Information Gatheringosintreconnaissancesubdomainsemailshostsdns

theHarvester

Tool for gathering e-mail accounts and subdomain names from public sources. Collects subdomains, emails, virtual hosts, open ports/banners, and employee names using search engines and PGP key servers.

Description

theHarvester is an OSINT tool used to gather intelligence on a company or domain from public sources. It performs reconnaissance by querying search engines, Shodan, and other data sources to discover emails, subdomains, hosts, and related information. The tool supports limiting results and pagination for large-scale searches.

Primary use cases include initial reconnaissance phases of penetration testing, where understanding a target's digital footprint is crucial. It helps identify potential entry points like exposed subdomains or employee emails for further attacks. Note that 'theharvester' is deprecated in favor of 'theHarvester'.

The package also includes restfulHarvest, a companion API server for theHarvester data.

How It Works

theHarvester queries public sources like DuckDuckGo, Shodan, and PGP servers using asynchronous HTTP requests and DNS resolution. It parses search results for emails, hosts, and subdomains, with optional Shodan integration for host details, screenshots of resolved domains, and proxy support via proxies.yaml. Results are limited and can be paginated.

Installation

bash
sudo apt install theharvester

Flags

-d, --domainCompany name or domain to search.
-l, --limitLimit the number of search results, default=500.
-S, --startStart with result number X, default=0.
-p, --proxiesUse proxies for requests, enter proxies in proxies.yaml.
-s, --shodanUse Shodan to query discovered hosts.
--screenshotTake screenshots of resolved domains specify output.
-bSource to use for searching (e.g., duckduckgo).

Examples

Search for email addresses from kali.org domain, limit results to 500, using DuckDuckGo.
theHarvester -d kali.org -l 500 -b duckduckgo
Display help for theHarvester with all available options.
theHarvester -h
Shows deprecation notice recommending use of theHarvester instead.
theharvester -h
Display help for the restfulHarvest API server.
restfulHarvest -h
Start restfulHarvest API server on default host and port.
restfulHarvest -H 127.0.0.1 -p 5000
Search example.com with 100 result limit and Shodan integration.
theHarvester -d example.com -l 100 -s
Search domain and take screenshots of resolved domains in specified directory.
theHarvester -d example.com --screenshot screenshots/
Updated 2026-04-16kali.org ↗