Friday, 20 January 2017

Metasploit Tutorial -11 (e-mail extraction)

Here in this video tutorial I have shown you guys how to extract email addresses from a website
Steps and instructions - 

But wait, what is this e-mail extraction ???

This harvesting method is used to get email addresses from a target website.

But why the hell would you do that ???

This information can be used to attack with phishing or any other method.

Just imagine if you get hundreds of email addresses from the target and send them some payloads or do phishing. The whole organization can be hacked from any one of the email addresses.

Lets do it - 

Requirements - 

* Kali Linux
* A target 

We will be using Metasploit Framework for this.

Metasploit is the mother and father of all hacking frameworks.
Used by almost all white hats and some epic black hats.


1. Run metasploit.

Open your terminal and say "msfconsole"

This will fire up the Metasploit.

2. You will get the msfconsole.

Type in "use auxiliary/gather/search_email_collector" to use the auxiliary 

3. You can explore more about options by typing "options"

Here only the DOMAIN option is needed to be set. If you want to save the results in file, you can do that too. For now its just the DOMAIN. Other options are default.

4. Set DOMAIN.

You need to type in "set DOMAIN"

The last time I extracted some 12 or more emails from microsoft. Lets see if we get few today....

The final step is to run it.

5. Type "run"

and wait for the results

There you go. It searched by google, bing and yahoo for the email addresses.

We got two email addresses. If we had a weak target, we could have got a big list.

I have made a set of Metasploit Tutorials from the beginning, you can get them here

You may want to read my other tutorials - 


  1. With help of this tutorial user can get better guidance about various functions of this app that brought best function in email communication. In this era of computer technology people like to use email procedures in communication channels.

  2. This information can be used to attack with phishing or any other method. 1z0-972 dumps

  3. buenos dias Very informative information on your site here. I like this post because we can get some useful information from your blog. I expect more post from you

  4. Best Restaurants Open On Christmas Day in New York

    it's basic that your specific web structuring organization should be identified with your organization venture model

    Shindig Web

    Top 10 Best Organic Milk Brands in the US