TheHarvester is an open source reconnaissance tool, it can dig out heaps of information, comprising of subdomains, email addresses, employee names, open ports, and so on. theHarvester mainly makes use of passive techniques and sometimes active techniques as well.
theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).
The tool is simple and easy, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet.
The tool can find out a list of subdomains and an email address. We may use this email address to perform client-side exploitation or phishing, but that’s a different topic. The tool only utilized Google as a source of data to reveal this
much information. We can control the sources of data to be used with theHarvester by using the -b switch. The sources of data that theHarvester supports are:
google, googleCSE, bing, bingapi, pgp, linkedin, google-profiles,
people123, jigsaw,twitter, googleplus, all
The toolUsage Example:
The tool is searching for email addresses from a domain (-d kali.org), limiting the results to 500 (-l 500), using Google (-b google):
