theHarvester

What is this?
————-

theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, PGP key servers). Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company on the Internet.

The sources are:

Passive:
——–
-google: google search engine – www.google.com

-googleCSE: google custom search engine

-google-profiles: google search engine, specific search for Google profiles

-bing: microsoft search engine – www.bing.com

-bingapi: microsoft search engine, through the API (you need to add your Key in
the discovery/bingsearch.py file)

-dogpile: Dogpile search engine – www.dogpile.com

-pgp: pgp key server – mit.edu

-linkedin: google search engine, specific search for Linkedin users

-vhost: Bing virtual hosts search

-twitter: twitter accounts related to an specific domain (uses google search)

-googleplus: users that work in target company (uses google search)

-yahoo: Yahoo search engine

-baidu: Baidu search engine

-shodan: Shodan Computer search engine, will search for ports and banner of the
discovered hosts (http://www.shodanhq.com/)

Active:
——-
-DNS brute force: this plugin will run a dictionary brute force enumeration
-DNS reverse lookup: reverse lookup of ip´s discovered in order to find hostnames
-DNS TDL expansion: TLD dictionary brute force enumeration

Modules that need API keys to work:
———————————-
-googleCSE: You need to create a Google Custom Search engine(CSE), and add your Google API key and CSE ID in the plugin (discovery/googleCSE.py)
-shodan: You need to provide your API key in discovery/shodansearch.py

Changelog v4.0.3

Installation

pip install requests
git clone https://github.com/laramies/theHarvester.git

Usage

Copyright 2011 Christian Martorella

Source: https://github.com/laramies/