Description
theHarvester gathers emails, names, subdomains, IPs, and URLs from multiple public sources including search engines, PGP key servers, and the Shodan database for passive reconnaissance.
Installation
BASH
sudo apt install theharvester
# Or
pip install theHarvesterBasic Usage
BASH
# Basic domain search
theHarvester -d target.com -b all
# Specific sources
theHarvester -d target.com -b google,bing,linkedin
# Limit results
theHarvester -d target.com -b all -l 500Advanced Usage
BASH
# DNS brute force
theHarvester -d target.com -b all -c
# Source options
theHarvester -d target.com -b anubis,baidu,bing,certspotter,crtsh,dnsdumpster,hackertarget,otx,rapiddns,sublist3r,threatcrowd,urlscan,virustotal
# Save results
theHarvester -d target.com -b all -f output # HTML + XML output
# Shodan queries (needs API key)
theHarvester -d target.com -b shodan
# Take screenshots of found URLs
theHarvester -d target.com -b all --screenshot output/Common Workflows
BASH
# Recon pipeline
theHarvester -d target.com -b all -l 1000 -f results
# Review emails → credential stuffing targets
# Review subdomains → further enumeration
# Review IPs → port scanning targets