Information Gathering

The first stage in security assessment is focused on collecting as much information as possible about the target application. Information gathering is an important stage of a penetration test.

There many different ways to do information gathering:

By using public tools (search engines), scanners, sending simple HTTP requests, or specially crafted requests, it is possible to force the application to leak information, e.g., disclosing error messages or revealing the versions and technologies used.

In today’s blog I’ll show you how to use tool provided by backtrack which is theharvester to do information gathering to gather the target subdomain and email address.

Here I’m using Back track 5 R2.

To use theharverster :

# cd /pentest/enumeration/theharvester/

# ./theHarvester.py

It will show the usage how theharverster

As an example I will use the target domain to test it by using google

Here is the command:

#./theHarvester.py -d targetdomain -l 100 -b google

Here is the result:

*************************************

*TheHarvester Ver. 2.1 (reborn)     *

*Coded by Christian Martorella      *

*Edge-Security Research             *

*cmartorella@edge-security.com      *

*************************************

[-] Searching in Google:

                Searching 0 results...

                Searching 100 results...

[+] Emails found:

------------------

xxxx@targetdomain.com

@targetdomain.com

@targetdomain.com

[+] Hosts found in search engines:

------------------------------------

xxx.xxx.xxx.xx:www.targetdomain.com

[+] Proposed SET

Instead of using google try to use Linkedin to find out usernames .

There still some other tools provided by back track to crawl information od the target such as Maltego, goorecon, etc

To prevent people to gather your information you should carefully choose which information that you should show in public and wich one you should keep in more secure way to share your information.