Bienvenidos al nuevo foro de hackplayers. En caso de encontrarse cualquier tipo de error, contacte con cualquier administrador por mensaje privado.
Recuerda que, para incrementar tu privacidad, tambien puedes acceder al foro usando el dominio forohpysho2t5mjs.onion de la red tor.

Using theHarvester to perform host Auditing

latest_releaselatest_release
en Auditoría web Vote Up0Vote Down

Let's face it, We all don't see our-self as the bad guys do see us or our interaction from the internet. Each day on the dark-web there are hundreds of thousands of email leaks, those leaks may include your own from your favorite site. There are sites out there dedicated to investigating leaks and warning users for possible changes.

Some of those site include;

Besides those site that help you to check for external threats there are Audit tools dedicated to auditing a sites external threats one of those tools include 

  • thHarvester

the Harvester is a very simple, yet effective tool designed to be used in the early stages of a penetration test. Use it for open source intelligence gathering and helping to determine a company's external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs,  Portscan and URLs using multiple public data sources.

Setting up theharvester for auditing

Please note that this tool requires python3.7 +

sudo apt-get install python3-pip 
sudo pip3 install virtualenv
# # Create virtualenv 
virtualenv venv
# Or create a python version specific virtualenv
virtualenv -p python3 myenv
# Then install the harvester from pip3
pip3 install theHarvester
Auditing a site for information
$ theHarvester -d nmmapper.com -b google
[*] Target: nmmapper.com
[*] Google Searching. 
Searching 0 results. 
Searching 100 results. 
Searching 200 results. 
Searching 300 results. 
Searching 400 results. 
Searching 500 results.
[*] No IPs found.
[*] No emails found.
[*] Hosts found: 2 
--------------------- 
ww.nmmapper.com: 
www.nmmapper.com:104.24.102.134, 104.24.103.134

You will notice the following options;

$ -d # this options is a domain option

$ -b # this options is for search source

This tool has over 20+ public sources for searching host information or target information from the internet. Some of this sources require for more effective results.

This tool is very easy to use.

the Harvester will get the following information

  • subdomains

  • emails

  • List of IP Addressees associated with the host

  • People through social networks.

References

https: //www.nmmapper.com/kalitools/theharvester/email-harvester-tool/o ...

https://github.com/laramies/theHarvester 


Etiquetado:
Accede o Regístrate para comentar.