Obtener información de una organización con un solo comando

Obtener información de una organización con un solo comando

¡Hola! Hace tiempo descubrí un script bastante util para recopilar información acerca de dominios, se trata del script «The harvester» (proyecto en https://github.com/laramies/theHarvester), este script es es muy util en la fase de recolección de información durante un pentesting, capaz de recopilar todo tipo de información a partir de un dominio, puede obtener direcciones de email hosts, nombre de la organizacion:

Instalación:

root@host:~# git clone https://github.com/laramies/theHarvester.git
Cloning into 'theHarvester'...
remote: Counting objects: 259, done.
remote: Total 259 (delta 0), reused 0 (delta 0), pack-reused 259
Receiving objects: 100% (259/259), 110.94 KiB | 0 bytes/s, done.
Resolving deltas: 100% (141/141), done.
Checking connectivity... done.
root@host:~#
root@host:~# cd theHarvester/
root@host:~/theHarvester# 

Por las pruebas que he estado realizando lo mejor es obtener la información en varias partes (los «….» son indicadores de que se ha recortado texto para no extender en exceso el post):

1- Cuentas de email, en este ejemplo hacemos que se encuentren cuentas de email y hostnames de la empresa «microsoft» en google :

root@host:~/theHarvester# python theHarvester.py -d micrososft.com -b google

*******************************************************************
* *
* | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
* | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
* \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
* *
* TheHarvester Ver. 2.7.1 *
* Coded by Christian Martorella *
* Edge-Security Research *
* cmartorella@edge-security.com *
*******************************************************************

[-] Searching in Google:
Searching 0 results...
Searching 100 results...

[+] Emails found:
------------------
alexhop@micrososft.com
santoshkondapalli@micrososft.com
across@micrososft.com
thies@micrososft.com
minchu@micrososft.com
forzafb@micrososft.com
bill.gates@micrososft.com
arynes@micrososft.com
v-amanz@micrososft.com
vijayr@micrososft.com
alizat@micrososft.com

[+] Hosts found in search engines:
------------------------------------
[-] Resolving hostnames IPs...
185.53.178.6:Teredo.ipv6.micrososft.com
185.53.178.6:account.micrososft.com
185.53.178.6:activate.micrososft.com
185.53.178.6:answer.micrososft.com
185.53.178.6:answers.micrososft.com
185.53.178.6:beta.micrososft.com
185.53.178.6:connect.micrososft.com
185.53.178.6:download.micrososft.com
185.53.178.6:ftp.micrososft.com
185.53.178.6:iqn.1991-05.com.micrososft.com
185.53.178.6:mcp.micrososft.com
185.53.178.6:messaging.micrososft.com
185.53.178.6:msdn.micrososft.com
185.53.178.6:msnews.micrososft.com
185.53.178.6:news.micrososft.com
185.53.178.6:ntservicepack.micrososft.com
185.53.178.6:office.micrososft.com
185.53.178.6:partner.micrososft.com
185.53.178.6:research.micrososft.com
185.53.178.6:schemas.micrososft.com
185.53.178.6:support.micrososft.com
185.53.178.6:sysdev.micrososft.com
185.53.178.6:technet.micrososft.com
185.53.178.6:testconnectivity.micrososft.com
185.53.178.6:w.micrososft.com
185.53.178.6:windowsupdate.micrososft.com
185.53.178.6:wingual.micrososft.com
185.53.178.6:www.micrososft.com
root@host:~/theHarvester#

2- Cuentas de linkedin de la organización microsoft:
root@host:~/theHarvester# python theHarvester.py -d Microsoft -b linkedin

*******************************************************************
*                                                                 *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __| '_ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* TheHarvester Ver. 2.7.1                                         *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* cmartorella@edge-security.com                                   *
*******************************************************************


[-] Searching in Linkedin..
	Searching 100 results..
Users from Linkedin:
-------------------
Terry Myerson
Rajesh Jha - Executive Vice President
Judson Althoff - Executive Vice President
Scott Guthrie - Executive Vice President
Kathleen Hogan - Chief People Officer
Chris Capossela
Yusuf Mehdi

3- Perfiles de twitter

root@pintel:~/theHarvester# python theHarvester.py -d microsoft -b twitter

*******************************************************************
*                                                                 *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __| '_ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* TheHarvester Ver. 2.7.1                                         *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* cmartorella@edge-security.com                                   *
*******************************************************************


