Collecting all e-mail addresses belonging to a specific domain with The Harvester tool.

      Comments Off on Collecting all e-mail addresses belonging to a specific domain with The Harvester tool.

Today I was asked to review a Python code, and despite I don’t know Python at all (I’m not coder, nor developer) I understood it was an exploit to extract specific information from a database.
For curiosity I asked about his target and he said he just needs to collect information for journalism purposes, e-mails, phone numbers, etc.
I remembered TheHarvester, a tool included in Kali Linux to easily search or collect information. I used TheHarvester to get e-mail addresses of high rank officers from companies classified as potential customers, It is useful for example to contact companies’ CEO or executive employees and more.

Step 1: Download TheHarvester here

Step 2: Run ./theharvester.py (I just run “theharvester” from a Kali installation)

The first screen is a man page with some tips or instruction as shown in the following image:

Now imagine we want to see the e-mails belonging to the elpais.es newspaper’s domain.

Run:
theharvester -d elpais.es -l 1000 -b google

(if you aren’t on Kali you may replace “theharvester” command with “./theharvester.py”)

Here we tell TheHarvester to:

  • -d: Search for e-mail addresses under elpais.es domain.
  • -l:  List a maximum of 1000 results (-l)
  • -b: Use Google as search engine (-b)

how to use theharvester

And we get the following result (intentionally published):

[+] Emails found:
——————
suscripciones@elpais.es
dverdu@elpais.es
airibar@elpais.es
PFLis@elpais.es
Catalunya@elpais.es
participacion@elpais.es
bilbao@elpais.es
opinion@elpais.es
aponte@elpais.es
cartasdirector@elpais.es
estefaniaa@elpais.es
pguimon@elpais.es
defensora@elpais.es
cblanco@elpais.es
redacciondigital@elpais.es
nacional@elpais.es
asanchezl@formacion.elpais.es
jmartif@elpais.es

Now lets see if we can get additional results by including other search engine like bing.
Run:
theharvester -d elpais.es -l 1000 -b bing

how to collect emails theharvester

As we can see this time we get more results

[+] Emails found:

——————
elpaismas@elpais.es
formacion@elpais.es
CartasDirector@elpais.es
suscripciones@elpais.es
nimileuristas@elpais.es
investigacion@elpais.es
defensora@elpais.es
atalunya@elpais.es
galtaresl@elpais.es
participacion@elpais.es
elroto.gmail@elpais.es
chiqui@elpais.es
problemamatematicas@elpais.es
Investigacion@elpais.es
Cartasdirector@elpais.es
opinion@elpais.es
redacciondigital@elpais.es
,participacion@elpais.es
s.es,marketing@elpais.es
,economia@elpais.es
englishedition@elpais.es
andalucia@elpais.es
defensor@elpais.es
jdquesada@elpais.es
mrsahuquillo@elpais.es
mnaim@elpais.es
MDGalan@elpais.es
cartasdirector@elpais.es
participa@elpais.es
seleccion@elpais.es
aniversario@elpais.es
pguimon@elpais.es
varbaizar@elpais.es
ajedrez@elpais.es
aguenagab@elpais.es
elpaissemanal@elpais.es
marketing@elpais.es
malenruiz@elpais.es
.@elpais_es
lbassets@elpais.es
jgalvez@elpais.es
Andalucia@elpais.es
Bilbao@elpais.es
Catalunya@elpais.es
Galicia@elpais.es
Valencia@elpais.es
escuela@elpais.es
tondarra@elpais.es
amissef@elpais.es
internacional@elpais.es
jahrens@elpais.es
prodriguez@elpais.es
digital@elpais.es
publicidad@elpais.es
…..webmaster@elpais.es
n@elpais.es
cgarciag@elpais.es
auroram@elpais.es
ivega@elpais.es
webmaster@elpais.es
cerbatanamillas@elpais.es
pbonet@elpais.es
ndigital@elpais.es
eps@elpais.es
consultorio.negocios@elpais.es
jmartif@elpais.es
solg@elpais.es
ellasganan@elpais.es
xvidalfb@elpais.es
ivallespin@clb.elpais.es
television@elpais.es
aortega@elpais.es

[+] Hosts found in search engines:
————————————
[-] Resolving hostnames IPs…

94.230.90.97:www.elpais.es
94.230.90.97:www.escuela.elpais.es
___________________________________________________________________________

In this way we can find all the e-mails with elpais.es domain found by google, bing or other search engines or social networks like Linkedin.

 

 

 

 

Facebook Comments