Backtrack Linux Network Security

The Harvester – Information Gathering

TheHarvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources like search engines and PGP key servers.

This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective.
The sources supported are:

  • Google – emails,subdomains/hostnames
  • Google profiles – Employee names
  • Bing search – emails, subdomains/hostnames,virtual hosts
  • Pgp servers – emails, subdomains/hostnames
  • Linkedin – Employee names
  • Exalead – emails,subdomain/hostnames

New features:

  • Time delays between requests
  • XML and HTML results export
  • Search a domain in all sources
  • Virtual host verifier
  • Shodan computer database integration
  • Active enumeration (DNS enumeration,DNS reverse lookups, DNS TLD expansion)
  • Basic graph with stats
Some examples:
Searching emails accounts for the domain, it will work with the first 500 google results:

<pre>./ -d -l 500 -b google</pre>

Searching emails accounts for the domain in a PGP server, here it’s not necessary to specify the limit.

<pre>./ -d -b pgp</pre>

Searching for user names that works in the company microsoft, we use google as search engine, so we need to specify the limit of results we want to use:

<pre>./ -d -l 200 -b linkedin</pre>

Searching in all sources at the same time, with a limit of 200 results:

<pre>./ -d -l 200 -b all</pre>
The latest version always can be found in the Google code repository:
For more details visit:
Official site:

Post Comment