Kali 中 theharvester 的使用

1、theharvester 简介

theharvester是一个社会工程学工具，它通过搜索引擎、PGP服务器以及SHODAN数据库收集用户的email，子域名，主机，雇员名，开放端口和banner信息。

2、帮助命令

root@kali:~# theharvester -h

Warning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.


*******************************************************************
*                                                                 *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __| '_ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* theHarvester Ver. 3.0.6                                         *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* cmartorella@edge-security.com                                   *
*******************************************************************


Usage: theharvester options 

       -d: Domain to search or company name
       -b: data source: xxx, bing, bingapi, censys, crtsh, dogpile,       #指定搜索途径
                        google, google-certificates, googleCSE, googleplus, google-profiles,
                        hunter, linkedin, netcraft, pgp, threatcrowd,
                        twitter, vhost, virustotal, yahoo, all
       -g: use Google dorking instead of normal Google search
       -s: start in result number X (default: 0)
       -v: verify host name via DNS resolution and search for virtual hosts
       -f: save the results into an HTML and XML file (both)
       -n: perform a DNS reverse query on all ranges discovered
       -c: perform a DNS brute force for the domain name
       -t: perform a DNS TLD expansion discovery
       -e: use this DNS server
       -p: port scan the detected hosts and check for Takeovers (80,443,22,21,8080)
       -l: limit the number of results to work with(Bing goes from 50 to 50 results,
            Google 100 to 100, and PGP doesn't use this option)
       -h: use SHODAN database to query discovered hosts

Examples:
        theharvester -d microsoft.com -l 500 -b google -f myresults.html
        theharvester -d microsoft.com -b pgp, virustotal
        theharvester -d microsoft -l 200 -b linkedin
        theharvester -d microsoft.com -l 200 -g -b google
        theharvester -d apple.com -b googleCSE -l 500 -s 300
        theharvester -d cornell.edu -l 100 -b bing -h

-d:要搜索的域名或公司名称
-b:数据源:百度，bing, bingapi, censys, crtsh, dogpile，google，googleecse, googleplus, google profiles，hunter, linkedin, netcraft, pgp, threatcrowd，twitter………………
-g:使用谷歌代替普通的谷歌搜索
-s:从结果号X开始(默认为0)
-v:通过DNS解析验证主机名，搜索虚拟主机
-f:将结果保存为HTML和XML文件(两者)
-n:对发现的所有范围进行DNS反向查询
-c:对域名执行DNS暴力解析
-t:执行DNS TLD扩容发现
-e:使用此DNS服务器
-p: 端口扫描
-l:限制要处理的结果的数量(Bing从50到50个结果，谷歌100到100，并且PGP不使用这个选项)
-h:使用SHODAN数据库查询已发现的主机

举例：

root@kali:~# theharvester -d xxx.com -l 100 -b google -f 1.html

Warning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.


*******************************************************************
*                                                                 *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __| '_ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* theHarvester Ver. 3.0.6                                         *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* cmartorella@edge-security.com                                   *
*******************************************************************


found supported engines
[-] Starting harvesting process for domain: xxx.com

[-] Searching in Google:
    Searching 0 results...
    Searching 100 results...

Harvesting results
No IP addresses found


[+] Emails found:            #先去查询邮件信息，但未找到
------------------
No emails found
 
[+] Hosts found in search engines:        #查询到了5个主机信息
------------------------------------

Total hosts: 5

[-] Resolving hostnames IPs... 
 
m.xxx.com:xxx.xxx.44.91
xxx.xxx.com:xxx.xxx.96.52
research.xxx.com:xxx.xxx.149.102
srf.xxx.com:xxx.xxx.111.88
www.xxx.com:xxx.xxx.44.95
NEW REPORTING BEGINS:
Error in the reportgraph module: 
The plotly.plotly module is deprecated,
please install the chart-studio package and use the
chart_studio.plotly module instead. 

module 'lib.reportgraph' has no attribute 'graphgenerator'
Error creating the file
Files saved!
root@kali:~# ls
1.xml  Desktop  Documents  Downloads  Music  Pictures  Public  stash.sqlite  Templates  Videos
root@kali: