Gather an Email List using theHarvester
Emails are messaging sources that are crucial for performing information exchange. Email ID is considered by most people as the personal identification of employees or organizations. Thus, gathering the email IDs of critical personnel is one of the key tasks of ethical hackers.
Here, we will gather the list of email IDs related to a target organization using theHarvester tool.
theHarvester: This tool gathers emails, subdomains, hosts, employee names, open ports, and banners from different public sources such as search engines, PGP key servers, and the SHODAN computer database as well as uses Google, Bing, SHODAN, etc. to extract valuable information from the target domain. This tool is intended to help ethical hackers and pen testers in the early stages of the security assessment to understand the organization’s footprint on the Internet. It is also useful for anyone who wants to know what organizational information is visible to an attacker.
In the login page, the attacker username as kali. Enter password as kali in the Password field and press Enter to log in to the machine.
A kali linux Terminal window appears. In the terminal window, type sudo su and press Enter to run the programs as a kali user.
In the [sudo] password for attacker field, type kali as a password and press Enter.
In the terminal window, type theHarvester -d microsoft.com -l 200 -b baidu and press Enter.
You can see the email IDs related to the target company and target company hosts obtained from the Baidu source, as shown in the screenshot. The attackers can use these email lists and usernames to perform social engineering and brute force attacks on the target organization.
This concludes the Gather an Email List using theHarvester