Using theHarvester for Reconnaissance
theHarvester is a tool used to gather information or Reconnaissance, about subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources like search engines, PGP key servers, and SHODAN computer database and also related social media with google searches like LinkedIn, twitter, etc.
How to Use it?
Just fire up your terminal in Kali Linux and type theHarvester and it will display all the options provided by the tool.
Some features of this tool
- Time delays between request
- All sources search
- Virtual host verifier
- Active enumeration (DNS enumeration, Reverse lookups, TLD expansion)
- Integration with SHODAN computer database, to get the open ports and banners
- Save to XML and HTML
- A basic graph with stats
- New sources
Now run the given command below.
theharvester -d microsoft.com -l 100 -b google
This is the first basic command in which -d argument is given to specify domain which we need to scan and -l to limit the number of search results when crawling a search engine. You also need to provide a data source from which information needs to be gathered for that -b along with data source name is used. The data sources available to tools are :
google, googleCSE, bing, bingapi, pgp, linkedin, google-profiles, jigsaw, twitter, google+, all.
For the command given above, we are scanning domain microsoft.com with the limit of 100 results from Google.
Now run the command below.
theharvester -d microsoft.com -l 100 -b google -f result
If you want to save the result neatly just add the -f along with the filename you want to save the result into.
This will save the result into the HTML or XML file.
Now try the command below which is a little more complex.
theharvester -d malc0de.org -l 500 -s 200 -b google -h
In the above command you can see 2 new arguments are given -s and -h from which the -s is used to specify the start in result number for scanning by default its 0 as you can see we have given 200 and the limit given is 500 then the gathering will start from the 200th result to 500th.
And the -h is used to query the discovered hosts while gathering information in SHODAN database.
theharvester -d microsoft.com -l 200 -b google -v
Here we have basic command but one argument is added and that is -v this argument verifies hostname via DNS resolution and searches for virtual hosts while scanning.
theharvester -d microsoft.com -l 200 -b google -n
Here the argument given is -n and it is used to perform a DNS reverse query on all ranges discovered while information gathering.
These are all important and basic required commands for this tool are discussed above if you want to know more I suggest you to explore yourself and keep experimenting with it that only can give you the perfect usage knowledge of any tool.
If you liked this tutorial(blog) comment and let us know and also give if any suggestions are there feel free to comment, also don’t forget to check our other blogs and subscribe us to get notified for our latest blogs and news. Donate us if you can at malc0de.org.
- No More Ransom: New Free Decryption Tools Available
- Commodity Ransomware Is Here
- RoT: Ransomware of Things
- Probably Everything You Need to Know About WannaCry Ransomware Organised Chronologically
- Intriguing Career Opportunities in Data Science for Freshers
- Top 10 Best Command Line Networking Utilities in Windows
- List of 7 Best Anti-Ransomware Tools to Protect You
- 7 Best Tips for Choosing the Best Data Backup Tools
- 4 Ways Big Businesses Can Protect Their Data
- Top 15 must-know CLI commands for every Linux user.