Email harvesting with Metasploit

Email harvesting is the process of obtaining lists of email addresses using various methods. You can check on your own what emails, attackers are going to find about your domain using Metasploit’s module, Search Engine Domain Email Address Collector. This module uses Google, Bing and Yahoo to create a list of valid email addresses for the target domain. This tool is very useful in automated information gathering during a penetration test.

Select auxiliary module:

use auxiliary/gather/search_email_collector

Show options:

show options

Set Domain:

set domain mydomain.com

Set Output File (Save results):

set output /myuser/reports/results_file

Run:

run
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s