theHarvester - OSINT Intelligence Gathering β
theHarvester is a versatile OSINT (Open Source Intelligence) tool designed to gather information about domains, email addresses, subdomains, hosts, employee names, open ports, and banners from various public sources.
π― Purpose β
- Email Harvesting: Collect email addresses associated with a domain
- Subdomain Discovery: Find subdomains through various search engines
- Host Discovery: Identify hosts and IP addresses
- Employee Information: Gather employee names and details
- Port Scanning: Discover open ports and services
π Basic Usage β
Basic Domain Reconnaissance β
bash
# Basic domain enumeration
theharvester -d example.com -b google
# Multiple search engines
theharvester -d example.com -b google,bing,yahoo
# Limit results
theharvester -d example.com -b google -l 100Email Harvesting β
bash
# Harvest emails from domain
theharvester -d company.com -b all -f emails.html
# Search specific sources for emails
theharvester -d company.com -b linkedin,googleπ§ Advanced Options β
Search Engines and Sources β
bash
# List available sources
theharvester -h
# Use specific sources
theharvester -d example.com -b google,bing,duckduckgo,yahoo
# Use all available sources
theharvester -d example.com -b allOutput Options β
bash
# Save to HTML file
theharvester -d example.com -b google -f report.html
# Save to XML file
theharvester -d example.com -b google -f report.xml
# JSON output
theharvester -d example.com -b google -f report.jsonNetwork Enumeration β
bash
# Include Shodan search
theharvester -d example.com -b shodan
# DNS brute force
theharvester -d example.com -b dns -c
# Take screenshots of discovered hosts
theharvester -d example.com -b google -sπ― Common Use Cases β
Reconnaissance Phase β
bash
# Comprehensive OSINT gathering
theharvester -d target.com -b all -l 500 -f comprehensive_recon.html
# Quick email enumeration
theharvester -d target.com -b google,linkedin,hunter -l 200Bug Bounty Hunting β
bash
# Subdomain discovery for bug bounty
theharvester -d target.com -b google,bing,yahoo,duckduckgo -l 1000
# Employee information gathering
theharvester -d company.com -b linkedin,google -f employees.xmlSocial Engineering Preparation β
bash
# Gather employee emails and names
theharvester -d company.com -b linkedin,google,bing -f social_intel.html
# Company infrastructure mapping
theharvester -d company.com -b shodan,google -sπ Installation β
Debian/Ubuntu β
bash
sudo apt update
sudo apt install theharvesterFrom Source β
bash
git clone https://github.com/laramies/theHarvester
cd theHarvester
python3 -m pip install -r requirements.txtUsing Docker β
bash
docker pull theharvester/theharvester
docker run theharvester/theharvester -d example.com -b googleβοΈ Available Sources β
Search Engines β
- google: Google search
- bing: Bing search
- yahoo: Yahoo search
- duckduckgo: DuckDuckGo search
Professional Networks β
- linkedin: LinkedIn profiles
- twitter: Twitter mentions
Security Sources β
- shodan: Shodan database
- censys: Censys search
- securitytrails: SecurityTrails API
DNS Sources β
- dns: DNS enumeration
- dnsdumpster: DNSdumpster
- threatcrowd: ThreatCrowd API
π‘ Pro Tips β
- Use multiple sources for comprehensive results
- Combine with other tools like amass for better subdomain coverage
- Save results in multiple formats for different analysis tools
- Be patient - comprehensive scans can take time
- Respect rate limits to avoid being blocked by sources
π¨ Important Notes β
- Always ensure you have permission before gathering intelligence on target domains
- Some sources require API keys for full functionality
- Be mindful of the legal implications of information gathering
- Results may include outdated or inaccurate information
- Consider using VPN or proxy for sensitive investigations
Part of the HackerHub.me tool documentation series