theHarvester is a Computer-based social engineering tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources like search engines and PGP key servers.
This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective.
The sources supported are:
- Google – emails,subdomains/hostnames
- Google profiles – Employee names
- Bing search – emails, subdomains/hostnames,virtual hosts
- Pgp servers – emails, subdomains/hostnames
- Linkedin – Employee names
- Exalead – emails,subdomain/hostnames
Now we should be ready in handling different social engineering technics at the corporate level and most important countermeasure for social engineering is employee education. All employees should be trained on how to keep confidential data safe. Management teams are involved in the creation and implementation of the security policy so that they fully understand it and support it throughout the organization.
Company security-awareness policy should require all new employees to go through a security orientation. Annual classes should be required to provide refreshers and updated information for employees. Another way to increase involvement is through a monthly newsletter with security awareness articles.
you can read more and download latest version of theHarvester from here.