-
Notifications
You must be signed in to change notification settings - Fork 14.1k
/
search_email_collector.rb
141 lines (123 loc) · 4.79 KB
/
search_email_collector.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'net/http'
class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report
def initialize(info = {})
super(update_info(info,
'Name' => 'Search Engine Domain Email Address Collector',
'Description' => %q{
This module uses Google, Bing and Yahoo to create a list of
valid email addresses for the target domain.
},
'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>' ],
'License' => MSF_LICENSE))
register_options(
[
OptString.new('DOMAIN', [ true, "The domain name to locate email addresses for"]),
OptBool.new('SEARCH_GOOGLE', [ true, 'Enable Google as a backend search engine', true]),
OptBool.new('SEARCH_BING', [ true, 'Enable Bing as a backend search engine', true]),
OptBool.new('SEARCH_YAHOO', [ true, 'Enable Yahoo! as a backend search engine', true]),
OptString.new('OUTFILE', [ false, "A filename to store the generated email list"]),
])
register_advanced_options(
[
OptString.new('PROXY', [ false, "Proxy server to route connection. <host>:<port>",nil]),
OptString.new('PROXY_USER', [ false, "Proxy Server User",nil]),
OptString.new('PROXY_PASS', [ false, "Proxy Server Password",nil])
])
end
# Search google.com for email's of target domain
def search_google(targetdom)
print_status("Searching Google for email addresses from #{targetdom}")
response = ""
emails = []
header = { 'User-Agent' => Rex::UserAgent.session_agent }
clnt = Net::HTTP::Proxy(@proxysrv,@proxyport,@proxyuser,@proxypass).new("www.google.com")
searches = ["100", "200","300", "400", "500"]
searches.each { |num|
resp = clnt.get2("/search?hl=en&lr=&ie=UTF-8&q=%40"+targetdom+"&start=#{num}&sa=N&filter=0&num=100",header)
response << resp.body
}
print_status("Extracting emails from Google search results...")
response.gsub!(/<.?em?[>]*>/, "")
response.scan(/[A-Z0-9._%+-]+@#{targetdom}/i) do |t|
emails << t
end
return emails.uniq
end
# Search Yahoo.com for email's of target domain
def search_yahoo(targetdom)
print_status("Searching Yahoo for email addresses from #{targetdom}")
response = ""
emails = []
header = { 'User-Agent' => Rex::UserAgent.session_agent }
clnt = Net::HTTP::Proxy(@proxysrv,@proxyport,@proxyuser,@proxypass).new("search.yahoo.com")
searches = ["1", "101","201", "301", "401", "501"]
searches.each { |num|
resp = clnt.get2("/search?p=%40#{targetdom}&n=100&ei=UTF-8&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vd=all&vst=0&vf=all&vm=p&fl=0&fr=yfp-t-152&xargs=0&pstart=1&b=#{num}",header)
response << resp.body
}
print_status("Extracting emails from Yahoo search results...")
response.gsub!(/<.?b?[>]*>/, "")
response.scan(/[A-Z0-9._%+-]+@#{targetdom}/i) do |t|
emails << t.downcase
end
return emails.uniq
end
# Search Bing.com for email's of target domain
def search_bing(targetdom)
print_status("Searching Bing email addresses from #{targetdom}")
response = ""
emails = []
header = { 'User-Agent' => Rex::UserAgent.session_agent }
clnt = Net::HTTP::Proxy(@proxysrv,@proxyport,@proxyuser,@proxypass).new("www.bing.com")
searches = 1
while searches < 201
begin
resp = clnt.get2("/search?q=%40#{targetdom}&first=#{searches.to_s}",header)
response << resp.body
rescue
end
searches = searches + 10
end
print_status("Extracting emails from Bing search results...")
response.gsub!(/<.?strong?[>]*>/, "")
response.scan(/[A-Z0-9._%+-]+@#{targetdom}/i) do |t|
emails << t.downcase
end
return emails.uniq
end
# for writing file with all email's found
def write_output(data)
print_status("Writing email address list to #{datastore['OUTFILE']}...")
::File.open(datastore['OUTFILE'], "ab") do |fd|
fd.write(data)
end
end
def run
if datastore['PROXY']
@proxysrv,@proxyport = datastore['PROXY'].split(":")
@proxyuser = datastore['PROXY_USER']
@proxypass = datastore['PROXY_PASS']
else
@proxysrv,@proxyport = nil, nil
end
print_status("Harvesting emails .....")
target = datastore['DOMAIN']
emails = []
emails << search_google(target) if datastore['SEARCH_GOOGLE']
emails << search_bing(target) if datastore['SEARCH_BING']
emails << search_yahoo(target) if datastore['SEARCH_YAHOO']
emails.flatten!
emails.uniq!
emails.sort!
print_status("Located #{emails.length} email addresses for #{target}")
emails.each do |e|
print_status("\t#{e.to_s}")
end
write_output(emails.join("\n")) if datastore['OUTFILE']
end
end