Module 1: BSWJ: theHarvester
Why use TheHarvester?
Welcome to Breaking Stuff with Joe, where we explain some of the most useful cybersecurity tools for use in Kali Linux. In this section, we will be reviewing a reconnaissance and information-gathering tool known as “theharvester”. This program is used by hackers and cybersecurity professionals alike to gather crucial points of information on targets. This includes names of organizational members, email addresses, web host, domain names, and even open ports. As per usual, a disclaimer: We do not advocate any illegal activity, any reconnaissance should be carried out in a controlled environment with express permission of the target. You can learn more on this topic and countless others by creating an account on Cybrary, simply click the link at the top of this page.
Where does TheHarvester come from?
This tool was developed by the programmer Christian Martorella. The information-gathering program was created for Edge-Security, a cybersecurity company with a proven track record of advanced hacking tools. Edge-Security is also responsible for cybersecurity tools such as Metagoofil and WFuzz. The program was developed using the Python language, which is a popular language for hackers and software plugins.
How can we use TheHarvester?
Using TheHarvester is a relatively simple and straightforward process. In order to make the most of the program, we have to understand the program’s options, or “flags”, used in each execution. This is a terminal-based program, so understanding its flags is crucial to its operation. Additionally, in order to properly use these flags, we must understand the types of data that penetration testers are looking for.
Reconaissance takes place at the beginning of a penetration testing operation. This stage involves gathering as much useful information as possible for penetrating the target’s network and devices. Email addresses, domain names, server addresses, organizational member names, open ports, and user names are all targeted points of information. Using this data, we can build specialized spearphishing emails, gain network access through unsecured ports, and find login menus for brute-forcing and password cracking.
The most crucial flags in theharvester are as follows:
-d : this indicates the targeted organization name or domain name -b: this indicates the data source for collecting data (google, yahoo, all, etc.) -l: this limits the number of search results to gather data from -f: this creates a file to store and review the results of the search
You can review these flags and further commands by entering the program into the terminal without any flags, for example:
Be wary that certain searches may trigger a response from the targeted organization, especially if they are a large organization with security teams that monitor possible reconnaissance activity.
In order to understand how the program operates, let’s take a look at an example: Say we want to research an organization that uses “searchtargetdomain.com” as their website’s domain name. We want to use Google to find our results, and we only want to use the first 1000 results of the search. Our console command would look like this:
theharvester –d searchtargetdomain.com –l 1000 –b
Following this command, theharvester will collect all email accounts and subdomain names contained in the first 1000 Google results for searchtargetdomain.com. If you add a –f flag such as “-f results.html” to the end of the command, a new file named “results.html” will be created containing the terminal output.
Teaching Assistant George Mcpherson and Vikramajeet Khatri
(Disclaimer: Breaking Stuff with Joe is a Cybrary series that will be running indefinitely. You will not earn CEU/CPE hours by watching any individual 'Breaking Stuff with Joe' episode. However, you can still earn a certificate of completion for each episode completed.)