White Hat Institute

Email address harvesting

Email harvesting is the process of attaining a large number of email addresses through different methods. The purpose of gathering email addresses is for use for spamming or in bulk emailing. The most common way of email gathering is by using specialized harvesting software known as harvesting bots, or harvesters. In this tutorial, we will discuss a tool called “theHarvester,” which comes pre-built in Kali Linux.

This tool is intended to help security analysts in the early stages of penetration testing to understand the user footprint on the Internet. It is likewise noteful for anyone that wants to know what an attacker can see about their organization.

To start the tool type, “theharvester” in your terminal and hit “Enter.”

theharvester, Email harvesting

The Harvester has rather basic command syntax. The following outlines the Harvester’s basic command syntax: “theharvester -d [domain] -l [number of results] -b [source of search query].”

Ex: (root@kali:~# theharvester -d myorganization.com -l 500 -b google).

Note that you can alternate different domains and search engines, also. Consider that you could use the gathered email addresses as tools to attack login passwords through account recovery procedures. But don’t do that in real life — know that the hackers can utilize the Harvester this way.