theHarvester
Information gathering is the first and the most important step of a penetration test. More informations you will grab, easier the exploit will be.
Developed by Christian Martorella theHarvester is very usefull for this task. It’s a python script that will help you to find user emails and subdomains of a given domain by merely parsing search engines results. The following data sources are supported :
- bing,
- google, googleCSE, googleplus, google-profiles
- jigsaw
- people123
- pgp
- shodan
theHarvester is by default installed on Kali Linux. Basic usage is:
theharvester -d <domain> -b <source>
Some options are available to tweak your request:
-d: the domain you are looking for
-b: source or all
-f: output file (html and xml)
-l: limit the number of results used for each source
-s: start result number
-h: query Shodan with each discovered hosts
-n: perform a reverse dns lookup for each range of ip address discovered
-c: perform a brute force search (can’t make it work anyway…)
Example:
