Information Gathering using theHarvester

Information Gathering using theHarvester 

Information gathering is often the first step of any penetration test. theHarvester is a very powerful OSINT (Open-Source Intelligence Tool) for finding information on a target URL. It searches multiple sites for information about the target URL and displays all the information it finds. It is particularly useful for finding names of people and their email addresses as well as subdomains of the target site.

First of all we will installing  python3-pip, virtualenv.

sudo apt-get install python3-pip
sudo pip3 install virtualenv
virtualenv venv

Then clone the git repo and change the directory:


git clone https://github.com/laramies/theHarvester.git
cd theHarvester

Now, install the requirements 

pip3 install -r requirements.txt

Close this terminal and open a new one. Now, we are ready to use “theHarvester.py” in “kali” user’s home directory. Type:

cd /home/kali/theHarvester/
./theHarvester.py -v

 Now we want to gather information about our target, we can specify the following:

./theHarvester.py -d hackaday.com \ -l 300 -b all


The “-b all” tag will search all search engines available to theHarvester for information regarding hackaday.com. As you can see, it is an extremely useful tool for discovering email addresses, names of people associated with the target, sub-domain names and IP addresses.

 If we wanted to display this information in an easier to read format, we could add the -f tag at the end:

./theHarvester.py -d hackaday.com -l 300 -b all -f hackaday.com.results

 

This will save the information gathered in a HTML file called hackaday.com.results.html” When this file is opened, it provides the information gathered in a layout which is much easier to read.

Disclaimer

 

All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.