The Harvester - Gather Employee names and E-mail address of any Organisation. [ Installation & Usage ]

The Harvester

     theHarvester is a very simple, yet effective tool designed to be used in the early stages of a penetration test. Use it for open source intelligence gathering and helping to determine a company's external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs, and URLs using multiple public data sources that include:

Passive

• baidu: Baidu search engine 

• bing: Microsoft search engine - www.bing.com 

• bingapi: Microsoft search engine, through the API (Requires API key, see below.) 

• censys: Censys.io search engine 

• crtsh: Comodo Certificate search - www.crt.sh 

• cymon: Cymon.io search engine 

• dogpile: Dogpile search engine - www.dogpile.com 

• duckduckgo: DuckDuckGo search engine - www.duckduckgo.com 

• google: Google search engine (Optional Google dorking.) - www.google.com 

• googleCSE: Google custom search engine google-certificates: Google Certificate Transparency report hunter: Hunter search engine (Requires API key, see below.) - www.hunter.io 

• intelx: Intelx search engine (Requires API key, see below.) - www.intelx.io

• linkedin: Google search engine, specific search for Linkedin users 

• netcraft: Netcraft Data Mining 

• securityTrails: Security Trails search engine, the world's largest repository of historical DNS data (Requires API key, see below.) - www.securitytrails.com 

• shodan: Shodan search engine, will search for ports and banners from discovered hosts - www.shodanhq.com

•  threatcrowd: Open source threat intelligence - www.threatcrowd.org 

• trello: Search trello boards (Uses Google search.) 

• twitter: Twitter accounts related to a specific domain (Uses Google search.) 

• vhost: Bing virtual hosts search

•  virustotal: Virustotal.com domain search

•  yahoo: Yahoo search engine all: currently a subset of all the most effective plugins

Active

• DNS brute force: dictionary brute force enumeration 

• DNS reverse lookup: reverse lookup of IP´s discovered in order to find hostnames

• DNS TDL expansion: TLD dictionary brute force enumeration

Installation

• Download the tool from https://github.com/laramies/theHarvester

• Or use this git command to clone the package to local directory 

                   #git clone https://github.com/laramies/theHarvester.git

• Goto the theHarvester directory/folder.

• Now able to see the tool theharvester.py, which is written in python 3.6.

• And again run the below commands to install required packages.

                   #python3 -m pip install -r requirements.txt

How to Use ?

Searching emails accounts for the domain microsoft.com, it will work with the first 500 google results:

 #./theharvester.py -d microsoft.com -l 500 -b google 

Searching emails accounts for the domain microsoft.com in a PGP server, here it’s not necessary to specify the limit.

#./theharvester.py -d microsoft.com -b pgp 

Searching for user names that works in the company microsoft, we use google as search engine, so we need to specify the limit of results we want to use:

 #./theharvester.py -d microsoft.com -l 200 -b linkedin 

Searching in all sources at the same time, with a limit of 200 results:

# ./theHarvester.py -d microsoft.com -l 200 -b all

Hello Reader ! commend any other tools you know similarly.