TheHarvester isn’t your usual hacking tool. Whenever someone mentions command line hacking utilities, your thoughts probably naturally gravitate towards programs like NMAP, Metasploit, Reaver, and wireless password cracking utilities. But the Harvester doesn’t use advanced algorithms to crack passwords, test firewalls, or capture local network data.
The objective of theHarvester is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers, and SHODAN computer database.
It gathers public information such as the names of employees, their email addresses, subdomains, banners, and other similar information. But why collect this information, you might ask? Well, it is extremely important in the first stage of reconnaissance and information gathering. Knowing these types of information will help a hacker or penetration tester gather an idea of their target, and understand them better.
Furthermore, it will help paint a picture of just how big the target’s Internet footprint is. In addition, it’s useful for organizations who want to see how much of their employees’ information is available to the public on freely accessible web pages. The latest version of the tool has added some useful features such as the ability to set time delays between web server requests, improved sources search, enumeration techniques, graph and statistic plotting, SHODAN integration, and more.
Essentially, given certain criteria, the Harvester will run around on the Internet as your surrogate, snatching up any and all information that fits certain criteria. I would also like to point out one more thing before moving forward. This tool can be used to gather email addresses, which could be incredibly useful to an attacker trying to crack online login credentials or gain access to an individual’s email account.
The sources supported are:
- Google: Google search engine – www.Google.com
- GoogleCSE: Google custom search engine
- Google-Profiles: Google search engine, specific search for Google profiles
- Bing: microsoft search engine – www.bing.com
- Bing API: microsoft search engine, through the API (you need to add your Key in the discovery/bingsearch.py file)
- DogPile: Dogpile search engine – www.dogpile.com
- PGP: pgp key server – mit.edu
- Linkedin: Google search engine, specific search for Linkedin users
- vhost: Bing virtual hosts search
- Twitter: twitter accounts related to an specific domain (uses Google search)
- Google+: users that works in target company (uses Google search)
- Yahoo: Yahoo search engine
- Baidu: Baidu search engine
- Shodan: Shodan Computer search engine, will search for ports and banner of the discovered hosts
If you are using Kali Linux, open the terminal and type
If not then you can download it from github
git clone https://github.com/laramies/theHarvester
Extract it and provide execute permission
sudo chmod +x theHarvester.py
Then simply run
Using The Harvester
The Harvester has a rather basic command syntax. And it isn’t as complicated as some other hacking procedures such as cracking a Wi-Fi password, which can have as many as 10 steps or more. The following outlines the Harvester’s basic command syntax:
theharvester -d [domain] -l [number_of_results] -b [source]
theHarvester -d test.com -l 300 -b google
To get all the information about the website u can use the command as:
theHarvester -d test.com -l 300 -b all
To save the result in HTML file you can use –f option followed by the file name
theHarvester.py -d test.com -l 300 -b all -f test