the Harvester - Passive Information Gathering Tool

theHarvester, an open-source reconnaissance tool used by security professionals and ethical hackers, to learn more about possible targets before conduction a penetration test or security assessment. It is primarily intended for data collection and can assist users in acquiring a variety of information about a target, including email addresses, subdomains, hostnames, open ports, and more. This data can be useful for determining potential attack vectors and evaluating the security of an organization's online presence.


  • Email Harvesting: theHarvester can search for email addresses associated with a domain by querying search engines, DNS data, and public sources. It can be used to identify potential targets for phishing attacks or to gather contact information for a target organization.
  • Subdomain Enumeration: It can enumerate subdomains of a target domain by querying DNS servers. This can help identify additional entry points or services associated with the target organization.
  • Hostname Discovery: theHarvester can discover hostnames and IP addresses associated with a domain, providing insights of the target's infrastructure.
  • Search Engine Scraping: It can scrape search engine like Google, Bing, and Shodan  provide results for particular keywords and domain names, helping in identifying online assets related to the target.
  • Exporting Results: Users can export the gathered information in various formats, including CSV and XML, for further analysis or reporting.


  • Method 1: In Linux distro, using apt command i.e., sudo apt install theharvester
  • Method 2: Via GitHub
    • Clone GitHub Repositroy using command git clone
    • Build the tool via Python using command sudo python3 build. (Make sure to CD into the theHarvester directory)
    • Install via command sudo python3 install.


theHarvester -d -l 10 -b bing

In the above command, -d specifies the domain used for harvesting the emails, -l will limit the results to 10, and -b tells to extract the results from the Bing Search engine; alternatively, you can use Baidu, DuckDuckGo, Brave, etc.  


Flag Description
-d DOMAIN Company name or domain to search
-l LIMIT Limit the number of search results, default=500
-S START Start with result number X, default=0
-s Use Shodan to query discovered hosts
--screenshot Take screenshots of resolved domains specify output directory: --screenshot output_directory
-e DNS_SERVER DNS server to use for lookup
-f FILENAME Save the results to an XML and JSON file
-b SOURCE anubis, baidu, bevigil, binaryedge, bing, bingapi, bufferoverun, brave, censys, certspotter, criminalip, crtsh, dnsdumpster, duckduckgo, fullhunt, github-code, hackertarget, hunter, hunterhow, intelx, netlas, onyphe, otx, pentesttools, projectdiscovery, rapiddns, rocketreach, securityTrails, sitedossier, subdomaincenter, subdomainfinderc99, threatminer, tomba, urlscan, virustotal, yahoo, zoomeye

It's important to note that theHarvester should only be used for legal security testing and research reasons, and its use should always adhere to all applicable laws and regulations. Legal consequences may result from the use of this technology unlawfully or maliciously. theHarvester is frequently used by security experts and ethical hackers as part of a thorough security assessment to assist organisations in identifying and resolving vulnerabilities in their online infrastructure.

You might be interested in,

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment