Finding emails with theharvester
Theharvester is a very simple, handy Linux based command line tool that helps you locate domain related email addresses in various data bases or data sources: google, googleCSE, bing, bingapi, pgp, linkedin,google-profiles, jigsaw, twitter, googleplus.
It is one of those tools we use for information gathering during a penetration test engagement but because of its simplicity and useful information anyone can take advantage of it, be it that you’re researching a potential employer, looking for more information for a sale lead, or doing information gathering theharverster will help you find useful information in a short period of time.
Let’s go over and break down the following example:
theharvester –d microsoft.com –b pgp >ms.txt
theharvester: this is the command, just fyi it’s case sensitivity so make sure you type it in lower case.
-d: tells the command the specific domain for the query.
-b: tells the command what data source to use, you can list one data sources mentioned before or you can use “all” to query all data sources.
>: redirects the output to a file name, in this case i'm saving the output to a file but you can just display the output to the screen by not specifying the re director.
You can add other options to the command to further customize its output, you can limit the number of results by using –l or you can use –e to specify a DNS server.
As you can see the information is straight forward and to the point, however you may have the result larger than expected. You can limit the output of the command by using the grep command, for instance you can only the emails that start with the letter “j” by using:
theharvester –d microsoft.com –b pgp |grep ^j
There’s more customization that can be made with the command but I’m sure by now you get the point.
Network Services | WiFi Solutions | Cyber Security