miércoles, 3 de junio de 2020

Theharvester: Email Harvesting Throughout Year




You might have harvested many things upto now but what we are going to harvest today is something bad :)



Requirements:

  1. A Linux box (I'm using Kali Linux)
  2. theharvester program (already available in Kali Linux)
So what does theharvester harvest? Well it harvests email addresses. theharvester is an Information gathering tool. If you want a list of emails to spam you can get that easily from theharvester tool and go on Spamming (I'm joking its illegal). It's a security tool that helps you in pentesting an organization (as always it can be used for evil as well). You can gather emails from an organization and look for potential victims to attack or use brute-force techniques to get their passwords or Social Engineer them into doing something that will let you compromise some or all systems in the organization. Uhh there are so many things that you can do when you have access to someone's email address.

OK stop talking and start doing.


Fire up a terminal in your kali box and type this command:


theharvester -d hotmail.com -l 50 -b google


In a small amount of time you'll see your terminal flooded with 200 hotmail.com email address. What does this command mean?


theharvester is the tool name that we are using

-d <domain_name> specifies the domain (or website) who's email addresses we're looking for, in our case it was hotmail.com
-l <number> specifies the number of results that we want in the output, I limited it to 50
-b <source> specifies the source on which to look for email addresses, I specified google as the source

Besides google we can specify any of the follow as source:

google, googleCSE, bing, bingapi, pgp, linkedin, google-profiles, people123, jigsaw, twitter, googleplus, all
Here the last entry all means look in every available source.

Let's say you wanted to look in every available source they you should specify the following command:


theharvester -d hotmail.com -b all




-f is another great flag which can be utilized to save the output in case we want to SPAM them later (just kidding) or for other reasons (I'm thinking positive). -f flag saves the result in html or xml format. Let's do just that:


theharvester -d gmail.com -l 50 -b google -f emailaddresses.html


here -f flag is followed by the location where we want to store the file and the name of file, in our case we stored it in our pwd (present working directory) with the name emailaddresses.html.




Above picture shows an html output generated by harvester.


That's it for this tutorial hope to see you next time!
Related links

KillShot: A PenTesting Framework, Information Gathering Tool And Website Vulnerabilities Scanner


Why should i use KillShot?
   You can use this tool to Spider your website and get important information and gather information automaticaly using whatweb-host-traceroute-dig-fierce-wafw00f or to Identify the cms and to find the vulnerability in your website using Cms Exploit Scanner && WebApp Vul Scanner Also You can use killshot to Scan automaticly multiple type of scan with nmap and unicorn . And With this tool You can Generate PHP Simple Backdoors upload it manual and connect to the target using killshot

   This Tool Bearing A simple Ruby Fuzzer Tested on VULSERV.exe and Linux Log clear script To change the content of login paths Spider can help you to find parametre of the site and scan XSS and SQL.

Use Shodan By targ option
   CreateAccount Here Register and get Your aip Shodan AIP And Add your shodan AIP to aip.txt < only your aip should be show in the aip.txt > Use targ To search about Vulnrable Targets in shodan databases.

   Use targ To scan Ip of servers fast with Shodan.

KillShot's Installation
   For Linux users, open your Terminal and enter these commands:   If you're a Windows user, follow these steps:
  • First, you must download and run Ruby-lang setup file from RubyInstaller.org, choose Add Ruby executables to your PATH and Use UTF-8 as default external encoding.
  • Then, download and install curl (32-bit or 64-bit) from Curl.haxx.se/windows. After that, go to Nmap.org/download.html to download and install the lastest Nmap version.
  • Download killshot-master.zip and unzip it.
  • Open CMD or PowerShell window at the KillShot folder you've just unzipped and enter these commands:
    ruby setup.rb
    ruby killshot.rb

KillShot usage examples
   Easy and fast use of KillShot:

   Use KillShot to detect and scan CMS vulnerabilities (Joomla and WordPress) and scan for XSS and SQL:


References: Vulnrabilities are taken from

Continue reading


Proyectos inmobiliarios en la Florida

Buenos dias

Mi nombre es José Luis Hernandez, soy asesor inmobiliario
licenciado en el estado de la Florida desde hace 16 años.

Quisiera saber si desea recibir información sobre proyectos
inmobiliarios que estoy promoviendo en este momento en la
Florida, y a que emails puedo enviarlas.

Si lo desea puede darme su número de Whatsapp así puedo entrar en
contacto por ese medio de forma mas rápida.


Muchas gracias


José Luis Hernandez

Whatsapp +19542745206

Metodologías para equipos de trabajo remoto

Buenos día
Quise aprovechar la oportunidad de hacerte una invitación para tomar nuestro curso:
 
Nombre: Metodologías ágiles para equipos de trabajo remoto
Horario: de 10:00 a 14:00 Hrs.
¿Cuándo?: Miércoles 10 de Junio 
Formato: En línea con interacción en vivo.
Lugar: En Vivo desde su computadora
Instructor: Ángeles Junco

La pandemia del COVID-19 ha representado una de las peores crisis sociales y financieras de la época. Las empresas
se han visto en la necesidad de adaptarse rápidamente a los cambios y disposiciones que se les imponen y adoptar
nuevas modalidades de trabajo. El trabajo remoto ha pasado de ser una ilusión del futuro a ser la realidad con la
que las empresas deben mantener su productividad y obtener los mejores resultados posibles.

Objetivos Específicos:

- Revisará mas metodologías de trabajo en equipo.
- Conocerá un listado de herramientas que le permitirán gestionar proyectos, interactuar con sus
colaboradores, tener visión integral del proyecto,administrar su tiempo y presentar y evaluar resultados.

Solicita información respondiendo a este correo con la palabra Remoto, junto con los siguientes datos:

Nombre:
Correo electrónico:
Número telefónico:
Email Alterno:

Números de Atención: 55 15 54 66 30 - 55 30 16 70 85 

Qué tengas un gran día.
Saludos.


Si desea dejar de recibir nuestra promoción favor de responder con la palabra baja o enviar un correo a bajas @innovalearn.net

Samurai: Web Testing Framework


"The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test." read more...


Website: http://samurai.inguardians.com

Related posts


  1. Hacker Typer
  2. Hacking Meaning
  3. Pentest Questions
  4. Hacking Software
  5. Hacking Device
  6. Hacker Software
  7. Pentest Ftp
  8. Pentest Stages
  9. Pentest With Kali Linux
  10. How To Pentest A Website