Information Gathering with theHarvester and DMitry in Kali Linux
Being a hacker is essentially being an information harvester. There are many information gathering techniques even before the actual hacking begins. Some practical Hollywood movies and shows have shown us how hackers can go through trash cans to gather as much information about their targets.
You would be surprised how simpler hacking a person, or their computer is when you collect bits of information about themselves that they leave all over the place, and especially on the internet.
Information Gathering Using theHarvester
This article is all about information gathering through footprinting and scanning. These are among the most important preparation steps that can make the difference between a successful penetration and a failed test. Considering that information is a weapon, you need as much information about the client and the network for a successful hack.
Developed in Python by Christian Martorella, theHarvester is a tool that you use to gather information about email accounts, usernames, and hostnames and subdomains from various public sources such as social media, search engines, and PGP key servers.
theHarvester is designed to be used at the earliest stages of penetration testing. It is a simple but highly effective tool that supports a range of sources including:
- Google (emails, hostnames, subdomains, Google+ profile employee names)
- Bing (Emails, hostnames, subdomains, virtual hosts)
- Pgp servers (emails, hostnames, subdomains)
- LinkedIn (employee names)
- Exalead (emails, hostnames, subdomains)
Download the repository folder then extract the contents somewhere easily accessible, such as the desktop. Unzip the contents of the archive onto the desktop using the command:
The contents of the will be inflated on to the desktop in the folder theHarvester.
Next, provide an execute permission for theHarvester.py using the chmod command below. Remember to switch the working directory to the theHarvester directory.
chmod 755 theHarvester.py.
Once this is done, theHarvester is ready to run using the command theHarvester. You should see detailed information including the version of theHarvester and other options.
One of the best things about information gathering with theHarvester is that its command syntax is rather basic. Using it is not as complicated as many other hacking processes and tools such as cracking passwords and hacking Wi-Fi networks, which typically have as many as ten steps.
The first step in using theHarvester is initializing the program from the shell. You can do this by typing:
Here is an outline of theHarvester’s command syntax:
#theharvester -d [domain] -l [results_limit] -b [data_source]
When you use the above query on your chosen domain, theHarvester will return a list of email addresses depending on the limits you set in [results_limit]. You can then choose the HTML file to save the results, and where to save the file for further reference using the parameter -f.
For instance, if you were to run a query on a workplace’s website to gather email addresses of all the employees, you could use this syntax:
#theharvester -d companywebsite.com -l 100 -b google
That is pretty much it. With this simple command, theHarvester will crawl all over the internet snatching up all information that fit the criteria you specify.
You can also carry out a search of the information you want on all search engines at once using the option -all in place of the [data_source]. Your syntax would then look like this:
#theharvester -d companywebsite.com -l 100 -b all
More theHarvester Options
Besides limiting the maximum number of results the number of results and the source of data, there are some excellent parameters and options that you will find useful as you master the art of information gathering using theHarvester. These include:
- -s: Start in result number x. The default is 0.
- -v: Verify the host name using DNS resolution and search for any virtual hosts.
- -n: Carry out a DNS reverse query on the ranges discovered.
- -c: Carry out a DNS brute force for the specified domain name.
- -t: Carry out a DNS TLD expansion discovery.
- -h: Use shodan database to query the hosts discovered.
- -e: Use this DNS server.
Information Gathering with theHarvester – Video Tutorial
This following video will show you how to use theHarvester in Kali Linux. It also discusses a couple of bugs you may encounter while using theHarvester.
Information Gathering with DMitry
DMitry (Deepmagic Information Gathering Tool) is a command line application coded using the C language that you can use to gather as much information as possible on and about a host. This tool’s base functionality is to gather information on email addresses, subdomains, system uptime information, domain whois data, TCP port scans, etc.
Setting Up DMitry
You can run DMitry from the Kali Linux shell or you can use the downloadable GUI application. To download DMitry using the shell, use the following command:
# wget http://mor-pah.net/code/DMitry-1.3a.tar.gz
Use the following commands to install the tool:
# tar xzvf DMitry-1.3a.tar.gz # cd DMitry-1.3a/ # ./configure # make # sudo make install
When the download is complete, you can then install the FreeBSD package on Kali Linux.
You can start DMitry from the Terminal using the command:
If you installed the GUI application, you will find a shortcut to the tool under:
Simply click on the link, and the app will start.
Just like theHarvester, DMitry has a rather basic command syntax. For instance, to carry out a whois lookup of a host IP address, simply enter the command in this format:
dmitry -i [IP_address]
For example, to look up the whois information of the IP address 192.168.0.1, you would enter:
dmitry -i 192.168.0.1
You will use -w when performing a whois lookup of a domain name.
dmitry -w companywebsite.com
To carry out a search for possible subdomains on a domain name, you will use the -s command. The syntax will look like this:
dmitry -s companywebsite.com
Use -p in the command syntax to carry out a TCP port scan on a target IP address. The command would look like this:
dmitry -p 192.168.0.1
When you want to carry out a TCP port scan on a host and filter the output report, use the -f command. This is particularly important to identify which ports are protected by a firewall and which ones are not. You must add -p to this command to successfully scan and filter the results. Your command would look something like this:
dmitry -pf companywebsite.com
The -e command is used to carry out a search for all email addresses linked to a domain name. The command syntax looks like this:
dmitry -e companywebsite.com
Use the -n command to find netcraft information about a host (check out netcraft.com). This will include uptime information where available. The command should look like this:
dmitry -n companywebsite.com
To save the output results you find using dmitry, use the -o command and specify the filename. If not specified, the default name will be host.txt.
dmitry -e companywebsite.com -o company_emails.txt
Information Gathering with DMitry – Video Tutorial
The following video will show you how to use Dmitry to perform enumeration on a target. This includes looking up subdomains, email addresses, and performing a TCP port scan.
I cannot emphasize strongly enough how important information gathering is to the whole process of hacking. When you carry out proper reconnaissance by collecting all the information you can about a host, it will increase the chances of finding vulnerabilities in a system, hence saving you time and effort.
There are quite a number of great tools you should know about including:
- Parsero (leverages information contained in the Robots.txt file of web servers.)
- Wireshark (analyzes network protocols. It is very popular with corporations and educational institutions.)
- ntop (shows in-depth network usage information.)
- Casefile (built for offline use.)
- Maltego (used to scan for network vulnerabilities and finding IP addresses.)
I hope you enjoyed this article and learned something new today. Feel free to pass your comments below. Happy hacking!