theHarvester is a Kali Linux command line tool that combines various search engines, websites or public sources to find email accounts, subdomain names, employee names working in a particular organization, open ports etc. In the latest versions, DNS brute force, Top-Level Domain (TLD) expansion, reverse IP resolution is also possible.
Installation
1. Go to Google and type theHarvester. Click on the result which takes you to the respective GitHub repository.
2. After opening the repository, go to Code and copy the repository link.
3. Open Terminal in Kali Linux and type git clone and paste the copied repository link https://github.com/laramies/theHarvester.git.
4. Go to theHarvester directory by typing cd theHarvester.
5. Install the requirements.txt file if it's not pre-installed using the command pip install -r requirements.txt.
6. Once the installation is done, start the tool using the command python3 theHarvester.py.
You can type python3 theHarvester.py --help to have a look at the various commands that can be used as part of this tool.
Let's have a walkthrough for some of the commands under theHarvester and the results produced by them.
In the the above statement :
-d : is used to specify the domain name or organization name to be searched. One may look for employee details, hosts, DNS lookups etc. In the above example, the domain is microsoft.com.
-b : is used to specify any source from where one may find the required details. A source may be a search engine, social media platform or any other platform. Ex - Twitter, Linkedin, Yahoo, Google, Bing etc.
The above command looks for LinkedIn users who are also Microsoft employees.
-l : This flag is used to limit the number of searches that the tool gives. By default, theHarvester does 500 searches.
The above image contains some, out of the 393 LinkedIn users among the 500 searches that were done as part of the command mentioned above. We have names of various employees and their job roles. This may not always be the case. It is possible that sometimes, your search may be blocked and you might not receive any results.
In the above image, for the same command that we had discussed above, the search request is now being blocked by Google and has been reverted back to us, hence no results.
In the above example, we got hold of employee names and their roles in a particular organization. theHarvester is not just limited to that. We can also look for email ids and hosts under a particular domain name.
theHarvester is hence, a simple to use yet handy tool, enabling anybody to understand the scope of an organization and some other aspects related to it. All features of theHarvester discussed above are just part of the tasting. As you use the tool more, it would be a feast to your curious minds.
0 Comments