Quick tutorial on how to extract email addresses from web sites.
Unlike search engines, email harvesters are only looking for email addresses. They are usually sent by spammers and any addresses they find are added to their spam database. Obviously this is a bad thing and you don’t want harvesters to find your address.
To deal with havesters, display the address using an image file so harvesters can’t see it. Users must manually enter the address into an email, you could also protect the page containing the address with a password, ”encode” the address using JavaScript or the most commom, use a contact form.
To prevent other people to harvest your email, do not post your email at the public area (forum, website etc) and disable “display email address” on your public profile.
Let’s cut the crap and start with the tutorial:
1. Go to Metasploit console by typing msfconsole, and then run:
# msf> use gather/search_email_collector
2. Now you need to set up the domain you want to locate the email address then type “run” or “exploit” and wait for results as shown in snapshot:
# set DOMAIN globo.com
# run
As you can see harvester has found 3 emails from globo.com!
That’s it. . . now collect as many emails as you can and sell to spammers! Just kidding. . .
Great tutorial!! Just wondering if there was any way I could pull specific emails from a domain. For example lets say I wanted to find the CFO of canons email Canon.com. Any help is decapitated. I tried jigsaw theharvester uberharvest but it is unreliable.
ReplyDelete