¡Hola! Hace tiempo descubrí un script bastante util para recopilar información acerca de dominios, se trata del script «The harvester» (proyecto en https://github.com/laramies/theHarvester), este script es es muy util en la fase de recolección de información durante un pentesting, capaz de recopilar todo tipo de información a partir de un dominio, puede obtener direcciones de email hosts, nombre de la organizacion:
Instalación:
root@host:~# git clone https://github.com/laramies/theHarvester.git Cloning into 'theHarvester'... remote: Counting objects: 259, done. remote: Total 259 (delta 0), reused 0 (delta 0), pack-reused 259 Receiving objects: 100% (259/259), 110.94 KiB | 0 bytes/s, done. Resolving deltas: 100% (141/141), done. Checking connectivity... done. root@host:~# root@host:~# cd theHarvester/ root@host:~/theHarvester#
Por las pruebas que he estado realizando lo mejor es obtener la información en varias partes (los «….» son indicadores de que se ha recortado texto para no extender en exceso el post):
1- Cuentas de email, en este ejemplo hacemos que se encuentren cuentas de email y hostnames de la empresa «microsoft» en google :
root@host:~/theHarvester# python theHarvester.py -d micrososft.com -b google ******************************************************************* * * * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ * * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| * * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | * * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| * * * * TheHarvester Ver. 2.7.1 * * Coded by Christian Martorella * * Edge-Security Research * * cmartorella@edge-security.com * ******************************************************************* [-] Searching in Google: Searching 0 results... Searching 100 results... [+] Emails found: ------------------ alexhop@micrososft.com santoshkondapalli@micrososft.com across@micrososft.com thies@micrososft.com minchu@micrososft.com forzafb@micrososft.com bill.gates@micrososft.com arynes@micrososft.com v-amanz@micrososft.com vijayr@micrososft.com alizat@micrososft.com [+] Hosts found in search engines: ------------------------------------ [-] Resolving hostnames IPs... 185.53.178.6:Teredo.ipv6.micrososft.com 185.53.178.6:account.micrososft.com 185.53.178.6:activate.micrososft.com 185.53.178.6:answer.micrososft.com 185.53.178.6:answers.micrososft.com 185.53.178.6:beta.micrososft.com 185.53.178.6:connect.micrososft.com 185.53.178.6:download.micrososft.com 185.53.178.6:ftp.micrososft.com 185.53.178.6:iqn.1991-05.com.micrososft.com 185.53.178.6:mcp.micrososft.com 185.53.178.6:messaging.micrososft.com 185.53.178.6:msdn.micrososft.com 185.53.178.6:msnews.micrososft.com 185.53.178.6:news.micrososft.com 185.53.178.6:ntservicepack.micrososft.com 185.53.178.6:office.micrososft.com 185.53.178.6:partner.micrososft.com 185.53.178.6:research.micrososft.com 185.53.178.6:schemas.micrososft.com 185.53.178.6:support.micrososft.com 185.53.178.6:sysdev.micrososft.com 185.53.178.6:technet.micrososft.com 185.53.178.6:testconnectivity.micrososft.com 185.53.178.6:w.micrososft.com 185.53.178.6:windowsupdate.micrososft.com 185.53.178.6:wingual.micrososft.com 185.53.178.6:www.micrososft.com root@host:~/theHarvester# 2- Cuentas de linkedin de la organización microsoft:
root@host:~/theHarvester# python theHarvester.py -d Microsoft -b linkedin ******************************************************************* * * * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ * * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| * * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | * * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| * * * * TheHarvester Ver. 2.7.1 * * Coded by Christian Martorella * * Edge-Security Research * * cmartorella@edge-security.com * ******************************************************************* [-] Searching in Linkedin.. Searching 100 results.. Users from Linkedin: ------------------- Terry Myerson Rajesh Jha - Executive Vice President Judson Althoff - Executive Vice President Scott Guthrie - Executive Vice President Kathleen Hogan - Chief People Officer Chris Capossela Yusuf Mehdi
3- Perfiles de twitter
root@pintel:~/theHarvester# python theHarvester.py -d microsoft -b twitter ******************************************************************* * * * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ * * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| * * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | * * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| * * * * TheHarvester Ver. 2.7.1 * * Coded by Christian Martorella * * Edge-Security Research * * cmartorella@edge-security.com * ******************************************************************* [-] Searching in Twitter .. Searching 100 results.. Users from Twitter: ------------------- .... @Amazon and ... @SatyaNadella joins ... @PublicisGroupe to create ... @PublicisGroupe. I @Microsoft @VirginGalactic collaborated with Microsoft ... @MSFTResearch. Founded in 1991 @PaulGAllen. Philanthropist @here @BusinessInsider @businessinsider @BradSmi. @JudsonAlthoff highlights some of ... @Fujitsu_Global has teamed up with @LarryFitzgerald. O Land of the Brave. Who @coolmario88cp Glad to hear it @EllenDavis @NRFNews @ellendavis @NRFnews. Hi Your middle East email support team is playing with me @hotmail @ToDoHelp. Need help with @MicrosoftTeams. Bring together all of your team @byshondaland to share ... @983FLYFM tweeted .... @Microsoft tech from ...