[-] Searching in Twitter ..
	Searching 100 results..
Users from Twitter:
-------------------
....
@Amazon and ...
@SatyaNadella joins ...
@PublicisGroupe to create ...
@PublicisGroupe. I
@Microsoft
@VirginGalactic collaborated with Microsoft ...
@MSFTResearch. Founded in 1991
@PaulGAllen. Philanthropist
@here
@BusinessInsider
@businessinsider 
@BradSmi. 
@JudsonAlthoff highlights some of ...
@Fujitsu_Global has teamed up with 
@LarryFitzgerald. O Land of the Brave. Who
@coolmario88cp Glad to hear it
@EllenDavis
@NRFNews
@ellendavis 
@NRFnews. Hi Your middle East email support team is playing with me
@hotmail 
@ToDoHelp. Need help with 
@MicrosoftTeams. Bring together all of your team
@byshondaland to share ...
@983FLYFM tweeted
....
@Microsoft tech from ...

4- Todo lo relacionado con el dominio o la organizion de microsoft(con el .com o solo el nombre microsoft):

root@host:~/theHarvester# python theHarvester.py -d microsoft.com -b all -h

*******************************************************************
*                                                                 *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __| '_ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* TheHarvester Ver. 2.7.1                                         *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* cmartorella@edge-security.com                                   *
*******************************************************************


Full harvest..
[-] Searching in Google..
	Searching 0 results...
	Searching 100 results...
[-] Searching in PGP Key server..
500
Internal Server Error
[-] Searching in Netcraft server..
	Searching Netcraft results..
[-] Searching in CRTSH server..

	Searching CRT.sh results..
[-] Searching in Virustotal server..
	Searching CRT.sh results..
[-] Searching in Bing..
	Searching 50 results...
	Searching 100 results...
[-] Searching in Exalead..
	Searching 50 results...
	Searching 100 results...
	Searching 150 results...


[+] Emails found:
------------------
indiaGOMSN@microsoft.com

[+] Hosts found in search engines:
------------------------------------
[-] Resolving hostnames IPs... 
72.247.215.90:account.microsoft.com
23.223.105.254:answers.microsoft.com
104.83.178.199:apps.microsoft.com
104.46.51.148:appsource.microsoft.com
23.101.10.141:azure.microsoft.com
134.170.51.186:catalog.update.microsoft.com
72.247.215.90:choice.microsoft.com
104.83.211.3:docs.microsoft.com
92.122.44.50:download.microsoft.com
191.234.1.50:e.microsoft.com
185.43.182.10:fullproduct.download.microsoft.com
104.83.182.123:go.microsoft.com
52.175.238.166:help.bing.microsoft.com
65.52.103.102:msdn.microsoft.com
192.230.82.121:news.microsoft.com
52.109.88.6:o15.officeredir.microsoft.com
168.63.29.74:office.microsoft.com
40.78.18.232:portal.msrc.microsoft.com
65.54.226.187:schemas.microsoft.com
157.56.75.164:social.technet.microsoft.com
92.122.44.247:support.microsoft.com
65.52.103.106:technet.microsoft.com
157.56.49.241:technet2.microsoft.com
157.55.240.94:update.microsoft.com
104.83.178.199:windows.microsoft.com
157.56.77.153:windowsupdate.microsoft.com
40.77.228.68:www.catalog.update.microsoft.com
104.107.255.207:www.microsoft.com
65.55.50.190:www.update.microsoft.com
[+] Virtual hosts:
-----------------
23.101.10.141	cn.changiairport.com
23.101.10.141	www.jrs-express
23.101.10.141	www.msxiaona.cn
...
65.55.50.190	windowsupdate
65.55.50.190	update.microsoft.com
65.55.50.190	windowsupdate.microsoft.com
65.55.50.190	fe1.update.microsoft.com
[+] Shodan Database search:
72.247.215.90:account.microsoft.com
	Searching for: 72.247.215.90:account.microsoft.com
SHODAN empty reply or error in the call
23.223.105.254:answers.microsoft.com
	Searching for: 23.223.105.254:answers.microsoft.com
....
23.101.10.141:cn.changiairport.com
23.101.10.141:www.jrs-express
23.101.10.141:www.msxiaona.cn
....
65.55.50.190:fe1.update.microsoft.com
[+] Shodan results:
------------------
root@host:~/theHarvester# 

Deja una respuesta