UberHarvest - Email & Domain Harvesting Multi Purpose Tool

This FREE tool was designed to get a user to enter an individual website or load a text file containing many URLs at once. Once the URL(s) have been entered, the uberharvest application crawl through the website (and all the links within that website) searching for valid email addresses. The application can search for email addresses randomly (i.e. something@domain.something or the user can chose to search for email addresses for a specific domain (i.e. for www.ubersec.com the application can search for all @ubersec.com email addresses within the website). 

Then the user can chose to either print the results on the screen or save them into a text file or print them out to an XML file with XSL style-sheet. In addition, the application can also be used to search for Mail Exchange (MX) server Internet Protocol (IP) addresses corresponding with each URL that has been found by the uberharvest application. And then that information can be used by the uberharvest application to test if the MX server is also an Open-Relay server or not. Yet, the uberharvest application also provides the user with the option to use a random user-agent crawling each link and performing the scans using anonymous proxy servers.

Requirements

The uberharvest tool was designed in the Python language. It requires Python version 2.52 and UP to work properly. If you are using Ubuntu/Backtrack and you have a Python version that is lower than the Python 2.52 supported version, please refer my blog for instructions on downloading and switching a newer version of Python.

Uberharvest also require the user to manually download and install Network Mapper (NMAP) from http://www.insecure.org

Uberharvest Features

— Harvest for email addresses from one website or many at once

— Get target website domain name, domain IP and Geo location

— Scan target website for Mail Exchange (MX) servers IP address.

— Test whether the target MX servers are open-relay server

— Get the target web server version and x-powered-by from the header

— Harvest information using evasion techniques through the use of anonymous proxy and different user-agents.

— Get target server domains from Google search engine

— Use the UP ARROW to reuse old input to increase time efficiency

— Print out results in XML format and XSL style-sheet.

Disclaimer

This tool was created by Yakov Goldberg for legal penetration testing purposes only. The tool is FREE of charge and must only be used for helping society and improving upon cyber security. That tool (uberharvest) was created to automate and make the life of security professionals a little easier. Thus, this tool MUST NOT is used to harm any entity or cause an damage. Yakov Goldberg does not claim any responsibility for any information that is retrieved by using this tool and any other further reckless or intentional malicious or none malicious attacks that someone might or may attempt to do by using the information gathered from this tool.

Operating System(s) compatibility

The uberharvest tool was designed by the Python language and is currently compatible with newer UBUNTU/Backtrack releases. However, all other Linux distribution users may try to attempt using the Uberharvest application as well. Yet, the instructions below are compatible with UBUNTU only so none UBUNTU users may need to refer to some other websites to get some instructions other than those provided in this website for installing modules and perquisites required for using the uberharvest tool. Uberharvest have been tested in the following Ubuntu/Backtrack distributions:

Distributor ID: Ubuntu

Description: Ubuntu 10.04.2 LTS

Release: 10.04

Codename: lucid

Distributor ID: Ubuntu

Description: Ubuntu 10.10

Release: 10.10

Codename: maverick

Distributor ID: BackTrack

Description: BackTrack 4 R2

Release: 4 R2

Codename: Nemesis

Distributor ID: Ubuntu

Description: Ubuntu 11.10

Release: 11.10

Codename: oneiric

Distributor ID: BackTrack 5

Download and installation process

ehacking@ubuntu:~ $su -

ehacking@ubuntu:~ #wget http://ubersec.com/downloads/uberharvest_2_80.tar.bz2

ehacking@ubuntu:~ #md5sum uberharvest_2_80.tar.bz2

Now compare the md5sum value with the value posted in www.ubersec.com/downloads

ehacking@ubuntu:~ #bzip2 -cd uberharvest_2_80.tar.bz2 | tar xvf -

ehacking@ubuntu:~ #cd

ehacking@ubuntu:~/uberharvest#./setup

EXAMPLE 1

The following tag [-m] will load the uberharvest tool and require the user to type one URL address of a

website he or she are interested in for harvesting email address.

ehacking@ubuntu:~/uberharvest#./uberharvest -m

STEPS:

Now you will be required to type a full website address that you would like to scan

Please enter a valid web address. For example, http://www.ubersec.com

Please enter the address: http://www.ubersec.com

I typed this full URL http://www.ubersec.com for scanning this website

QUESTION 1

Would you like to search for a specific email address domain? For example, @ubersec.com

[Y]es – The user will specify domain name (i.e. ubersec.com)

[N]o – The tool will search for random emails (i.e. @ .)

Please type Y or N:n

If you select [y], you will have to specify a domain name such as ubersec.com or @ubersec.com.

In that case, uberharvest will search through the website and harvest all email that follow the

@ubersec.com criteria.

If you select [n], the uberharvest tool will search through the target website and harvest all emails (i.e.

@ .)

QUESTION 2

Would you like to save output to a text file?

[Y]es – The output will be saved to a file

[N]o – The output will be displayed on the screen

Please type Y or N: n

If you select [n], the output will be displayed on the screen only.

If you select [y], the output will be save on a results will be saved to a file in the [vault/] folder

QUESTION 3

Would you like to search only for URLs that are specific for the website that you are interested?

HINT,

For example, if your website is http://www.ubersec.com if you say [Y], uberharvest will only search for emails within links that belong to ubersec.com rather than jumping to other websites.

[Y]es – Uberharvest will only search for emails in links that belong to that website (i.e. ubersec.com)

[N]o – Uberharvest will search for emails also in other links that are referenced in the website.

Please type Y or N:n

If you select [n], uberharvest tool will search through www.ubersec.com website, get all other links mention in the ubersec website and finally the tool will search within these links for all other email addresses.

If you select [y], uberharvest tool will search through www.ubersec.com website, get only the links that belongs to ubersec.com and finally search within these links for all other email addresses.

Press [Enter] and off we go…

THE RESULTS ARE

More tutorials and updates can be found Here.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.