4- Todo lo relacionado con el dominio o la organizion de microsoft(con el .com o solo el nombre microsoft):
root@host:~/theHarvester# python theHarvester.py -d microsoft.com -b all -h ******************************************************************* * * * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ * * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| * * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | * * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| * * * * TheHarvester Ver. 2.7.1 * * Coded by Christian Martorella * * Edge-Security Research * * cmartorella@edge-security.com * ******************************************************************* Full harvest.. [-] Searching in Google.. Searching 0 results... Searching 100 results... [-] Searching in PGP Key server.. 500 Internal Server Error [-] Searching in Netcraft server.. Searching Netcraft results.. [-] Searching in CRTSH server.. Searching CRT.sh results.. [-] Searching in Virustotal server.. Searching CRT.sh results.. [-] Searching in Bing.. Searching 50 results... Searching 100 results... [-] Searching in Exalead.. Searching 50 results... Searching 100 results... Searching 150 results... [+] Emails found: ------------------ indiaGOMSN@microsoft.com [+] Hosts found in search engines: ------------------------------------ [-] Resolving hostnames IPs... 72.247.215.90:account.microsoft.com 23.223.105.254:answers.microsoft.com 104.83.178.199:apps.microsoft.com 104.46.51.148:appsource.microsoft.com 23.101.10.141:azure.microsoft.com 134.170.51.186:catalog.update.microsoft.com 72.247.215.90:choice.microsoft.com 104.83.211.3:docs.microsoft.com 92.122.44.50:download.microsoft.com 191.234.1.50:e.microsoft.com 185.43.182.10:fullproduct.download.microsoft.com 104.83.182.123:go.microsoft.com 52.175.238.166:help.bing.microsoft.com 65.52.103.102:msdn.microsoft.com 192.230.82.121:news.microsoft.com 52.109.88.6:o15.officeredir.microsoft.com 168.63.29.74:office.microsoft.com 40.78.18.232:portal.msrc.microsoft.com 65.54.226.187:schemas.microsoft.com 157.56.75.164:social.technet.microsoft.com 92.122.44.247:support.microsoft.com 65.52.103.106:technet.microsoft.com 157.56.49.241:technet2.microsoft.com 157.55.240.94:update.microsoft.com 104.83.178.199:windows.microsoft.com 157.56.77.153:windowsupdate.microsoft.com 40.77.228.68:www.catalog.update.microsoft.com 104.107.255.207:www.microsoft.com 65.55.50.190:www.update.microsoft.com [+] Virtual hosts: ----------------- 23.101.10.141 cn.changiairport.com 23.101.10.141 www.jrs-express 23.101.10.141 www.msxiaona.cn ... 65.55.50.190 windowsupdate 65.55.50.190 update.microsoft.com 65.55.50.190 windowsupdate.microsoft.com 65.55.50.190 fe1.update.microsoft.com [+] Shodan Database search: 72.247.215.90:account.microsoft.com Searching for: 72.247.215.90:account.microsoft.com SHODAN empty reply or error in the call 23.223.105.254:answers.microsoft.com Searching for: 23.223.105.254:answers.microsoft.com .... 23.101.10.141:cn.changiairport.com 23.101.10.141:www.jrs-express 23.101.10.141:www.msxiaona.cn .... 65.55.50.190:fe1.update.microsoft.com [+] Shodan results: ------------------ root@host:~/theHarvester#