{
	"id": "19c48402-055e-4e1b-9025-c88939ad6630",
	"created_at": "2026-04-06T00:21:11.823812Z",
	"updated_at": "2026-04-10T03:28:20.576931Z",
	"deleted_at": null,
	"sha1_hash": "d939dcd20cbba9a58332c61ef18fbadf1a595fc9",
	"title": "Email Scraping and Maltego – Hackers Arise",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 36769,
	"plain_text": "Email Scraping and Maltego – Hackers Arise\r\nArchived: 2026-04-05 22:42:30 UTC\r\nFor more on the email scraping tool, the Harvester, click here.\r\nAs a pentester/hacker, gathering email addresses from potential victims can have multiple uses. When we have the\r\nemail addresses of key personnel, we can launch attacks by email to get people to click on a malicious link or\r\ndirect them to our malicious website where we can send XSS attacks and other browser-based attacks. In recent\r\nyears, some of the highest-profile hacks have been launched via one employee clicking on a link sent by email\r\n(RSA, NT Times, etc).   In addition, when we have the emails of our potential victims, we might attempt social\r\nengineering attacks to gain information, etc. from our potential victims. Whatever form our attack might\r\neventually take, gathering email addresses can be a valuable initial step before launching our attack.\r\nIn this tutorial, we will examine a few tools that are useful for scraping websites for available email addresses.\r\nOne of the lessons of this unit is that we might have multiple tools to do the same task with different effectiveness.\r\nI. goog- mail\r\nOne tool that has been around for a while is goog-mail. Goog-mail is a Python script for scraping email addresses\r\nfrom Google’s cached pages from a domain.\r\nTo get started with goog-mail, create a directory named goog-mail, then navigate to that directory like in the\r\nscreenshot below.\r\n Next,  use the Linux command wget to download this Python script.\r\nwget http://dl.dropbox.com/u/10761700/goog-mail.py\r\nAs you can see in the screenshot below, we have successfully downloaded goog-mail and now we must permit\r\nourselves to execute it.\r\nkali \u003e chmod 755 goog-mail.py\r\n \r\nNow, let’s point it this little tool at our favorite hacking training site, hakin9.org, to see whether it can extract any\r\nemail addresses for us.\r\nkali \u003e goog-mail hakin9.org\r\nAs you can see in the screenshot below, it has successfully extracted three (3) email addresses for us from\r\nhakin9.org. Not bad, but I think we can do better than that. Let’s look at some other email harvesting tools to see\r\nwhether we can do better.\r\n \r\nhttps://www.hackers-arise.com/email-scraping-and-maltego\r\nPage 1 of 3\n\nII. Maltego\r\nMaltego is an excellent tool for information gathering from our targets from the web with multiple capabilities.  In\r\nthis lesson, we will use only its email scraping capabilities, but in a subsequent lesson, we will look more at using\r\nmore of Maltego’s many information-gathering capabilities.\r\nKali Linux has a free edition of Maltego built in. We can access it by going to;\r\nApplications –\u003e Top 10 Security Tools –\u003e maltego\r\n \r\nMaltego will begin to open with a splash screen like that below.\r\n \r\nTo use the community/free edition of Maltego, you will need to register.\r\n \r\nAfter we register, we can begin to use this powerful tool to gain information about our target \r\nWe need to login and begin our information harvesting. Maltego describes each attempt at gathering information\r\nas a “machine”. As you can see in the screenshot below, we have numerous choices of what we want Maltego to\r\ndo. In this lesson, we will simply be doing the first choice, “Company Stalker” which gathers all the email\r\naddresses it can from a particular domain, so select the first radio button.\r\n Next, we need to tell Maltego what domain we want to target. In this case, I’m targeting SANS training institute.\r\nAs many of you know, SANS is a leading information security training firm in the U.S. Let’s see whether we can\r\ngather any email addresses from their website. \r\nAs you can see below, we were able to harvest quite a few email addresses from SANS.org and we can then\r\ndisplay them in the screen below. Pretty good! \r\nWhen I ran Maltego against our friends here at hakin9.org, I harvested ten (10) email addresses, much better than\r\nwith gogg-mail.\r\nIII. The Harvester\r\nKali Linux, for those new to hacking, has a powerful tool built-in,  named Metasploit. Metasploit is best known as\r\nan exploitation framework, but it has a multitude of other capabilities to assist with hacking. In it auxiliary\r\nmodules, it has numerous information and scanning tools integrated into this wonderful tool. \r\nLet’s start Metasploit by opening a terminal and typing;\r\nkali \u003e msfconsole\r\nhttps://www.hackers-arise.com/email-scraping-and-maltego\r\nPage 2 of 3\n\nWhen we come to the msf \u003e prompt, type ;\r\nmsf \u003e  use gather/search_email_collector\r\nThen type the name of the domain you want to collect emails from, in this case, we will use hakin9.org.\r\nmsf \u003eset domain haking.org\r\nFinally, type exploit. \r\nmsf \u003e exploit\r\nWhen we do so, this email harvesting tool will begin its work of scraping the domain for any email addresses it\r\ncan find. As you can see in the screenshot above, our email collector module searches through Google, then Bing,\r\nand Yahoo for email addresses within the domain we specified. In this case, it found just five (5)  emails there,\r\nbetter than goog-mail, but far fewer than Maltego.\r\nOne key lesson here, besides the obvious lesson that information gathering is critical to a successful hack, is that\r\ndifferent tools with the same capabilities can have different effectiveness. At least in this short lesson here,\r\nMaltego appears to be far more effective at harvesting email addresses than either goog-mail or Metasploit email\r\ngathering module. This may not always the case in all domains and circumstances, so in your exercise below, you\r\nwill test their capabilities on your own and other domains.\r\nSource: https://www.hackers-arise.com/email-scraping-and-maltego\r\nhttps://www.hackers-arise.com/email-scraping-and-maltego\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://www.hackers-arise.com/email-scraping-and-maltego"
	],
	"report_names": [
		"email-scraping-and-maltego"
	],
	"threat_actors": [
		{
			"id": "81dde5cc-c29f-430d-8c6e-e5e92d5015e7",
			"created_at": "2022-10-25T16:07:23.704358Z",
			"updated_at": "2026-04-10T02:00:04.718034Z",
			"deleted_at": null,
			"main_name": "Harvester",
			"aliases": [],
			"source_name": "ETDA:Harvester",
			"tools": [
				"Agentemis",
				"Cobalt Strike",
				"CobaltStrike",
				"Graphon",
				"Metasploit",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434871,
	"ts_updated_at": 1775791700,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d939dcd20cbba9a58332c61ef18fbadf1a595fc9.pdf",
		"text": "https://archive.orkl.eu/d939dcd20cbba9a58332c61ef18fbadf1a595fc9.txt",
		"img": "https://archive.orkl.eu/d939dcd20cbba9a58332c61ef18fbadf1a595fc9.jpg"
	}
}