Follow Me on Twitter
 
Bookmark this page now!
 		Donate
Home Tutorials Downloads Blog Links About contact

Tutorials

TUTORIALS
UBERHARVEST TOOL USAGE
This page will provide uberharvest users some guidelines and examples for using the uberharvest tool
Please type the following command to see uberharvest help and all supported feature by uberharvest with the current release
root@ubuntu:~/uberharvest# ./uberharvest –help
THE RESULTS ARE
Welcome to UBERSEC direct email harvester (uberharvest)
INFORMATION:
This FREE tool was designed to get a user to enter a website or load a file with many URLs. Once the URL(s) have been entered, the harvest tool crawl through the website (and all the links within that website) searching for valid email addresses. The application can search for email addresses randomly (i.e. @ or the user can chose to search for email addresses for a specific domain (i.e. for www.ubersec.com the application can search for all @ubersec.com email addresses within the website). Then the user can chose to either print the results on the screen or save them into a file. In addition, the application can also be used to search for Mail Exchange (MX) server correspond with each URL that have been found by the application. Then that information can be used to test if the MX server is also an Open-Relay server or not.
TIP,
The information and emails can be used for penetration testing purposes. Yet, you are encouraged to not use that script for malicious purposes or hurting other people or any organizations.
USAGE:


  1. Type ./uberharvest [option] and you are ready to roll.
  2. Type ./uberharvest –load OR-l to get uberharvest to read website(s) from a text file

    This option can help to extract emails more than just one website per search. Please assure that you only specify valid websites. For example,
    http://www.ubersec.com
    http://www.abcdef.edu
    http://xxx.xxxxxxx.xxx => (x = whatever website you need to search through).
    TIP,
    If uberharvest recognizes a filename with the name: web.txt inside the vault/ directory, it will ask if you want to load that file first. So, place your website inside a filename named vault/web.txt

  3. Type ./uberharvest –menu OR -m to load the mainmenu.
  4. Type ./uberharvest –deep OR -de for really deep scanning of URL links.
  5. Type ./uberharvest –verbose OR -v for complete verbosity.

    TIP,
    Anything with verbose usually takes longer. Just keep it in mind!

  6. Type ./uberharvest –update OR -u for getting new updates.
  7. Type ./uberharvest –development OR -d for development version.
  8. Type ./uberharvest –mailserver OR -mx for scanning for email exchange servers.
  9. Type ./uberharvest –relay OR -r for scanning for email exchange servers.

    With -v option uberharvest will use NMAP to scan Operating System fingerprinting.

  10. Type ./uberharvest -m OR -l AND –proxy for using proxy option while
    using opetion <1> and <2> in the usage list above.

    IP = The IP address of the proxy server SOCKET= The socket number for that IP Address
    For example, –proxy 192.168.1.1:3128 OR 132.170.3.33:3128
    TIP,
    Refer to the anonymous.txt file for an anonymous proxy list. The list will get updated by ubersec as needed.

