Hello folks !!!
So I am back finally with some motivation to write my blogs.
So this time we will be looking into theHarvester one of the best tool for OSINT (Open source intelligence).
This tutorial will be focusing more on integrating available multiple services using like Bing, GitHub, Hunter, etc. with theHarvester using API keys. I wont be talking much about how to use the tool but would recommend looking onto help files to understand switches, if you are new to the tool.
This tutorial will be focusing more on integrating available multiple services using like Bing, GitHub, Hunter, etc. with theHarvester using API keys. I wont be talking much about how to use the tool but would recommend looking onto help files to understand switches, if you are new to the tool.
Note: The text highlighted is the command to be typed in Kali terminal.
In order to view help files type theHarvester --help in terminal
So coming back to integrating multiple services with theHarvester I have chosen to demonstrate hunter as an example.
So Signup for free and login into the Hunter website.
In order to view help files type theHarvester --help in terminal
So coming back to integrating multiple services with theHarvester I have chosen to demonstrate hunter as an example.
So Signup for free and login into the Hunter website.
Click on your name and select API option.
Copy the API key
Navigate to the following directory.
cd /usr/lib/python3/dist-packages/theHarvester/discovery/
This is the file where we will be adding our API key.
Copy the API key
Navigate to the following directory.
cd /usr/lib/python3/dist-packages/theHarvester/discovery/
This is the file where we will be adding our API key.
Open the file with some editor (here I use pico) to add our hunter API key to the file.
pico api-keys.yaml
Once done let's test and see the magic to fetch email addresses for the target company .
Voila. We see lot of email addresses popping up. This can further be used to carry out further attacks like spear phishing or maybe brute forcing (i.e. Password spraying) and many more.
If you want to look into the code to understand how things work out, you can try reading the code. pico <filename.py>
Note: By default the search results are stored into database. You can have a look into it by using tool called sqlitebrowser. sqlitebrowser stash.sqlite
Thank you for reading my article and I hope you enjoyed it.
Would really appreciate if you do drop your comments with your valuable feedback, suggestions or concerns.
Your comments will help me improve on my grey areas.
No comments:
Post a Comment
Thanks for reading the post! Please leave your feedback here :)