What is it for?
we already talked about sublist3r – theHarvester goes some steps further.
you can find theHarvester on Github or install it through apt if you are on kali.
It is also an OSINT tool but covers a broader area than sublist3r.
theHarvester tries to find subdomains, email addresses and IP Adresses for the domain you specify with the -d switch.
Lets look at the help page to see what that means:
This already looks more complicated than in sublist3r. Lets look at it in more detail.
When running theHarvester we need to provide a data source.
There are a lot of options for data sources there – actually sublist3r is one of the options. So you can run sublist3r through theHarvester as well.
Important to remember: some data sources require an API key to work. These have to be put into a config file in /etc/theHarvester/api-keys.yaml
Shodan and hunter for example will get their own article – but you can see: if you configure the API keys here you can make theHarvester your one-stop tool for all these data sources.
Besides that it works pretty straight forward:
you can use multiple data sources in one search by separating them with a comma. (be aware that there cant be spaces in the list of datasources.
theHarvester -d siemens.de -l 10 -b bing, yahoo, google, netcraft
will give you an error.
theHarvester -d siemens.de -l 10 -b bing,yahoo,google,netcraft
since the output can grow into a quite long list, the -l switch, that writes the output to a file is very useful.
This writes a XML as well as a HTML file.