Email Gathering with Metasploit


For those of you who don’t know, there is an auxiliary email module that lets you collect an email address from a domain name using Metasploit. It’s called the ‘Engine Domain Email Address Collector” which is just easy to use. And so lemme guide you on how to use this auxiliary module. First you need to start the Metasploit Console by typing:


Then type :

 use auxiliary/gather/search_email_collector

Auxiliary Email Module

If you don’t want to memorize the whole auxiliary command you can just use this command:

search collector

Now you need to set the domain that you want to harvest eg,, but for this tutorial, we will use

set domain

If you want to store the harvested emails just type set outfile then the path and the filename of the file, for example:

set outfile /root/list.txt

To begin harvesting, just type run:


After that, you should be able to see the harvested emails. =)


  1. This has been really helpful…and am bookmarking this site…i will like to ask if there is anyway to extent the search to get more emails…u search gmail domain & u get like 500 emails…we all know there are millions of gmail users…so is there a way to extend the search.


    1. Author

      You mean you like to capture all the emails registered to gmail?

      Actually this email gatherer uses search engines to find a domain email address and crawls on sites which may have emails that matches to the domain you want to search on. The best possible way to get more emails is by using other websites 😉

      For example:
      set domain
      set domain
      set domain
      set domain



Leave a Reply