How to use theharvester on kali Linux
What is theharvester
This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.
The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.
theharvester gathers information from the following sources:
- Google :emails,hosts/subdomains.
- Google-profile : Employee names.
- Bing search emails, subdomains/hostnames, virtual hosts.
- Pgp servers: emails, hosts/subdomains.
- LinkedIn Employee names.
how to use theharvester
Open your terminal and type the following command.It displays all the options you can use with theharvester.
Search emails and hosts with theharvester
theharvester -d microsoft.com -l 500 -b google
-d: Domain to search.
-l : Limit the search for specified number
-b: Specify the search engine name.
Search information from all the search engine supported by theharvester.
This is cool feature we can extract maximum information from all the supported search engine in a single command. Full command looks like this:
theharvester -d facebook.com -l 500 -b all
You have to add all keyword at the end.
Save scan results into a xml file
You can save scan results into a file . You have to Complete command:
theharvester -d microsoft.com -l 500 -b google -f result.txt
-f is for specifying a file name where results will be stored.Once your scan is complete Check your home directory for xml file.