Home Verhalen Uitleg Archief

Information, meet your harvester!

Gathering intelligence is most of the time a very time consuming jobs. But having the right information is also very important and it can save you a lot of time later on the job and time is money! Most hackers don’t have a deadline to watch. If you hire a pentester, he/she has to get the job done following a time schedule. To make a start gathering information, you can use theHarvester.

What does it do?

theHarvester get its information by searching on the internet for e-mail addresses, URL’s IP’s and do different lookups.

Sources theHarvester use are:

  • google
  • googleCSE
  • bing
  • bingapi
  • pgp
  • linkedin
  • google-profiles
  • jigsaw
  • twitter
  • googleplus

Install theHarvester

theHarvester is a program made in python. Installing it from Github is easy. Go to the directory you want and run:

git clone https://github.com/laramies/theHarvester.git

The results:

Cloning into 'theHarvester'...
remote: Counting objects: 232, done.
remote: Total 232 (delta 0), reused 0 (delta 0), pack-reused 232
Receiving objects: 100% (232/232), 103.11 KiB | 0 bytes/s, done.
Resolving deltas: 100% (122/122), done.
Checking connectivity... done.

Of course you need to have git. Witch I have installed on my Debian 8 machine with:

apt install git

Now do a test run:

cd theHarvester/
python ./theHarvester.py

*******************************************************************
*                                                                 *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __| '_ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* TheHarvester Ver. 2.7                                           *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* cmartorella@edge-security.com                                   *
*******************************************************************

Usage: theharvester options 

       -d: Domain to search or company name
       -b: data source: google, googleCSE, bing, bingapi, pgp, linkedin,
                        google-profiles, jigsaw, twitter, googleplus, all

       -s: Start in result number X (default: 0)
       -v: Verify host name via dns resolution and search for virtual hosts
       -f: Save the results into an HTML and XML file (both)
       -n: Perform a DNS reverse query on all ranges discovered
       -c: Perform a DNS brute force for the domain name
       -t: Perform a DNS TLD expansion discovery
       -e: Use this DNS server
       -l: Limit the number of results to work with(bing goes from 50 to 50 results,
            google 100 to 100, and pgp doesn't use this option)
       -h: use SHODAN database to query discovered hosts

Examples:
        theHarvester.py -d microsoft.com -l 500 -b google -h myresults.html
        theHarvester.py -d microsoft.com -b pgp
        theHarvester.py -d microsoft -l 200 -b linkedin
        theHarvester.py -d apple.com -b googleCSE -l 500 -s 300

Get some information

Now it is time to get some information! I can do a run on my own domain, but I think it will not find very much. Just do it for the example.

python ./theHarvester.py -b all -d binaryfigments.com

*******************************************************************
*                                                                 *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __| '_ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* TheHarvester Ver. 2.7                                           *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* cmartorella@edge-security.com                                   *
*******************************************************************

Full harvest..
[-] Searching in Google..
	Searching 0 results...
	Searching 100 results...
[-] Searching in PGP Key server..
[-] Searching in Bing..
	Searching 50 results...
	Searching 100 results...
[-] Searching in Exalead..
	Searching 50 results...
	Searching 100 results...
	Searching 150 results...


[+] Emails found:
------------------
No emails found

[+] Hosts found in search engines:
------------------------------------
[-] Resolving hostnames IPs... 
213.249.93.130:www.binaryfigments.com
[+] Virtual hosts:
==================
213.249.93.130	xpired.nl
213.249.93.130	binaryfigments.com

And now with a real company, what is a bit more interesting.

python ./theHarvester.py -b all -d bergenopzoom.nl

*******************************************************************
*                                                                 *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __| '_ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* TheHarvester Ver. 2.7                                           *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* cmartorella@edge-security.com                                   *
*******************************************************************

Full harvest..
[-] Searching in Google..
	Searching 0 results...
	Searching 100 results...
[-] Searching in PGP Key server..
[-] Searching in Bing..
	Searching 50 results...
	Searching 100 results...
[-] Searching in Exalead..
	Searching 50 results...
	Searching 100 results...
	Searching 150 results...

[+] Emails found:
------------------
D.Matthijssen@bergenopzoom.nl
E-mailadresM.D.SchepersMoerbeek@bergenopzoom.nl
E-mailadresj.groenendal@bergenopzoom.nl
H.A.Krouwel@bergenopzoom.nl
I.vanBlaricum@bergenopzoom.nl
J.C.M.A.Havermans@bergenopzoom.nl
M.D.SchepersMoerbeek@bergenopzoom.nl
S.Vincken@bergenopzoom.nl
Stadsmakelaar@bergenopzoom.nl
V.oldenburg@bergenopzoom.nl
W.M.M.Vansteelandt@bergenopzoom.nl
a.buijs@bergenopzoom.nl
backofficewmo@bergenopzoom.nl
binnenstadslab@bergenopzoom.nl
blikjesenflesjes@bergenopzoom.nl
c.j.l.meijer@bergenopzoom.nl
ckb@bergenopzoom.nl
communicatie@bergenopzoom.nl
coppens@bergenopzoom.nl
dansen@genie-bergenopzoom.nl
demaagd@bergenopzoom.nl
directiedemaagd@bergenopzoom.nl
e.demilliano@bergenopzoom.nl
f.m.m.vanbroekhoven@bergenopzoom.nl
info@indiaasrestaurant-bergenopzoom.nl
info@ivb-bergenopzoom.nl
info@logopedie-bergenopzoom.nl
info@parket-laminaat-bergenopzoom.nl
info@rioolservice-bergenopzoom.nl
info@vvebeheer-bergenopzoom.nl
info@wasstraat-bergenopzoom.nl
j.w.m.vanleengoed@bergenopzoom.nl
kassademaagd@bergenopzoom.nl
kidm@bergenopzoom.nl
lidworden@vvd-bergenopzoom.nl
m.j.c.m.arts@bergenopzoom.nl
maartenvelthoen@vvd-bergenopzoom.nl
markiezenhof@bergenopzoom.nl
reimerswaal.nl,l.frankenleenaars@bergenopzoom.nl
rombouts@bergenopzoom.nl
secretariaat@genie-bergenopzoom.nl
servicelijn@bergenopzoom.nl
stadskantoor@bergenopzoom.nl
stadsmakelaar@bergenopzoom.nl
teaminkoop@bergenopzoom.nl
techniekdemaagd@bergenopzoom.nl
vanderWeegen@bergenopzoom.nl
veiligheid@bergenopzoom.nl
vermunt@bergenopzoom.nl
w.r.tiemessen@bergenopzoom.nl
weddingassistent@bergenopzoom.nl

[+] Hosts found in search engines:
------------------------------------
[-] Resolving hostnames IPs... 
217.166.63.254:Barracuda.bergenopzoom.nl
194.33.113.194:www.bergenopzoom.nl
[+] Virtual hosts:
==================
194.33.113.194	www.bergenopzoom
194.33.113.194	www.ondernemeninbergenopzoom
194.33.113.194	www.bergenopzoom.nl
194.33.113.194	www.ondernemeninbergenopzoom.nl

Conclusion

Tools like theHarvester are great for finding information on the web. Only most of these tools aren’t updated very often. That can be a drawback becouse the sources where it is looking in are changing reguraly. It’s a good thing these tools are open source, so you can help with the project if you want.

Gerelateerd

2016-08-31 5 minuten leestijd Sebastian information security intelligence information security intelligence