Description
theHarvester gathers emails, names, subdomains, IPs, and URLs using multiple public data sources. It is a staple in the OSINT and reconnaissance phase of any engagement.
Installation
BASH
# Kali (pre-installed)
theharvester -h
# pip
pip3 install theharvester
# From source
git clone https://github.com/laramies/theHarvester.git
cd theHarvester && pip3 install -r requirements.txtBasic Usage
BASH
# Enumerate a domain
theHarvester -d target.com -b google
# Use multiple data sources
theHarvester -d target.com -b google,bing,dnsdumpster,crtsh
# List all available sources
theHarvester -b all -d target.comAdvanced Usage
BASH
# Save results to HTML report
theHarvester -d target.com -b all -f output.html
# Limit results
theHarvester -d target.com -b all -l 200
# Use Shodan
theHarvester -d target.com -b shodan
# DNS brute force
theHarvester -d target.com -b all -c
# Virtual host discovery
theHarvester -d target.com -b all -vCommon Workflows
BASH
# Quick OSINT recon
theHarvester -d target.com -b crtsh,dnsdumpster,hackertarget -l 500 -f recon_report
# Combine with other tools
theHarvester -d target.com -b all | grep "@" | sort -u > emails.txt