PARLAR | theHarvester

theHarvester

The Essential OSINT Gathering Tool for Reconnaissance

What is theHarvester?

theHarvester is a powerful, open-source intelligence (OSINT) gathering tool designed to collect email addresses, subdomains, hosts, employee names, open ports, and banners from different public sources like search engines, PGP key servers, and SHODAN computer database.

It's an essential component in any penetration tester's toolkit, allowing for passive reconnaissance without directly engaging with the target systems.

Key Features

Gathers emails, names, subdomains, IPs, and URLs
Searches across multiple data sources simultaneously
Integrates with popular search engines and APIs
Supports DNS brute forcing
Performs reverse DNS lookups
Generates visual reports of findings
Can be integrated into automated workflows

Supported Data Sources

Search Engine Sources

Google
Bing
Baidu
DuckDuckGo
Yahoo

Professional/Social Sources

LinkedIn
Twitter
Hunter.io
Github
GitLab

Threat Intelligence Sources

Shodan
Censys
SecurityTrails
Threatcrowd
VirusTotal

Live Demo

Terminal

$ theHarvester -d example.com -b google,bing,linkedin

******************************************************************* * _ _ _ * * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ * * | __| _ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| * * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | * * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| * * * * theHarvester 4.2.0 * * Coded by Christian Martorella * * Edge-Security Research * * cmartorella@edge-security.com * * * ******************************************************************* [*] Target: example.com [*] Searching Google... Searching 0 results. Searching 100 results. Searching 200 results. [*] Searching Bing... Searching 50 results. Searching 100 results. [*] Searching LinkedIn... Searching 50 results. Searching 100 results. [*] ASNS found: 15169 [*] Saving results to XML and JSON files [*] Hosts found: 5 ---------------------- blog.example.com dev.example.com mail.example.com support.example.com www.example.com [*] Emails found: 3 ---------------------- admin@example.com info@example.com support@example.com [*] Possible usernames found: 2 ---------------------- j.smith r.johnson [*] Scan completed in 00:01:35

Common Usage Examples

Basic Domain Search

$ theHarvester -d company.com -b all

This command searches for information about "company.com" across all available data sources.

Limited Source Search with Results Limit

$ theHarvester -d company.com -b google,linkedin -l 500

Searches only Google and LinkedIn with a limit of 500 results.

Search with DNS Brute Force

$ theHarvester -d company.com -b google -c -n

Searches Google, performs DNS brute force (-c) and resolves the found subdomains to IP addresses (-n).

Integrating theHarvester into Your Security Workflow

theHarvester is most effective when integrated into a comprehensive security assessment workflow:

Initial Reconnaissance: Use theHarvester to gather publicly available information
Data Analysis: Review collected data to identify potential entry points
Targeted Testing: Focus security testing on discovered assets and endpoints
Report Generation: Include findings as part of your broader security assessment

Security Considerations

While theHarvester is a powerful tool for security professionals, it's important to use it ethically and legally:

Always obtain proper authorisation before conducting reconnaissance
Respect rate limits of search engines and APIs
Use the tool only on systems you own or have explicit permission to test
Be aware that some data gathering techniques may violate terms of service

Need a Professional Pentest? Contact Us