theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).
Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company on the Internet.
theHarvester Information Gathering Sources
The sources supported are:
Passive theHarvester Methods
- google: google search engine
- googleCSE: google custom search engine
- google-profiles: google search engine, specific search for Google profiles
- bing: microsoft search engine
- bingapi: microsoft search engine, through the API (you need to add your Key)
- dogpile: Dogpile search engine
- pgp: pgp key server – mit.edu
- linkedin: google search engine, specific search for Linkedin users
- vhost: Bing virtual hosts search
- twitter: twitter accounts related to an specific domain (uses google search)
- googleplus: users that works in target company (uses google search)
- yahoo: Yahoo search engine
- baidu: Baidu search engine
- shodan: Shodan Computer search engine, will search for ports and banners
Active theHarvester Methods
- DNS brute force: this plugin will run a dictionary brute force enumeration
- DNS reverse lookup: reverse lookup of IPs discovered in order to find hostnames
- DNS TDL expansion: TLD dictionary brute force enumeration
How to use theHarvester
Searching emails accounts for the domain microsoft.com, it will work with the first 500 google results:
1 |
./theharvester.py -d microsoft.com -l 500 -b google |
Searching emails accounts for the domain microsoft.com in a PGP server, here it’s not necessary to specify the limit.
1 |
./theharvester.py -d microsoft.com -b pgp |
Searching for user names that works in the company microsoft, we use google as search engine, so we need to specify the limit of results we want to use:
1 |
./theharvester.py -d microsoft.com -l 200 -b linkedin |
Searching in all sources at the same time, with a limit of 200 results:
1 |
./theHarvester.py -d microsoft.com -l 200 -b all |
There are some other tools you can check out too like:
– snitch – Information Gathering Tool Via Dorks
– DMitry – Deepmagic Information Gathering Tool
– wig – CMS Identification & Information Gathering Tool
You can download theHarvester here:
Or read more here.