theHarvester – looking for all there is

What is it for?

we already talked about sublist3r – theHarvester goes some steps further.

you can find theHarvester on Github or install it through apt if you are on kali.

It is also an OSINT tool but covers a broader area than sublist3r.

theHarvester tries to find subdomains, email addresses and IP Adresses for the domain you specify with the -d switch.

Lets look at the help page to see what that means:

This already looks more complicated than in sublist3r. Lets look at it in more detail.

When running theHarvester we need to provide a data source.

There are a lot of options for data sources there – actually sublist3r is one of the options. So you can run sublist3r through theHarvester as well.

Important to remember: some data sources require an API key to work. These have to be put into a config file in /etc/theHarvester/api-keys.yaml

Shodan and hunter for example will get their own article – but you can see: if you configure the API keys here you can make theHarvester your one-stop tool for all these data sources.

Besides that it works pretty straight forward:

you can use multiple data sources in one search by separating them with a comma. (be aware that there cant be spaces in the list of datasources.


theHarvester -d -l 10 -b bing, yahoo, google, netcraft

will give you an error.

theHarvester -d -l 10 -b bing,yahoo,google,netcraft

will work.

since the output can grow into a quite long list, the -l switch, that writes the output to a file is very useful.

This writes a XML as well as a HTML file.

Leave a Reply

Your email address will not be published. Required fields are marked *