Olá! há algum tempo descobri um guião muito útil para recolher informação sobre domínios, é o guião “The harvester” (projecto em https://github.com/laramies/theHarvester), este guião é muito útil na fase de recolha de informação durante um pentesting, capaz de recolher todo o tipo de informação de um domínio, é possível obter hosts de endereços de correio electrónico, nome da organização:
Instalação:
root@host:~# git clone https://github.com/laramies/theHarvester.git Cloning into 'theHarvester'... remote: Counting objects: 259, done. remote: Total 259 (delta 0), reused 0 (delta 0), pack-reused 259 Receiving objects: 100% (259/259), 110.94 KiB | 0 bytes/s, done. Resolving deltas: 100% (141/141), done. Checking connectivity... done. root@host:~# root@host:~# cd theHarvester/ root@host:~/theHarvester#
A partir dos testes que tenho vindo a realizar, é melhor obter a informação em várias partes (o “….” são indicadores de que o texto foi cortado para evitar a extensão excessiva do posto):
1- Contas de e-mail, neste exemplo encontramos contas de e-mail e hostnames da empresa “microsoft” no google :
root@host:~/theHarvester# python theHarvester.py -d micrososft.com -b google ******************************************************************* * * * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ * * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| * * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | * * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| * * * * TheHarvester Ver. 2.7.1 * * Coded by Christian Martorella * * Edge-Security Research * * cmartorella@edge-security.com * ******************************************************************* [-] Searching in Google: Searching 0 results... Searching 100 results... [+] Emails found: ------------------ alexhop@micrososft.com santoshkondapalli@micrososft.com across@micrososft.com thies@micrososft.com minchu@micrososft.com forzafb@micrososft.com bill.gates@micrososft.com arynes@micrososft.com v-amanz@micrososft.com vijayr@micrososft.com alizat@micrososft.com [+] Hosts found in search engines: ------------------------------------ [-] Resolving hostnames IPs... 185.53.178.6:Teredo.ipv6.micrososft.com 185.53.178.6:account.micrososft.com 185.53.178.6:activate.micrososft.com 185.53.178.6:answer.micrososft.com 185.53.178.6:answers.micrososft.com 185.53.178.6:beta.micrososft.com 185.53.178.6:connect.micrososft.com 185.53.178.6:download.micrososft.com 185.53.178.6:ftp.micrososft.com 185.53.178.6:iqn.1991-05.com.micrososft.com 185.53.178.6:mcp.micrososft.com 185.53.178.6:messaging.micrososft.com 185.53.178.6:msdn.micrososft.com 185.53.178.6:msnews.micrososft.com 185.53.178.6:news.micrososft.com 185.53.178.6:ntservicepack.micrososft.com 185.53.178.6:office.micrososft.com 185.53.178.6:partner.micrososft.com 185.53.178.6:research.micrososft.com 185.53.178.6:schemas.micrososft.com 185.53.178.6:support.micrososft.com 185.53.178.6:sysdev.micrososft.com 185.53.178.6:technet.micrososft.com 185.53.178.6:testconnectivity.micrososft.com 185.53.178.6:w.micrososft.com 185.53.178.6:windowsupdate.micrososft.com 185.53.178.6:wingual.micrososft.com 185.53.178.6:www.micrososft.com root@host:~/theHarvester# 2- Cuentas de linkedin de la organización microsoft:
root@host:~/theHarvester# python theHarvester.py -d Microsoft -b linkedin ******************************************************************* * * * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ * * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| * * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | * * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| * * * * TheHarvester Ver. 2.7.1 * * Coded by Christian Martorella * * Edge-Security Research * * cmartorella@edge-security.com * ******************************************************************* [-] Searching in Linkedin.. Searching 100 results.. Users from Linkedin: ------------------- Terry Myerson Rajesh Jha - Executive Vice President Judson Althoff - Executive Vice President Scott Guthrie - Executive Vice President Kathleen Hogan - Chief People Officer Chris Capossela Yusuf Mehdi
3- Perfis no Twitter
root@pintel:~/theHarvester# python theHarvester.py -d microsoft -b twitter ******************************************************************* * * * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ * * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| * * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | * * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| * * * * TheHarvester Ver. 2.7.1 * * Coded by Christian Martorella * * Edge-Security Research * * cmartorella@edge-security.com * ******************************************************************* [-] Searching in Twitter .. Searching 100 results.. Users from Twitter: ------------------- .... @Amazon and ... @SatyaNadella joins ... @PublicisGroupe to create ... @PublicisGroupe. I @Microsoft @VirginGalactic collaborated with Microsoft ... @MSFTResearch. Founded in 1991 @PaulGAllen. Philanthropist @here @BusinessInsider @businessinsider @BradSmi. @JudsonAlthoff highlights some of ... @Fujitsu_Global has teamed up with @LarryFitzgerald. O Land of the Brave. Who @coolmario88cp Glad to hear it @EllenDavis @NRFNews @ellendavis @NRFnews. Hi Your middle East email support team is playing with me @hotmail @ToDoHelp. Need help with @MicrosoftTeams. Bring together all of your team @byshondaland to share ... @983FLYFM tweeted .... @Microsoft tech from ...