  11. Type ./uberharvest –auto OR -a for automating:

    – Email harvest
    – MX collection
    – Open-Relay search

DIRECTIONS:
Please refer to the README file since it actually contains some examples scenarios.
DISCLAIMER:
This tool was created by Yakov Goldberg for legal penetration testing purposes only. The tools is FREE of charge and must only be used for helping society and improving upon cyber security. That tool (uberharvest) was created to automate and make the life of security professionals a little easier. Thus, this tool MUST NOT be used to harm any entity or cuase an damage. Yakov Goldberg does not claim any responsibility for any information that is retrieved by using this tool and any other further reckless or intentional malicious or none malicious attacks that someone might or may attempt to do by using the information gathered from this tool.
*** Please report any bugs to the ubersec team at support(at)ubersec(dot)com ***
–SNIP–SNIP–SNIP–
You are done!
Now let’s scan a regular website for harvesting email addresses from this site. Please type the followings:
EXAMPLE 1
The following tag [-m] will load the uberharvest tool and require the user to type one URL address of a website he or she are interested in for harvesting email address.
root@ubuntu:~/uberharvest# ./uberharvest -m
Now you will be required to type a full website address that you would like to scan
Please enter a valid web address. For example, http://www.ubersec.com
Please enter the address:http://www.ubersec.com
I typed this full URL http://www.ubersec.com for scanning this website
QUESTION 1
Would you like to search for a specific email address domain? For example, @ubersec.com
[Y]es – The user will specify domain name (i.e. ubersec.com)
[N]o – The tool will search for random emails (i.e. <wildcard>@ <wildcard>.<wildcard>)
Please type Y or N:n
If you select [y], you will have to specify a domain name such as ubersec.com or @ubersec.com. In that case, uberharvest will search through the website and harvest all email that follow the <wildcard>@ubersec.com criteria.
If you select [n], the uberharvest tool will search through the target website and harvest all emails (i.e. <wildcard>@ <wildcard>.<wildcard>)
QUESTION 2
Would you like to save output to a text file?
[Y]es – The output will be saved to a file
[N]o – The output will be displayed on the screen
Please type Y or N: n
If you select [n], the output will be displayed on the screen only.
If you select [y], the output will be save on a results will be saved to a file in the [vault/] folder
QUESTION 3
Would you like to search only for URLs that are specific for the website that you are interested?
HINT,
For example, if your website is http://www.ubersec.com if you say [Y], uberharvest will only search for emails within links the belong to ubersec.com rather than jumping to other websites.
[Y]es – Uberharvest will only search for emails in links that belong to that website (i.e. ubersec.com)
[N]o – Uberharvest will search for emails also in other links that are referenced in the website.
Please type Y or N:n
If you select [n], uberharvest tool will search through www.ubersec.com website, get all other links mention in the ubersec website and finally the tool will search within these links for all other email addresses.
If you select [y], uberharvest tool will search through www.ubersec.com website, get only the links that belongs to ubersec.com and finally search within these links for all other email addresses.
Press [Enter] and off we go…
THE RESULTS ARE

tutorial_1

I deleted most of the emails from the image above to not disclose other entities emails.
You are done!
EXPLANATION
The results above indicate that the uberharvest tool was able to harvest emails by crawling www.ubersec.com website. The email addresses in the list belong to other entities as well. However, if you want to get more granular with your results and only get emails associated with ubersec.com then you can specific that you want only emails associated with ubersec.com domain in questions 1 and then you need to select [yes] in question 3. The example shown below.
EXAMPLE 2
The following tag [-m] will load the uberharvest tool and require the user to type one URL address of a website he or she are interested in for harvesting email address. Likewise, the following tag [-v] will cause uberharvest to print the scanning in a verbose mode. The [verbose] option is good for debugging but bad for accuracy.
root@ubuntu:~/uberharvest# ./uberharvest –m -v
Verbose is [ON]
Please enter a valid web address. For example, http://www.ubersec.com
Please enter the address:http://www.ubersec.com
I typed this full URL http://www.ubersec.com for scanning this website
QUESTION 1
Would you like to search for a specific email address domain? For example, @ubersec.com
[Y]es – The user will specify domain name (i.e. ubersec.com)
[N]o – The tool will search for random emails (i.e. <wildcard>@ <wildcard>.<wildcard>)
Please type Y or N:y
Please enter the email domain name. For example, @ubersec.com
Please enter it now: ubersec.com
You have selected: @ubersec.com
QUESTION 3
Would you like to search only for URLs that are specific for the website that you are interested?
HINT,
For example, if your website is http://www.ubersec.com if you say [Y], uberharvest will only search for emails within links the belong to ubersec.com rather than jumping to other websites.
[Y]es – Uberharvest will only search for emails in links that belong to that website (i.e. ubersec.com)
[N]o – Uberharvest will search for emails also in other links that are referenced in the website.
Please type Y or N:y
THE RESULTS ARE
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://ubersec.com/

