Email Harvesting for Social Engineering

Derick Neriamparambil
3 min readJun 4, 2020


I got my first hands-on experience in the OSINT tool during the second semester of my master’s. We were asked to extract all the email addresses which belong to the university I am studying. In this blog, I will discuss some OSINT techniques for extracting some emails belonging to a particular domain.

Whats is OSINT ??

OSINT stands for Open Source Intelligence that refers to the collection of data from the available public sources. The Internet and the rise of social media have made OSINT easier in terms of both sources and methods.

Hackers use OSINT to perform social engineering and gather information on their targets and attack. Cyberstalkers use OSINT to track and exploit their targets. This may also lead to a breach of PII on the internet making cyberattacks easier.

Here I will show how I used OSINT tools like Harvester, Maltego, and Hunter


Harvester is a tool available on kali os by default. It can also be installed on other Linux systems. This tool will help in gathering email addresses, subdomains, banners, and other similar information and is developed in python.

when I typed in the command

theHarvester -d -l 500 -b google

many addresses were popping up. This search can be done on any domain depending on our target.


Maltego is a very powerful information gathering framework. Using this framework an attacker can gather pieces of information on whois and DNS and also offers options for search engine querying, SMTP queries, and so on. This framework also has applications in forensics analysis.

I used the community edition of maltego for collecting the email addresses. After signing up, select the option company stalker.

After some time, a chart and email address will start to appear.

You can download Maltego at


Hunter is another interesting online platform. I found this one very easy to use. By just typing the domain name, the search engine was throwing numerous results

From our account in hunter, we can generate an API and integrate that in Maltego for increasing the range.


Some of the interesting websites that can help in extracting more details from the obtained email addresses are listed below


Open-source intelligence relies on having ready access to data stored on the web and other public sites. For organizations that are concerned about their data not being exposed in this way use a privacy-enhancing protocol of some description, which will have the effect of being able to support data sharing, while minimizing disclosure. Thus, organizations can respect the data minimization principle, while still being able to access the required personal information about their employees and/or customers necessary to support their business activities.

You can connect me on

LinkedIn: Derick N

Twitter: Derick N