theHarvester Best OSINT tool
theHarvester is a very simple, yet effective tool designed to be used in the earlystages of a penetration test. Use it for open source intelligence gathering andhelping to determine threats.
Last updated
theHarvester is a very simple, yet effective tool designed to be used in the earlystages of a penetration test. Use it for open source intelligence gathering andhelping to determine threats.
Last updated
Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context. In the intelligence community, the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources)
theharvester largely depends on public sources to get confidential information about a particular domain. Here are some of the public sources that theHarvester users
baidu: Baidu search engine
bing: Microsoft search engine
bingapi: Microsoft search engine, through the API
CertSpotter: Cert Spotter monitors Certificate Transparency logs
crtsh: Comodo Certificate search
dnsdumpster: DNSdumpster search engine
dogpile: Dogpile search engine
duckduckgo: DuckDuckGo search engine
Exalead: a Meta search engine
github-code: Github code search engine (Requires a Github Personal Access Token, see below.)
google: Google search engine (Optional Google dorking.)
hunter: Hunter search engine (Requires an API key, see below.)
intelx: Intelx search engine (Requires an API key, see below.)
linkedin: Google search engine, specific search for LinkedIn users
netcraft: Internet Security and Data Mining
otx: AlienVault Open Threat Exchange
securityTrails: Security Trails search engine
shodan: Shodan search engine
Spyse: Web research tools for professionals
Suip: Web research
threatcrowd: Open source threat intelligence
trello: Search trello boards (Uses Google search.)
twitter: Twitter accounts related to a specific domain (Uses Google search.)
vhost: Bing virtual hosts search
virustotal: virustotal.com domain search
yahoo: Yahoo search engine
theharvester has the ability to get tremendous amount of information, if you chain lots of it's search sources. Here are just some of the few information that theharvester can get for you
Virtualhosts
People's social profile
Pool of Ipaddresses
And there are more information that this tool can scrounge for you.
Dependencies required by theharvester
python3.7+
sudo apt-get install python3-pip
sudo pip3 install virtualenv
#create a virtual env
virtualenv -p python3 theharvestertool
$ source theharvestertool/bin/active
(theharvestertool) git clone https://github.com/laramies/theHarvester.git
Now we can begin using this powerful tool
(theharvestertool) $./theHarvester.py -d eff.org -l 500 -b google
As you can see the sample outout of theharvester against eff.org. Here is a summary of the command we just run
-l # means limit the result search to 500
-b # means use this source to get the information about this host.
There is more to this tool. Follow the deployment step above to quickly get started with this powerful tool.
If you want to use this tool before installation Here is an online version of it.
This tool the harvester works very well with python3.7+, this is what makes this tool really interesting many osint tools out there still depend on python2 which is getting depreciated. If you have finished following how to use theHarvester above or you can do thefollowingg
sudo pip3 install theharvester
or
python3 setup.py install
