Subscribe by RSS RSS Icon
Follow me on Twitter Twitter Icon

theHarvester - Email, User names and Subdomain/Hostnames Finder.

One of the first parts of recon in a pentest is gathering valid login names and emails. We can use these to profile our target, bruteforce authentication systems, send client-side attacks (through phishing), look through social networks for juicy info on platforms and technologies, etc.

theHarvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources. It's a really simple tool, but very effective.
The sources supported are:

  •    Google - emails,subdomains/hostnames
  •    Bing search - emails, subdomains/hostnames
  •    Pgp servers - emails, subdomains/hostnames
  •    Linkedin - user names

Some examples:

Searching emails accounts for the domain, it will work with the first 500 google results:

./ -d -l 500 -b google

Searching emails accounts for the domain in a PGP server, here it's not necessary to specify the limit.

./ -d -b pgp

Searching for user names that works in the company microsoft, we use google as search engine, so we need to specify the limit of results we want to use:

./ -d microsoft -l 200 -b linkedin

 You can download theHarvester here:

Copyright Info.

Only for my personal reference. I do not own any of these materials here. Use it at your own risk!

XHTML/CSS validations
Valid XHTML 1.0 Transitional Valid CSS!