reddit hackernews mail facebook facebook linkedin


Information gathering is the first and the most important step of a penetration test. More informations you will grab, easier the exploit will be.

Developed by Christian Martorella theHarvester is very usefull for this task. It’s a python script that will help you to find user emails and subdomains of a given domain by merely parsing search engines results. The following data sources are supported :

  • bing,
  • google, googleCSE, googleplus, google-profiles
  • jigsaw
  • linkedin
  • people123
  • pgp
  • shodan
  • twitter

theHarvester is by default installed on Kali Linux. Basic usage is: theharvester -d <domain> -b <source>

Some options are available to tweak your request:

-d: the domain you are looking for
-b: source or all
-f: output file (html and xml)
-l: limit the number of results used for each source
-s: start result number
-h: query Shodan with each discovered hosts
-n: perform a reverse dns lookup for each range of ip address discovered
-c: perform a brute force search (can’t make it work anyway…)



External resources