Kali linux tools (TheHarvester)Adham
What is TheHarvester?
The Harvester is a tool that was developed in python. Using this you can gather information like emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers, and SHODAN computer database.
This tool is useful for anyone like you who needs to know what an attacker can see about the organization.
In terminal type:
sudo apt-get theharvester
If it doesn’t work you can try to clone it directly from git using the following commands
git clone https://github.com/laramies/theHarvester.git cd theHarvester sudo python ./theHarvester.py
How to use this harvester tool ?
- -d: Domain to search or company name.
- -b: Data source: baidu, bing, bingapi, dogpile, google, googleCSE, googleplus, google-profiles, linkedin, pgp, twitter, vhost, yahoo, all.
- -s: Start in result number X (default: 0).
- -v: Verify hostname via DNS resolution and also search for virtual hosts.
- -f: Save the results into an HTML and XML file (both).
- -n: Perform DNS reverse query on all ranges discovered.
- -c: Perform DNS brute force for the domain name.
- -t: Perform DNS TLD expansion discovery.
- -e: Use this DNS server.
- -l: Limit the number of results to work with (bing goes from 20 to 20 results, google 100 to 100, and pgp doesn’t use this option).
- -h: Use SHODAN database to query discovered hosts.
theharvester -d [domain name] -b [search engine name / all ] -c -f output.xml
- To list available options
- To search emails
theHarvester.py -d <domain> -b all
- To search emails with a limit
theHarvester.py -d <domain> -b all -l 200
- To save the result into an html file
theharvester -d <domain> -b all -f myresults.html
- To search in PGP(Pretty Good Privacy) only
theharvester -d <domain> -b pgp