Information Gathering Phase: The Harvester and Metagoofil
- March 5th, 2010
- By BetoFTW
- Write comment
As part of a penetration test, before you start sending out exploits and attacks you have to do some information gathering. The first phase of a pentest is reconnaissance. Two good tools that can help you out in doing some information gathering is from the guys at Edge Security. The two tools I want to go over are The Harvester and Metagoofil.
You can download them here:
http://www.edge-security.com/soft.php
The Harvester:
Screen shot below is of the usage instructions for the script. You can use the Harvester to search google, bing, linkedin or pgp for email addresses or possible user names of a target network. This information can then be used to perform password guessing, or even better client side attacks via phishing emails.
Megagoofil:
The screen shot below shows the help for metagoofil. You notice the switches are similar, with -d indicating the domain you want to search. This tool will search google for documents of the types listed below. It will then download the documents and run this tool to extract metadata from each files. This metadata can include usernames, or file paths that the files contain. These file paths can contain usernames such as c:\documents and settings\<username>\My Documents\
Soon I hope to be able to provide video tutorial of these and other tools and techniques. Stay tuned,


