theHarvester
theHarvester is an open source reconnaissance tool, it can dig out heaps of information, comprising of subdomains, email addresses, employee names, open ports, and so on. theHarvester mainly makes use of passive techniques and sometimes active techniques as well.
Let's run this amazing tool against my homepage:
theharvester –d prakharprasad.com –b google
Look at this! theHarvester found out a list of subdomains and an email address. We may use this email address to perform client side exploitation or phishing, but that's a different topic. The tool only utilized Google as a source of data to reveal this much information.
We can control the sources of data to be used with theHarvester by using the -b switch. The sources of data that theHarvester supports are:
google, googleCSE, bing, bingapi, pgp, linkedin, google-profiles, people123, jigsaw,twitter, googleplus, all
Let us try to run theHarvester on my domain and provide the data source as LinkedIn. Let's see what happens next...
