In the realm of ethical hacking and penetration testing, information gathering is a crucial initial step. TheHarvester is a versatile and widely-used open-source tool that aids security professionals in gathering valuable intelligence about a target. In this blog, we will explore TheHarvester, its features, and the step-by-step installation process to empower aspiring ethical hackers with this powerful tool.
Table of Contents
What is TheHarvester?

Key Features of TheHarvester tool
- Email Harvesting: The Harvester can enumerate email addresses associated with a target domain, providing valuable information for social engineering and phishing assessments.
- Subdomain Enumeration: By scanning DNS records, The Harvester uncovers subdomains associated with the target, revealing potential entry points for attackers.
- Virtual Hosts Discovery: The tool can detect multiple domain names hosted on the same IP address, revealing additional targets for analysis.
- Network Enumeration: TheHarvester scans open ports of a target to identify potential services and vulnerabilities that could be exploited.
- Social Media Profiling: The tool searches various social media platforms for publicly available information linked to the target domain or organization.
Installation Process
To use TheHarvester, follow these step-by-step installation instructions:
- Install Python: Ensure you have Python installed on your system. TheHarvester tool requires Python 3.x, so download the latest Python version from the official website and install it.
- Clone TheHarvester Repository: Open your terminal or command prompt and clone The Harvester repository from GitHub using the following command:
git clone https://github.com/laramies/theHarvester.git
- Navigate to TheHarvester Directory: Change your current directory to the cloned The Harvester repository:
cd theHarvester
- Install Required Dependencies: Use pip to install the necessary dependencies for The Harvester:
pip install -r requirements.txt
- Verify Installation: To verify the installation, run the following command:
python3 theHarvester.py -h
This should display TheHarvester’s help menu, confirming that the installation was successful.
Using TheHarvester tool
Once installed, you can utilize The Harvester by providing your target domain as an argument. For example, to collect email addresses for the domain “example.com,” use the following command:
python3 theHarvester.py -d example.com -b google
Replace “google” with your preferred data source (e.g., bing, yahoo, linkedin, etc.). The Harvester will then begin its reconnaissance process and display the results of the gathered information.
root@kali:~# theHarvester -h
*******************************************************************
* _ _ _ *
* | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
* | __| _ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
* \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
* *
* theHarvester 4.3.0 *
* Coded by Christian Martorella *
* Edge-Security Research *
* cmartorella@edge-security.com *
* *
*******************************************************************
usage: theHarvester [-h] -d DOMAIN [-l LIMIT] [-S START] [-p] [-s]
[--screenshot SCREENSHOT] [-v] [-e DNS_SERVER] [-t]
[-r [DNS_RESOLVE]] [-n] [-c] [-f FILENAME] [-b SOURCE]
theHarvester is used to gather open source intelligence (OSINT) on a company
or domain.
options:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN
Company name or domain to search.
-l LIMIT, --limit LIMIT
Limit the number of search results, default=500.
-S START, --start START
Start with result number X, default=0.
-p, --proxies Use proxies for requests, enter proxies in
proxies.yaml.
-s, --shodan Use Shodan to query discovered hosts.
--screenshot SCREENSHOT
Take screenshots of resolved domains specify output
directory: --screenshot output_directory
-v, --virtual-host Verify host name via DNS resolution and search for
virtual hosts.
-e DNS_SERVER, --dns-server DNS_SERVER
DNS server to use for lookup.
-t, --take-over Check for takeovers.
-r [DNS_RESOLVE], --dns-resolve [DNS_RESOLVE]
Perform DNS resolution on subdomains with a resolver
list or passed in resolvers, default False.
-n, --dns-lookup Enable DNS server lookup, default False.
-c, --dns-brute Perform a DNS brute force on the domain.
-f FILENAME, --filename FILENAME
Save the results to an XML and JSON file.
-b SOURCE, --source SOURCE
anubis, baidu, bevigil, binaryedge, bing, bingapi,
bufferoverun, brave, censys, certspotter, criminalip,
crtsh, dnsdumpster, duckduckgo, fullhunt, github-code,
hackertarget, hunter, hunterhow, intelx, otx,
pentesttools, projectdiscovery, rapiddns, rocketreach,
securityTrails, sitedossier, subdomainfinderc99,
threatminer, urlscan, virustotal, yahoo, zoomeye
Conclusion
TheHarvester is an invaluable tool for ethical hackers and security professionals, providing critical insights into a target’s online presence. By following the installation process and learning to use The Harvester effectively, you can enhance your information gathering skills and conduct more comprehensive and insightful security assessments. However, always remember to use such tools responsibly and ethically, respecting the laws and regulations governing ethical hacking practices.