728x90
theHarvester를 이용하여 이메일 주소 찾기
공개적으로 활용가능한 정보를 가지고, 타겟 조직에 속한 구성원의 정보를 수집할 수 있다. 여기서 활용할 하베스터는 기본적으로 칼리 리눅스에 설치가 되어 있다. 만약 다른 리눅스/유닉스 배포판을 사용중이라면, https://github.com/laramies/theHarvester 에서 다운로드 할 수 있다.
먼저 도움말과 옵션을 살펴보자.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | root@kali:~# theharvester Usage: theharvester options -d: Domain to search or company name -b: data source: google, googleCSE, bing, bingapi, pgp, linkedin, google-profiles, jigsaw, twitter, googleplus, all -s: Start in result number X (default: 0) -v: Verify host name via dns resolution and search for virtual hosts -f: Save the results into an HTML and XML file (both) -n: Perform a DNS reverse query on all ranges discovered -c: Perform a DNS brute force for the domain name -t: Perform a DNS TLD expansion discovery -e: Use this DNS server -l: Limit the number of results to work with(bing goes from 50 to 50 results, google 100 to 100, and pgp doesnt use this option) -h: use SHODAN database to query discovered hosts Examples: theharvester -d microsoft.com -l 500 -b google -h myresults.html theharvester -d microsoft.com -b pgp theharvester -d microsoft -l 200 -b linkedin theharvester -d apple.com -b googleCSE -l 500 -s 300 | cs |
다음과 같이 구글 검색엔진을 통해서 google.com 으로부터 이메일 주소를 찾을 수 있다.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | root@kali:~# theharvester -d google.com -l 500 -b google [-] Searching in Google: Searching 0 results... Searching 100 results... Searching 200 results... Searching 300 results... Searching 400 results... Searching 500 results... [+] Emails found: ------------------ kuth@google.com clam@google.com [+] Hosts found in search engines: ------------------------------------ [-] Resolving hostnames IPs... 216.58.197.174:253Dandroid.clients.google.com 216.58.197.205:accounts.google.com 172.217.25.238:android.clients.google.com 216.58.197.206:assistant.google.com 172.217.26.46:calendar.google.com 216.58.197.206:chrome.google.com 172.217.25.238:code.google.com 216.58.197.206:developers.google.com 216.58.197.174:docs.google.com 216.58.197.174:drive.google.com 172.217.25.238:encrypted.google.com 172.217.25.238:feedproxy.google.com 172.217.25.78:finance.google.com 216.58.200.174:images.google.com 172.217.25.229:mail.google.com 172.217.25.238:maps.google.com 216.239.32.10:ns1.google.com 216.239.34.10:ns2.google.com 216.239.38.10:ns4.google.com 216.58.200.174:photos.google.com 216.58.197.206:play.google.com 216.58.197.206:plus.google.com 216.58.197.164:scholar.google.com 172.217.26.46:sites.google.com 172.217.25.78:support.google.com 172.217.25.238:tools.google.com 172.217.26.46:translate.google.com 108.177.97.99:www.google.com | cs |
-d 는 찾고자 하는 도메인, 그리고 -l 을 통해서 출력할 결과의 갯수를, -b 를 통해 데이터 소스를 지정한다. 만약 파일로 결과를 저장하기 위해서 -f 플래그를 사용한다.
theHarvester 항상 이메일 주소를 반환하지는 않는다. 만약 링크드인을 데이터 소스로 지정하면 다음과 같이 사용자 리스트를 얻을 수 있다.
1 2 3 4 5 6 7 8 9 10 | root@kali:~# theharvester -d google.com -l 500 -b linkedin [-] Searching in Linkedin.. Searching 100 results.. Searching 200 results.. Searching 300 results.. Searching 400 results.. Searching 500 results.. Users from Linkedin: ==================== Mickey Kim | cs |
다음과 같이 모든 데이터 소스를 통해서 검색도 가능하다. 이메일 뿐만 아니라, 호스트, 가상 호스트 등도 찾아낼 수 있다.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 | root@kali:~# theharvester -d google.com -l 500 -b all Full harvest.. [-] Searching in Google.. Searching 0 results... Searching 100 results... Searching 200 results... Searching 300 results... Searching 400 results... Searching 500 results... [-] Searching in PGP Key server.. [-] Searching in Bing.. Searching 50 results... Searching 100 results... Searching 150 results... Searching 200 results... Searching 250 results... Searching 300 results... Searching 350 results... Searching 400 results... Searching 450 results... Searching 500 results... [-] Searching in Exalead.. Searching 50 results... Searching 100 results... Searching 150 results... Searching 200 results... Searching 250 results... Searching 300 results... Searching 350 results... Searching 400 results... Searching 450 results... Searching 500 results... Searching 550 results... [+] Emails found: ------------------ '@google.com 'noreply+feedproxy@google.com huangml@google.com kuth@google.com noreply+feedproxy@google.com pixel-1508568744680174-web-@google.com pixel-1508568749383756-web-@google.com tm-enf@google.com [+] Hosts found in search engines: ------------------------------------ [-] Resolving hostnames IPs... 172.217.26.46:253Dandroid.clients.google.com 172.217.25.109:accounts.google.com 108.177.97.113:adwords.google.com 216.58.200.174:analytics.google.com 216.58.200.174:android.clients.google.com 172.217.25.78:assistant.google.com 172.217.26.46:calendar.google.com 216.58.197.206:cast.google.com 216.58.197.174:chrome.google.com 172.217.25.78:clients5.google.com 216.58.197.206:code.google.com 172.217.26.46:developers.google.com 172.217.26.46:docs.google.com 216.58.200.174:drive.google.com 172.217.25.78:encrypted.google.com 172.217.25.238:feedproxy.google.com 172.217.26.46:finance.google.com 216.58.197.174:get.google.com 108.177.97.139:groups.google.com 172.217.26.46:hangouts.google.com 172.217.25.238:images.google.com 172.217.26.46:madeby.google.com 216.58.200.165:mail.google.com 216.58.197.174:maps.google.com 216.58.200.174:myaccount.google.com 74.125.204.100:myactivity.google.com 216.239.32.10:ns1.google.com 216.239.34.10:ns2.google.com 216.239.38.10:ns4.google.com 172.217.26.46:photos.google.com 216.58.197.196:picasa.google.com 172.217.25.78:play.google.com 172.217.25.238:plus.google.com 172.217.25.228:scholar.google.com 172.217.26.46:search.google.com 216.58.197.206:sites.google.com 216.58.200.174:store.google.com 216.58.200.174:support.google.com 216.58.200.164:tbn0.google.com 216.58.197.174:tools.google.com 216.58.197.174:translate.google.com 216.58.196.228:trends.google.com 108.177.97.106:www.google.com [+] Virtual hosts: ================== root@kali:~# | cs |
728x90