使用theHarvester和MSF3快速有效的收集Email登陆账户

日期: 2010/03/10 分类: 技术杂文 标签: , , 添加回复

原文地址:http://hi.baidu.com/hackloft/blog/item/882ff13fafcf8be754e72398.html
渗透过程中得到更多的信息是成功的基础,而目标账户/邮件的信息收集是一个重要的步骤,通过得到这些可以实施社会工程学攻击,当然也可以暴力破解。我们可以手动的去完成,也可以借助一些辅助的脚本、工具,如theHarvester和MSF3。

Edge-Security’s theHarvester

Metasploit’s search_email_collector.rb

两个小工具通过google和必应来进行快速的账户信息收集

zombie@haktop:/tools/email/theHarvester# ./theHarvester.py -d defcon.com -b google -l 500

*************************************

*TheHarvester Ver. 1.5 *

*Coded by Christian Martorella *

*Edge-Security Research *

*cmartorella@edge-security.com *

*************************************

Searching for defcon.com in google :

======================================

Total results: 462000

Limit: 500

Searching results: 0

Searching results: 100

Searching results: 200

Searching results: 300

Searching results: 400

Accounts found:

====================

quietpro@defcon.com

nick.s@defcon.com

robert@defcon.com

lynne@defcon.com

@defcon.com

joe@defcon.com

info@defcon.com

dtangent@defcon.com

====================

Running MSF search_email_collector…

[*] Please wait while we load the module tree…
[*] Harvesting emails …..
[*] Searching Google for email addresses from defcon.com
[*] Extracting emails from Google search results…
[*] Searching Bing email addresses from defcon.com
[*] Extracting emails from Bing search results…
[*] Searching Yahoo for email addresses from defcon.com
[*] Extracting emails from Yahoo search results…
[*] Located 7 email addresses for defcon.com
[*] headsets@defcon.com
[*] info@defcon.com
[*] jobs@defcon.com
[*] nick.s@defcon.com
[*] nick@defcon.com
[*] robert@defcon.com
[*] spr@defcon.com

========================================================================

#!/bin/bash

echo “Running MSF search_email_collector…”
echo
ruby /pentest/exploits/framework3/msfcli auxiliary/gather/search_email_collector DOMAIN=$1 OUTFILE=$1_emails.txt E
echo
echo “Running theHarvester on Google, BING, MSN, PGP…”
echo
perl /pentest/enumeration/google/theHarvester/theHarvester.py -d $1 -b google -l 500 >> $1_emails.txt
perl /pentest/enumeration/google/theHarvester/theHarvester.py -d $1 -b msn -l 500 >> $1_emails.txt
perl /pentest/enumeration/google/theHarvester/theHarvester.py -d $1 -b pgp >> $1_emails.txt
cat $1_emails.txt | grep @ |grep -v @edge-security.com |sort > $1_emails.txt
echo
echo “Searching for LinkedIN profiles with theHarverster…”
perl /pentest/enumeration/google/theHarvester/theHarvester.py -d $1 -b linkedin -l 40 >> $1_emails.txt
echo
echo “Finishing… E-mail Results:”
echo
cat $1_emails.txt

done =)

随机文章

«
»

本文还暂无回复

添加回复

支持 Ctrl+Enter 快速提交