4- Tudo relacionado com o domínio ou organização microsoft (com o domínio .com ou apenas o nome microsoft):
root@host:~/theHarvester# python theHarvester.py -d microsoft.com -b all -h
*******************************************************************
* *
* | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
* | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
* \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
* *
* TheHarvester Ver. 2.7.1 *
* Coded by Christian Martorella *
* Edge-Security Research *
* cmartorella@edge-security.com *
*******************************************************************
Full harvest..
[-] Searching in Google..
Searching 0 results...
Searching 100 results...
[-] Searching in PGP Key server..
500
Internal Server Error
[-] Searching in Netcraft server..
Searching Netcraft results..
[-] Searching in CRTSH server..
Searching CRT.sh results..
[-] Searching in Virustotal server..
Searching CRT.sh results..
[-] Searching in Bing..
Searching 50 results...
Searching 100 results...
[-] Searching in Exalead..
Searching 50 results...
Searching 100 results...
Searching 150 results...
[+] Emails found:
------------------
indiaGOMSN@microsoft.com
[+] Hosts found in search engines:
------------------------------------
[-] Resolving hostnames IPs...
72.247.215.90:account.microsoft.com
23.223.105.254:answers.microsoft.com
104.83.178.199:apps.microsoft.com
104.46.51.148:appsource.microsoft.com
23.101.10.141:azure.microsoft.com
134.170.51.186:catalog.update.microsoft.com
72.247.215.90:choice.microsoft.com
104.83.211.3:docs.microsoft.com
92.122.44.50:download.microsoft.com
191.234.1.50:e.microsoft.com
185.43.182.10:fullproduct.download.microsoft.com
104.83.182.123:go.microsoft.com
52.175.238.166:help.bing.microsoft.com
65.52.103.102:msdn.microsoft.com
192.230.82.121:news.microsoft.com
52.109.88.6:o15.officeredir.microsoft.com
168.63.29.74:office.microsoft.com
40.78.18.232:portal.msrc.microsoft.com
65.54.226.187:schemas.microsoft.com
157.56.75.164:social.technet.microsoft.com
92.122.44.247:support.microsoft.com
65.52.103.106:technet.microsoft.com
157.56.49.241:technet2.microsoft.com
157.55.240.94:update.microsoft.com
104.83.178.199:windows.microsoft.com
157.56.77.153:windowsupdate.microsoft.com
40.77.228.68:www.catalog.update.microsoft.com
104.107.255.207:www.microsoft.com
65.55.50.190:www.update.microsoft.com
[+] Virtual hosts:
-----------------
23.101.10.141 cn.changiairport.com
23.101.10.141 www.jrs-express
23.101.10.141 www.msxiaona.cn
...
65.55.50.190 windowsupdate
65.55.50.190 update.microsoft.com
65.55.50.190 windowsupdate.microsoft.com
65.55.50.190 fe1.update.microsoft.com
[+] Shodan Database search:
72.247.215.90:account.microsoft.com
Searching for: 72.247.215.90:account.microsoft.com
SHODAN empty reply or error in the call
23.223.105.254:answers.microsoft.com
Searching for: 23.223.105.254:answers.microsoft.com
....
23.101.10.141:cn.changiairport.com
23.101.10.141:www.jrs-express
23.101.10.141:www.msxiaona.cn
....
65.55.50.190:fe1.update.microsoft.com
[+] Shodan results:
------------------
root@host:~/theHarvester#