['support@ubersec.com', 'support@ubersec.com']
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://ubersec.com/tutorials/

['support@ubersec.com', 'support@ubersec.com']
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://ubersec.com/downloads/

HTTP Error 403: Forbidden
Code 403 is Forbidden
No email address was found!
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://blog.ubersec.com/index.php

['support@ubersec.com','subject=/C=US/ST=VIRGINIA/L=NORFOLK/O=UBERSEC/OU=WEB/CN=UBERSEC/emailAddress=support@ubersec.com','support@ubersec.com','support@ubersec.com']
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://ubersec.com/links/

['support@ubersec.com', 'support@ubersec.com']
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://ubersec.com/about-us/

['support@ubersec.com', 'support@ubersec.com']
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://ubersec.com/contact/

['support@ubersec.com', 'support@ubersec.com']
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://ubersec.com

['support@ubersec.com', 'support@ubersec.com']
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://ubersec.com/tutorials

['support@ubersec.com', 'support@ubersec.com']
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://ubersec.com/about-us

['support@ubersec.com', 'support@ubersec.com']
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://ubersec.com/links

['support@ubersec.com', 'support@ubersec.com']
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://ubersec.com/contact

['support@ubersec.com', 'support@ubersec.com']
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://ubersec.com/downloads

HTTP Error 403: Forbidden
Code 403 is Forbidden
No email address was found!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://ubersec.com/site-map

['support@ubersec.com', 'support@ubersec.com']
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://ubersec.com/terms

['support@ubersec.com', 'support@ubersec.com']
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://www.ubersec.com

['support@ubersec.com', 'support@ubersec.com']

DNS address: ubersec.com –> ’68.178.254.200′
MX server: smtp.secureserver.net. –> ’216.69.186.201′
MX server: mailstore1.secureserver.net. –> ’72.167.238.201′

1.21 seconds process time

–SNIP– –SNIP– –SNIP–

EXPLANATION
The results above indicate that the uberharvest tool was able to harvest emails by crawling www.ubersec.com website. Due to our selection of only harvesting emails for the ubersec.com domain in questions 1, uberharvest tools was able to only print out email that belong to this domain. In addition, our selection of [yes] questions 3 reduced the crawling time down since uberharvest did not have to crawl through links that don’t belong to ubersec.com. Furthermore, we also enabled the verbosity option. With that option enabled, uberharvest was able to print out all the links that were crawled through by uberharvest.
EXAMPLE 3
In the next example we will attempt rub uberharvest using a proxy server instead of our own public Internet Protocol (IP) address. Using a proxy IP address will help us become stealth and get the target webserver to believe that the traffic comes in from the proxy server rather than our IP address. Here is the command to do so :
root@ubuntu:~/uberharvest# cat anonymous.txt
141.20.103.210:3128
213.73.40.105:3128
128.220.231.2:3127
128.220.231.2:3128
128.119.41.211:3127
141.20.103.211:3128
141.219.252.132:3128
–SNIP– –SNIP– –SNIP–
Now select one proxy server from the list and type the followings :
root@ubuntu:~/uberharvest# ./uberharvest –m –p 128.220.231.2:3128
Found valid IP address:128.220.231.2
Testing proxy address: 204.85.191.11:3128 Proxy is working properly!
Proxy is [ON]
Please enter a valid web address. For example, http://www.ubersec.com
Please enter the address:http://www.ubersec.com
I typed this full URL http://www.ubersec.com for scanning this website
QUESTION 1
Would you like to search for a specific email address domain? For example, @ubersec.com
[Y]es – The user will specify domain name (i.e. ubersec.com)
[N]o – The tool will search for random emails (i.e. <wildcard>@ <wildcard>.<wildcard>)
Please type Y or N:n
If you select [y], you will have to specify a domain name such as ubersec.com or @ubersec.com. In that case, uberharvest will search through the website and harvest all email that follow the <wildcard>@ubersec.com criteria.
If you select [n], the uberharvest tool will search through the target website and harvest all emails (i.e. <wildcard>@ <wildcard>.<wildcard>)
QUESTION 2
Would you like to save output to a text file?
[Y]es – The output will be saved to a file
[N]o – The output will be displayed on the screen
Please type Y or N: n
If you select [n], the output will be displayed on the screen only.
If you select [y], the output will be save on a results will be saved to a file in the [vault/] folder
QUESTION 3
Would you like to search only for URLs that are specific for the website that you are interested?
HINT,
For example, if your website is http://www.ubersec.com if you say [Y], uberharvest will only search for emails within links the belong to ubersec.com rather than jumping to other websites.
[Y]es – Uberharvest will only search for emails in links that belong to that website (i.e. ubersec.com)
[N]o – Uberharvest will search for emails also in other links that are referenced in the website.
Please type Y or N:y
THE RESULTS ARE
The results indicate that I was able to harvest only one VALID email address form www.ubersec.com website:

