Linux

Email Gathering with Metasploit

Metasploit

For those of you who don’t know, there is an auxiliary email module that lets you collect an email address from a domain name using Metasploit. It’s called the ‘Engine Domain Email Address Collector” which is just easy to use. And so lemme guide you on how to use this auxiliary module. First you need to start the Metasploit Console by typing:

msfconsole

Then type :

 use auxiliary/gather/search_email_collector

Auxiliary Email Module

If you don’t want to memorize the whole auxiliary command you can just use this command:

search collector


Now you need to set the domain that you want to harvest eg gmail.com, yahoo.com, rootcon.org but for this tutorial, we will use gmail.com.

set domain gmail.com

If you want to store the harvested emails just type set outfile then the path and the filename of the file, for example:

set outfile /root/list.txt

To begin harvesting, just type run:

run

After that, you should be able to see the harvested emails. =)

4 Comments

  1. This has been really helpful…and am bookmarking this site…i will like to ask if there is anyway to extent the search to get more emails…u search gmail domain & u get like 500 emails…we all know there are millions of gmail users…so is there a way to extend the search.

    Thx

    Reply
    1. Author

      You mean you like to capture all the emails registered to gmail?

      Actually this email gatherer uses search engines to find a domain email address and crawls on sites which may have emails that matches to the domain you want to search on. The best possible way to get more emails is by using other websites 😉

      For example:
      set domain yahoo.com
      set domain bing.com
      set domain live.net
      set domain youjizz.com

      /etc

      Reply

Leave a Reply