The harvester:::: Gather Emails, Host, Etc

The Harvester is a tool to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.

This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective.

The sources supported are:

• Google – emails,subdomains/hostnames
• Google profiles – Employee names
• Bing search – emails, subdomains/hostnames,virtual hosts
• Pgp servers – emails, subdomains/hostnames
• Linkedin – Employee names
• Exalead – emails,subdomain/hostnames

New Features

• Time delays between requests
• XML and HTML results export
• Search a domain in all sources
• Virtual host verifier
• Shodan computer database integration
• Active enumeration (DNS enumeration,DNS reverse lookups, DNS TLD expansion)
• Basic graph with stats

Examples

Searching emails accounts for the domain microsoft.com, it will work with the first 500 google results:

1	./theharvester.py –d microsoft.com –l500 –b google

Searching emails accounts for the domain microsoft.com in a PGP server, here it’s not necessary to specify the limit.

1	./theharvester.py –d microsoft.com –bpgp

Searching for user names that works in the company microsoft, we use google as search engine, so we need to specify the limit of results we want to use:

1	./theharvester.py –d microsoft.com –l200 –b linkedin

Searching in all sources at the same time, with a limit of 200 results:

1	./theHarvester.py –d microsoft.com –l200 –b all

You can download theHarvester here: