1
00:00:00,150 --> 00:00:06,780
All right I want to show you one more tool and I want to point out too that the tools I've been showing

2
00:00:06,780 --> 00:00:15,570
you so far for email gathering and credential gathering are not all inclusive.

3
00:00:15,570 --> 00:00:22,230
You can absolutely find the tools that work for you that are the best and that you prefer.

4
00:00:22,290 --> 00:00:29,190
And I also encourage you to come through here up and applications and information gathering and give

5
00:00:29,190 --> 00:00:33,370
a look at some of the tools up here even if we don't cover them in this course.

6
00:00:33,540 --> 00:00:34,980
Definitely google them.

7
00:00:34,980 --> 00:00:35,690
Click through them.

8
00:00:35,700 --> 00:00:36,910
See if you like them.

9
00:00:37,020 --> 00:00:39,930
Just because I don't use a tool doesn't mean you can't.

10
00:00:39,940 --> 00:00:42,710
And get hub has a wealth of tools as well.

11
00:00:42,810 --> 00:00:46,100
You know it's just important for you to find your craft.

12
00:00:46,140 --> 00:00:51,000
So I'm going to show you one more tool and I'm just gonna show you a tool that is built into Kelly Linux

13
00:00:51,240 --> 00:00:55,490
that can help us identify some more user names and even some subdomains.

14
00:00:55,560 --> 00:01:01,110
So this tool is called the harvester and we can say the harvester like this and this will this tell

15
00:01:01,110 --> 00:01:02,620
us a little bit about it.

16
00:01:02,850 --> 00:01:04,530
And we see examples down here.

17
00:01:04,530 --> 00:01:10,710
So what it's going to do is you specify a domain and you specify how deep into a search you want to

18
00:01:10,710 --> 00:01:11,010
go.

19
00:01:11,010 --> 00:01:12,870
So here's five hundred searches.

20
00:01:13,110 --> 00:01:14,850
And what you want to search on.

21
00:01:14,850 --> 00:01:20,940
So for example Google and then you can do output results et cetera but if we scroll up a little bit

22
00:01:21,000 --> 00:01:23,930
you can see the different data sources that they have.

23
00:01:23,940 --> 00:01:26,910
So it goes Google being look at all these things.

24
00:01:26,910 --> 00:01:27,630
Yahoo.

25
00:01:27,630 --> 00:01:34,650
Virus Total Twitter Hunter Io which we've talked about we can do an all but we would have to have api

26
00:01:34,650 --> 00:01:41,510
keys for some of these like Hunter Io requires an API key so we can get in-depth with this and go farther.

27
00:01:41,640 --> 00:01:44,560
But we would need some API keys to do that.

28
00:01:44,580 --> 00:01:48,360
So just for an example we're just going to use one site.

29
00:01:48,360 --> 00:01:54,390
We're going to do a domain of Tesla dot com and we'll do a length of five hundred like example shows

30
00:01:54,620 --> 00:01:57,910
and we'll just do a dash fee for Google.

31
00:01:58,050 --> 00:01:59,910
Go ahead and hit enter when you have that

32
00:02:03,030 --> 00:02:04,800
and we're just going to let this run.

33
00:02:04,830 --> 00:02:12,210
So what we're after here is just a little bit of information gathering from a domain search.

34
00:02:12,210 --> 00:02:12,540
Right.

35
00:02:12,570 --> 00:02:18,010
So we're going to search through Google here but you have all those other examples available to you.

36
00:02:18,060 --> 00:02:22,070
And what's nice about this is it's just built in to Cali winnings.

37
00:02:22,350 --> 00:02:23,780
So get familiar with the tools.

38
00:02:23,790 --> 00:02:30,070
Not only that I show you but that are built into clinics and you will be incredibly incredibly well

39
00:02:30,070 --> 00:02:30,870
rounded.

40
00:02:30,870 --> 00:02:39,750
So here you can see that within a few seconds as I was speaking here for a minute it gave us three e-mails

41
00:02:40,080 --> 00:02:43,540
which we probably would have identified in 100 Io.

42
00:02:43,650 --> 00:02:51,080
And it also gave us some subdomains which is nice and it gave us the IP addresses with those subdomains.

43
00:02:51,090 --> 00:02:52,330
As of right now.

44
00:02:52,470 --> 00:02:54,960
So did it do great.

45
00:02:54,960 --> 00:02:55,580
No.

46
00:02:55,620 --> 00:02:57,150
I mean it's OK.

47
00:02:57,210 --> 00:02:59,190
Do we give it to its full potential either.

48
00:02:59,190 --> 00:03:06,090
No we only went five hundred results through google something like Hunter Io pulled down 400 almost

49
00:03:06,090 --> 00:03:07,510
500 emails.

50
00:03:07,560 --> 00:03:09,890
So we got better results there.

51
00:03:09,900 --> 00:03:14,570
And there are better tools out there that are going to resolve subdomains for us as well.

52
00:03:14,580 --> 00:03:19,640
And really quick so we could potentially if we did a dash all get more out of this.

53
00:03:19,650 --> 00:03:25,320
But I did again want to show you another tool one that is commonly shown and something that you can

54
00:03:25,320 --> 00:03:29,220
use on the fly with Kelly Linux.

55
00:03:29,250 --> 00:03:35,190
So from here we're going to kind of move on and to start talking other techniques and ideas and move

56
00:03:35,190 --> 00:03:36,570
into more information gathering.

57
00:03:36,600 --> 00:03:38,120
So I'll catch you over in the next video.