Information gathering is the first and the most important step of a penetration test. More informations you will grab, easier the exploit will be.

Developed by Christian Martorella theHarvester is very usefull for this task. It’s a python script that will help you to find user emails and subdomains of a given domain by merely parsing search engines results. The following data sources are supported :

  • bing,
  • google, googleCSE, googleplus, google-profiles
  • jigsaw
  • linkedin
  • people123
  • pgp
  • shodan
  • twitter

theHarvester is by default installed on Kali Linux. Basic usage is: theharvester -d <domain> -b <source>

Some options are available to tweak your request:

-d: the domain you are looking for
-b: source or all
-f: output file (html and xml)
-l: limit the number of results used for each source
-s: start result number
-h: query Shodan with each discovered hosts
-n: perform a reverse dns lookup for each range of ip address discovered
-c: perform a brute force search (can’t make it work anyway…)



My way to go

## Project* Find Amazon s3 buckets: `s3-buckets-bruteforce /opt/SecLists/mine/s3-buckets.txt -` if found: `s3-buckets-extractor ` * Ex...… Continue reading

« DotDotPwn

Published on January 23, 2015

Exploit Exercices, Nebula – level03 »

Published on January 22, 2015