
root@bt:/pentest/enumeration/theharvester#Pentest http://www.nasa.gov (http://www.nasa.gov)
root@bt:/pentest/enumeration/theharvester# ./theHarvester.py -d nasa.gov -l 500 -b google
*************************************
*TheHarvester Ver. 2.1 (reborn) *
*Coded by Christian Martorella *
*Edge-Security Research *
*
[email protected] *
*************************************
[-] Searching in Google:
Searching 0 results...
Searching 100 results...
Searching 200 results...
Searching 300 results...
Searching 400 results...
Searching 500 results...
- Emails found:
------------------
[email protected]
[email protected]
[email protected]
[email protected]
@nasa.gov
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
- Hosts found in search engines:
------------------------------------
200.60.190.10:www.nasa.gov (http://www.nasa.gov)
128.102.10.203:code.nasa.gov
69.58.188.49:go.nasa.gov
198.119.164.48:www.sti.nasa.gov (http://www.sti.nasa.gov)
137.78.164.52:asterweb.jpl.nasa.gov
209.235.106.121:blogs.nasa.gov
198.117.131.56:wicn.nssc.nasa.gov
200.60.190.18:science.nasa.gov
129.164.179.22:Antwrp.gsfc.nasa.gov
129.164.179.22:antwrp.gsfc.nasa.gov
129.164.179.41:map.gsfc.nasa.gov
198.118.114.120:owa.hst.nasa.gov
128.149.134.81:photojournal.jpl.nasa.gov
200.60.190.19:spaceflight.nasa.gov
200.60.190.19:Spaceflight.nasa.gov
128.183.114.107:nssdc.gsfc.nasa.gov
128.183.165.61:gcmd.nasa.gov
137.78.99.23:www.jpl.nasa.gov (http://www.jpl.nasa.gov)
192.77.84.50:prod.nais.nasa.gov
198.119.202.51:media.ksc.nasa.gov
198.117.131.70:nasapeople.nasa.gov
198.117.131.70:Nasapeople.nasa.gov
129.164.179.22:apod.nasa.gov
192.149.131.95:mail.nasa.gov
137.78.210.83:edrn.jpl.nasa.gov
198.118.248.141:stereo-ssc.nascom.nasa.gov
137.78.160.152:climate.nasa.gov
128.183.103.247:earthobservatory.nasa.gov
128.183.102.87:earthasart.gsfc.nasa.gov
128.102.22.112:builds.worldwind.arc.nasa.gov
129.164.179.22:Apod.nasa.gov
129.164.179.20:hubble.nasa.gov
137.78.160.74:saturn.jpl.nasa.gov
192.68.196.14:bedreststudy.jsc.nasa.gov
137.78.99.55:mars.jpl.nasa.gov
198.116.65.32:www.hq.nasa.gov (http://www.hq.nasa.gov)
137.78.160.205:jpl.nasa.gov
198.119.202.36:www-pao.ksc.nasa.gov
198.119.202.36:www-pao.Ksc.nasa.gov
128.102.195.51:quest.nasa.gov
137.78.60.211:gipsy-oasis.jpl.nasa.gov
148.114.252.7:education.ssc.nasa.gov
128.102.105.81:byss.arc.nasa.gov
137.78.160.55:sse.jpl.nasa.gov
137.78.160.55:sse.Jpl.nasa.gov
128.102.22.110:worldwind.arc.nasa.gov
65.165.5.239:mediaservices.nasa.gov
198.119.202.36:specsintact.ksc.nasa.gov
198.119.202.36:specsintact.Ksc.nasa.gov
200.60.190.11:www.jsc.nasa.gov (http://www.jsc.nasa.gov)
137.78.99.61:marsrover.nasa.gov
198.119.202.36:coop.ksc.nasa.gov
198.119.202.36:coop.Ksc.nasa.gov
128.183.4.33:www.giss.nasa.gov (http://www.giss.nasa.gov)
137.78.160.55:parts.jpl.nasa.gov
137.78.160.55:parts.Jpl.nasa.gov
200.60.190.8:www.larc.nasa.gov (http://www.larc.nasa.gov)
137.78.160.55:nmp.jpl.nasa.gov
137.78.160.55:nmp.Jpl.nasa.gov
128.149.132.157:podaac.jpl.nasa.gov
209.235.106.121:mobile.nasa.gov
209.235.106.121:Mobile.nasa.gov
200.60.190.10:kids.msfc.nasa.gov
198.119.164.64:ntrs.nasa.gov
198.119.164.64:Ntrs.nasa.gov
128.102.201.141:settlement.arc.nasa.gov
63.117.224.4:appl.nasa.gov
63.117.224.4:Appl.nasa.gov
209.235.106.121:Blogs.nasa.gov
137.78.160.55:deepspace.jpl.nasa.gov
137.78.160.55:deepspace.Jpl.nasa.gov
198.122.172.19:eol.jsc.nasa.gov
198.118.248.108:sohowww.nascom.nasa.gov
- Proposed SET
---------------
[]
root@bt:/pentest/enumeration/theharvester#
(http://img33.imageshack.us/img33/1632/pantallazo2g.png)
Autor: Chelious