I recently learned about this tool via twitter and decided to give it a try. According to the authors website theHarvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources like search engines and PGP key servers.

This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective.

The sources supported are:

• Google – emails,subdomains/hostnames
• Google profiles – Employee names
• Bing search – emails, subdomains/hostnames,virtual hosts
• Pgp servers – emails, subdomains/hostnames
• Linkedin – Employee names
• Exalead – emails,subdomain/hostnames

New features:

• Time delays between requests
• XML results export
• Search a domain in all sources
• Virtual host verifier

Now my philosophy is that you can never have enough of these tools, whether you are a penetration tester or just want to see what information is out there on your organization this tool will come in handy.

Help Menu:

Here is a few sample queries from the authors website:

Searching emails accounts for the domain microsoft.com, it will work with the first 500 google results:

./theharvester.py -d microsoft.com -l 500 -b google

Searching emails accounts for the domain microsoft.com in a PGP server, here it’s not necessary to specify the limit.

./theharvester.py -d microsoft.com -b pgp

Searching for user names that works in the company microsoft, we use google as search engine, so we need to specify the limit of results we want to use:

./theharvester.py -d microsoft.com -l 200 -b linkedin

Searching in all sources at the same time, with a limit of 200 results:

./theHarvester.py -d microsoft.com -l 200 -b all

I did some testing of my own and found this tool to be useful, the only thing I was not able to find was the email address on a given company and I tried a few different queries in my test. All in all go  grab your copy and start testing away.