Information Gathering using theHarvester
Information gathering is often the first
step of any penetration test. theHarvester is a very powerful
OSINT (Open-Source Intelligence Tool) for finding
information on a target URL. It searches multiple sites for information about
the target URL and displays all the information it finds. It is particularly
useful for finding names of people and their email addresses as well as
subdomains of the target site.
First of all we will installing python3-pip, virtualenv.
sudo apt-get install python3-pip
sudo pip3 install virtualenv
virtualenv
venv
Then clone the git repo and change the directory:
git clone https://github.com/laramies/theHarvester.git
cd
theHarvester
Now, install the requirements
pip3 install -r requirements.txt
Close this terminal and open a new one. Now, we are ready to use
“theHarvester.py” in “kali” user’s home directory. Type:
cd /home/kali/theHarvester/
./theHarvester.py -v
Now we want to gather information about our target, we can specify the
following:
./theHarvester.py -d hackaday.com \ -l 300 -b all
The “-b all” tag will search all search engines available to
theHarvester for information regarding hackaday.com. As you can see, it is an
extremely useful tool for discovering email addresses, names of people
associated with the target, sub-domain names and IP addresses.
If we wanted to display this information in an easier to read format, we could add the -f tag at the end:
./theHarvester.py -d hackaday.com -l 300 -b all -f hackaday.com.results
This will save the information gathered in a HTML
file called hackaday.com.results.html” When this file is opened, it
provides the information gathered in a layout which is much easier to read.
Disclaimer
All tutorials are for informational and educational
purposes only and have been made using our own routers, servers, websites and
other vulnerable free resources. we do not contain any illegal activity. We
believe that ethical hacking, information security and cyber security should
be familiar subjects to anyone using digital information and computers.
Hacking Truth is against misuse of the information and we strongly suggest
against it. Please regard the word hacking as ethical hacking or penetration
testing every time this word is used. We do not promote, encourage, support or
excite any illegal activity or hacking.