forked from laramies/theHarvester
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
101 lines (70 loc) · 3.2 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
*******************************************************************
* *
* | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
* | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
* \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
* *
* TheHarvester Ver. 2.6 *
* Coded by Christian Martorella *
* Edge-Security Research *
*******************************************************************
What is this?
-------------
theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual
hosts, open ports/ banners, and employee names from different public sources
(search engines, pgp key servers).
Is a really simple tool, but very effective for the early stages of a penetration
test or just to know the visibility of your company in the Internet.
The sources are:
Passive:
--------
-google: google search engine - www.google.com
-googleCSE: google custom search engine
-google-profiles: google search engine, specific search for Google profiles
-bing: microsoft search engine - www.bing.com
-bingapi: microsoft search engine, through the API (you need to add your Key in
the discovery/bingsearch.py file)
-pgp: pgp key server - pgp.rediris.es
-linkedin: google search engine, specific search for Linkedin users
-vhost: Bing virtual hosts search
-twitter: twitter accounts related to an specific domain (uses google search)
-googleplus: users that works in target company (uses google search)
-yahoo: Yahoo search engine
-baidu: Baidu search engine
-shodan: Shodan Computer search engine, will search for ports and banner of the
discovered hosts (http://www.shodanhq.com/)
Active:
-------
-DNS brute force: this plugin will run a dictionary brute force enumeration
-DNS reverse lookup: reverse lookup of ip´s discovered in order to find hostnames
-DNS TDL expansion: TLD dictionary brute force enumeration
Modules that need API keys to work:
----------------------------------
-googleCSE: You need to create a Google Custom Search engine(CSE), and add your
Google API key and CSE ID in the plugin (discovery/googleCSE.py)
-shodan: You need to provide your API key in discovery/shodansearch.py
Dependencies:
------------
-Requests library (http://docs.python-requests.org/en/latest/)
`pip install requests`
Changelog in 2.6:
------------------
-Added Yahoo and Baidu search engines. Thanks to Tatanus
-Added check for the existence of Requests library.
-Fixed email regex to provide cleaner results. Thanks to Peter McAlpine
Changelog in 2.5:
-----------------
-Replaced httplib by Requests http library (for Google related)
-Fixed Google searches
Comments? Bugs? Requests?
------------------------
Updates:
--------
https://github.com/laramies/theHarvester
Thanks:
-------
John Matherly - SHODAN project
Lee Baird for suggestions and bugs reporting