tutorial_4

EXPLANATION
As you can see in the image below, I was able to authenticate a connection via a proxy server 128.220.231.2 and port 3128. If you look on the right red rectangle box you can clearly see that I was harvesting www.ubersec.com through this proxy server that I have selected from my anonymous list.

tutorial_3

EXAMPLE 4
The following examples show the results of using the [--random] and [-p] proxy tags together. With the latest version of uberharvest version 2.57 I included another option for randomizing user-agents while crawling through a website. By using a random user-agents option the user causes that logs on the target web server to show that crawling through the links provided in the website were actually done from a different Internet browser source. However, in reality all the crawling process was taken by the same application and same source IP address. This technique is excellent to trick log auditors to believe that nothing suspicious is going on with your source IP address. In addition, the I also included the [-p] proxy feature to avoid all the crawling processes to trace back to my machine public source IP address. At least this is what will be shown in the logs on the target web server. Below is the command that I have used.
root@ubuntu:~/uberharvest#./uberharvest -m -p 203.91.39.23:8080 –v –random
The image below show that verbose, proxy and the random features are on.

tutorial_5

THE RESULTS ARE
The image below show the results for the scan. As you can see, each time uberharvest was crawling through a link within the target website uberharvest was using different user-agent.

tutorial_6

EXAMPLE 5
The following command attempts to update the uberharvest tool.
root@ubuntu:~/uberharvest#./uberharvest -u
As you can see in the image below uberharvest have found a newer version of the application and is now attempting to update to the most current version.

tutorial_7

EXAMPLE 6
The following example will attempt to load a text file with that consist of a list of URLs to scan. Yet, before you attempt to load the text file, please make the file and then put the file in the [vault] folder. For example,
root@ubuntu:~/uberharvest#cd vault/
Now type,
root@ubuntu:~/uberharvest/vault#texteditor [filename]
OR,
root@ubuntu:~/uberharvest/vault#nano website.txt
Now add some URL to the file and save it. Once the file was save go back to the uberharvest folder and type the followings :
root@ubuntu:~/uberharvest#./uberharvest -l -v
The [-l] method tells uberharvest to load a list of URLs from a text file located in the vault folder
QUESTION 1
Would you like to search for a specific email address domain? For example, @ubersec.com
[Y]es – The user will specify domain name (i.e. ubersec.com)
[N]o – The tool will search for random emails (i.e. <wildcard>@ <wildcard>.<wildcard>)
Please type Y or N:n
QUESTION 2
Would you like to save output to a text file?
[Y]es – The output will be saved to a file
[N]o – The output will be displayed on the screen
Please type Y or N: n
QUESTION 3
Would you like to search only for URLs that are specific for the website that you are interested?
HINT,
For example, if your website is http://www.ubersec.com if you say [Y], uberharvest will only search for emails within links the belong to ubersec.com rather than jumping to other websites.
[Y]es – Uberharvest will only search for emails in links that belong to that website (i.e. ubersec.com)
[N]o – Uberharvest will search for emails also in other links that are referenced in the website.
Please type Y or N:y
Found the following file: website.txt
QUESTION 4
Would you like to load that file: website.txt ?
[Y]es – To load that file
[N]o – I will type file in a different location
Please type Y or N:Y
At question 4, uberharvest was able to locate the website.txt file located in the vault folder. So if you type [Y] for yes, uberharvest will load that file and read each URL. However, if you type [N] for no, you will be requested to enter the location of the text file that you are wishing to load. For me scenario I typed [y] for loading that file.
THE RESULTS ARE

