09/23/2022 - Miniseries - Subdomain Enumeration Part 4

Today we will take a closer look at theHarvester.

09/23/2022 - Miniseries - Subdomain Enumeration Part 4


This post is aimed more at beginners who want to get into the topic. I will write it a bit simpler and not highlight the "How does it work exactly?", but rather how to get to the goal on a simple level. I will not address payment software. Please keep in mind that I only show an excerpt of how you can use the tools. This does not mean that there are not other or additional possibilities. If you missed part 3, click here.

I am using a Kali VM with 4 cores and 4GB RAM as a test environment. Kali is up to date.


theHarvester


Project: https://github.com/laramies/theHarvester
Twitter: https://twitter.com/jay_townsend1
Twitter: https://twitter.com/discoverscripts

theHarvester is similar to OneForAll but has only a fraction of the features of Project Amass. Let's take a look at how exactly this works.


At Kali theHarvester is included by default otherwise have a look here: https://github.com/laramies/theHarvester/wiki/Installation

theHarvester -h


theHarvester overview

theHarvester -d example.com -v -r -n -c -l 500 -b all -f /home/USERNAME/FILENAME.json


If you see any error messages, it does not necessarily mean that you will not get a result. The upper command is the lazy solution.


If you have API keys, you can store them here:

cd /etc/theHarvester/
sudo nano api-keys.yaml


Should you have theHarvester outside Kali's problems, you may have forgotten this:

pip3 install -r requirements.txt


Conclusion: With theHarvester I have found subdomains that I have not discovered with the other tools. I would like to see instructions on the Github page about which commands work at all. I also couldn't figure out how to load my own wordlist - I guess you have to add your list to the existing list.