Quickly gathering logins/emails with theHarvester and Metasploit
2010-08-30 09:35
316 查看
Like GI Joe always said: Knowing is half the battle… And so it is the same with hacking.One of the first parts of recon in a pentest is gathering valid login names and emails. We can use these to profile our target, bruteforce authentication systems, send client-side attacks (through phishing), look through social networks for juicy info on platforms and technologies, etc.Where do we get this info? Well without doing a full-blown Open Source Recon (OSINT) style assessment, we can use two simple scripts; Metasploit's search_email_collector.rb and Edge-Security's theHarvester.theHarvester (luckily for us) just updated to v1.5 and has now fixed some of its previous bugs with searching Bing and LinkedIn. It supports searching Google, Bing, PGP servers, and LinkedIn. Metasploit, under modules/auxiliary/gather, has search_email_collector.rb and uses similar techniques for Google, Bing, and Yahoo.A quick usage below identifies some users p.s. you can one line search_email_collector like so in msfcli:ruby /framework3/msfcli auxiliary/gather/search_email_collector DOMAIN=your_target_domain OUTFILE=output_file_you_want_results_in ECheck the last line for an example wrapper for these two tools.
zombie@haktop:/tools/email/theHarvester# ./theHarvester.py -d defcon.com -b google -l 500
*************************************
*TheHarvester Ver. 1.5 *
*Coded by Christian Martorella *
*Edge-Security Research *
*cmartorella@edge-security.com *
*************************************
Searching for defcon.com in google :
======================================
Total results: 462000
Limit: 500
Searching results: 0
Searching results: 100
Searching results: 200
Searching results: 300
Searching results: 400
Accounts found:
====================
quietpro@defcon.com
nick.s@defcon.com
robert@defcon.com
lynne@defcon.com
@defcon.com
joe@defcon.com
info@defcon.com
dtangent@defcon.com
====================And search_email_collector.rb usage here:
Running MSF search_email_collector...
[*] Please wait while we load the module tree...[*] Harvesting emails .....[*] Searching Google for email addresses from defcon.com[*] Extracting emails from Google search results...[*] Searching Bing email addresses from defcon.com[*] Extracting emails from Bing search results...[*] Searching Yahoo for email addresses from defcon.com[*] Extracting emails from Yahoo search results...[*] Located 7 email addresses for defcon.com[*] headsets@defcon.com[*] info@defcon.com[*] jobs@defcon.com[*] nick.s@defcon.com[*] nick@defcon.com[*] robert@defcon.com[*] spr@defcon.comWe can wrap both these with a quick (albeit dirty) bash script (this example uses Backtrack paths):
#!/bin/bashecho "Running MSF search_email_collector..."echoruby /pentest/exploits/framework3/msfcli auxiliary/gather/search_email_collector DOMAIN=$1 OUTFILE=$1_emails.txt Eechoecho "Running theHarvester on Google, BING, MSN, PGP..."echopython /pentest/enumeration/google/theharvester/theHarvester.py -d $1 -b google -l 500 >> $1_emails.txtpython /pentest/enumeration/google/theharvester/theHarvester.py -d $1 -b msn -l 500 >> $1_emails.txtpython /pentest/enumeration/google/theharvester/theHarvester.py -d $1 -b pgp >> $1_emails.txtcat $1_emails.txt | grep @ |grep -v @edge-security.com |sort > $1_emails.txtechoecho "Searching for LinkedIN profiles with theHarverster..."python /pentest/enumeration/google/theharvester/theHarvester.py -d $1 -b linkedin -l 40 >> $1_emails.txtechoecho "Finishing... E-mail Results:"echocat $1_emails.txt
相关文章推荐
- Designing Web Services with the J2EE(TM) 1.4 Platform: JAX-RPC, SOAP, and XML Technologies
- The Microsoft Data Warehouse Toolkit: With SQL Server 2005 and the Microsoft Business Intelligence T
- Understanding the Flex 4 Spark Component Architecture and how to Build Custom Components with the Flex 4 SDK
- The Study of Programming Windows with MFC--Imagelist and ComboBoxEx
- EventBusException: Subscriber class *** and its super classes have no public methods with the @Subsc
- [转]Fun with Locked Pages, AWE, Task Manager, and the Working Set…
- Umbraco(7)-The Navigation Menu And A Parent Page with Infinite Children
- Building Applications with Force.com and VisualForce (DEV401) (二) : Application Essentials:Designing Application on the Force.com Platform
- Swift Standard Library: Documented and undocumented built-in functions in the Swift standard library – the complete list with all 74 functions
- [React] Theme your application with styled-components and "ThemeProvider"
- "To use this device with Xcode, unlock the device and choose "Trust".
- libusb 的底層追蹤 (libusb thread support and the relation with kernel usbfs)
- SharePoint创建web application出现“The password supplied with the username was not correct. Verify that it was entered correctly and try again.”错误
- Scraping the Dynamic Web with PhantomJS: Using jQuery and Node: James Morrin: 9781449321864: Amazon.com: Books
- Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details
- Windows cannot find the local profile and is logging you on with a temporary profile
- After the clone, you can list the tags with git tag -l and then checkout a specific tag: git checkout tags/<tag_name>
- 【游学】Fortunately ,photographed with the COO of dolphin browser ,Mr.Wang,and the general mangager of Demo coffee Mr.Yan
- [Vue] Build Vue.js Apps with the Vue-CLI and Nuxt.js
- 微服务免费书籍:Evolve the Monolith to Microservices with Java and Node