theHarvester is another tool like sublist3r which is developed using Python. This tool can be used by penetration testers for gathering information of emails, sub-domains, hosts, employee names, open ports, and banners from different public sources like search engines, PGP key servers, and SHODAN computer database. This tool can be used in passive reconnaissance and by anyone who needs to know what an attacker can see about the organization.
How to install theHarvester
If you are using a Kali Linux machine then this tool is already installed in it, just type the command
theharvester
or
theHarvester
It will generate a help menu and list all available options which look like this:
root@kali:~# theharvester
*******************************************************************
* *
* | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
* | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
* \__|_| |_|\___| \/ /_/ \__, _|_| \_/ \___||___/\__\___|_| *
* *
* TheHarvester Ver. 3.0.0 *
* Coded by Christian Martorella *
* Edge-Security Research *
* cmartorella@edge-security.com *
*******************************************************************
Usage: theharvester options
-d: Domain to search or company name
-b: data source: baidu, bing, bingapi, dogpile, google, googleCSE,
googleplus, google-profiles, linkedin, pgp, twitter, vhost,
virustotal, threatcrowd, crtsh, netcraft, yahoo, all
-s: start in result number X (default: 0)
-v: verify host name via dns resolution and search for virtual hosts
-f: save the results into an HTML and XML file (both)
-n: perform a DNS reverse query on all ranges discovered
-c: perform a DNS brute force for the domain name
-t: perform a DNS TLD expansion discovery
-e: use this DNS server
-p: port scan the detected hosts and check for Takeovers (80, 443, 22, 21, 8080)
-l: limit the number of results to work with(bing goes from 50 to 50 results,
google 100 to 100, and pgp doesn't use this option)
-h: use SHODAN database to query discovered hosts
Examples:
theharvester -d microsoft.com -l 500 -b google -h myresults.html
theharvester -d microsoft.com -b pgp
theharvester -d microsoft -l 200 -b linkedin
theharvester -d apple.com -b googleCSE -l 500 -s 300
To install it in other Linux os you can use the command
sudo apt-get theharvester
If this do not work you can clone the Git hub repository and use it using commands
git clone https://github.com/laramies/theHarvester.git cd theHarvester sudo python ./theHarvester.py
Example
Search email addresses from domain kali.org with results of 200 and using Bing as data source.
theharvester -d kali.org -l 200 -b bing