tutorial_8

I deleted most of the emails from the image above to not disclose other entities emails.
EXPLANATION
The results indicate that uberharvest was able to file two valid URLs inside the website.txt file. The each URL has been loaded to the system and uberharvest started harvesting emails from the link(s) associated with each URL.
EXAMPLE 7
The following example will attempt to scan the target URL entered by the user and get all DNS and Mail Exchange (MX) servers associated with that URL. For example,
root@ubuntu:~/uberharvest# ./uberharvest -mx –v
Verbose is [ON]
QUESTION 1
Would you like to search for mail exchange server of one server or supply a text file to search through many URLs at once?
[Y]es – The user will specify one full website (i.e. http://www.ubersec.com)
[N]o – The use will specify add a text file with a list of websites
Please type Y or N: y
The first question allow the user to either enter a single URL to be scanned by uberharvest by typing [y] for YES. Likewise, if the user wants to load a text file with a list of URLs then he or she can place that text file in the [vault/] folder and then select [n] for no in order to load that file to the system.
QUESTION 2
Would you like to save output to a text file?
[Y]es – The output will be saved to a file
[N]o – The output will be displayed on the screen
Please type Y or N: n
Please enter a valid web address. For example, http://www.ubersec.com
Please enter the address:http://www.ubersec.com
I typed this full URL http://www.ubersec.com for scanning this website
THE RESULTS ARE
DNS address: ubersec.com –> IP: 68.178.254.200
MX server: smtp.secureserver.net –> IP: 72.167.238.201 has preference: 0
MX server: mailstore1.secureserver.net –> IP: 72.167.238.201 has preference: 10
0.01 seconds process time
Done!
Going bye bye. Come back soon!
EXPLANATION
The results above indicate that ubersec.com domain uses two different MX servers. The first MX server on the list have a preference of 0 which simply means that all inbound and outbound emails to and from ubersec.com domain will go through that MX server first. If that server is not available, the emails will then be routed through the second MX server which have preference of 10.
EXAMPLE 8
The following example will attempt to scan the target URL entered by the user using the –random tag for random user-agents, -p {proxy} for using proxy and the -xml to print out an XML report along with XSL stylesheet. For example,
root@ubuntu:~/uberharvest# ./uberharvest -m –random -xml -p 152.26.53.2:80
THE RESULTS ARE

tutorial_15

EXPLANATION
The results above indicate that the scan has been completed and uberharvest created an XML reprot. Now the user can user firefox web browser to view the results. The user need to type the following:
root@ubuntu:~/uberharvest# #firefox /root/uberharvest/report/uberharvest.xml &
If the report was created successfully, the user should see the XML file and the results on the brwoser. Look below for example.

tutorial_14

TO BE CONTINUED…
Did you like this page? Please tell your friends on social network by recommending this page.

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

UBERsec Homepage

Links

A few Links

Our recommended books

Load our page using a scanner

barcodelink.net

Home | Tutorials | About us | Links | Contact | Downloads | Blog | Donate | Site Map | Terms & Privacy

support[AT]ubersec[DOT]com


web counter html code

Page Rank