• Home
  • Hacking & Security
    • Network Hacking
    • Web Hacking
    • Social Engineering
    • Kali Linux
    Submit An Article
  • Courses
    • All Courses
    • Bundles
    • Masterclass
    • VIP Membership
    • FAQ

    Popular Courses

  • Shop
    • Hardware Bundles
    • Wireless Adapters
    • Pentesting Tools
    • Security
    • Accessories
    • Clothing
    • Books
    • All
  • Competition
  • Services
    Penetration Testing
    Consulting
    Code Review
    One on one Training
    Online Courses
    VPN
  • Blog
      • Cart

    VIP Membership Masterclass
    Got a question?
    [email protected]
    RegisterLogin
    zSecurity
    • Home
    • Hacking & Security
      • Network Hacking
      • Web Hacking
      • Social Engineering
      • Kali Linux
      Submit An Article
    • Courses
      • All Courses
      • Bundles
      • Masterclass
      • VIP Membership
      • FAQ

      Popular Courses

    • Shop
      • Hardware Bundles
      • Wireless Adapters
      • Pentesting Tools
      • Security
      • Accessories
      • Clothing
      • Books
      • All
    • Competition
    • Services
      Penetration Testing
      Consulting
      Code Review
      One on one Training
      Online Courses
      VPN
    • Blog
        • Cart

      Social Engineering

      Information Gathering With theHarvester

      • Posted by Wangolo Joel
      • Date October 24, 2019

      ‘theHarvester’ is a tool designed to be used in the early stages (Information Gathering Phase) of a penetration test.

       

       

      As the name suggests, ‘theHarvester’ is used to harvest/gather sensitive information that can help in determining a company’s external threat landscape on the internet. Not just company but even individual information of particular users available on the internet. ‘theHarvester’ largely depends on public sources and the information can gather include:

      ⦁ Emails
      ⦁ Names
      ⦁ Subdomains
      ⦁ IPs
      ⦁ URLs
      ⦁ VirtualHosts
      ⦁ Even Port Scanning.

       

      TheHarvester Public engine

      One of the interesting things about ‘theHarvester’ is that it supports more than one public source to harvest information. These sources appear to be more than 20+ public sources supported by the information gathering tool. From Baidu to Yahoo. Some of these public sources require API. And this public sources that require API include;
      ⦁ Bing(bingapi)
      ⦁ Github
      ⦁ Hunter
      ⦁ Intelx
      ⦁ SecurityTrails
      ⦁ Shodan
      ⦁ Spyse

      But if you don’t have API you can still use some of its other public sources.

       

      Getting started with ‘theHarvester’on ubuntu 18.04

      Getting started with these tools is very easy. You just have to have some major dependencies on the system particular python3.6+. Some of its major dependencies include:

      ⦁ Python 3.7+
      ⦁ Python3 -m pip install pipenv
      ⦁ Pipenv install

      virtualenv -p python3 theharvester
      git clone https://github.com/laramies/theHarvester.git
      Source theharvester/bin/activate

       

      Most Effective sources of ‘theHarvester’

      I have used ‘theHarvester’, and each source supported by the tool has it’s kind of information it can harvest if you want. While using the tool, some of the sources that are effective in gathering info are:

      ⦁ Google( But google blocks queries very often so at times google will not give any result)
      ⦁ Censys
      ⦁ Shodan
      ⦁ Hunter
      ⦁ Bing

      Note that each engine has its own particular data it can scrape which the other can’t.  Also, google blocks query if used very often. The reason behind this is that may see the queries as bots. The way around this is perhaps to make google use API.

       

      Resources

      Github Repository  – https://github.com/laramies/theHarvester

      An online integration of ‘theHarvester’ – https://www.nmmapper.com/kalitools/theharvester/email-harvester-tool/online/

       

      • Share:
      author avatar
      Wangolo Joel

      Security researcher, Python software developer and Django web developer. I have lots of interest in penetration testing though I don't have certification in penetration testing.

      Previous post

      Introducing our own VPN service - ZSVPN
      October 24, 2019

      Next post

      How I Discovered a Remote Code Execution in rConfig v3.9.2 (CVE-2019-16663) & (CVE-2019-16662)
      November 1, 2019

      You may also like

      maxresdefault5_370x208
      Hack Using a Link
      15 December, 2022
      maxresdefault2_370x208 (1)
      Hack With SMS | SMS Spoofing like Mr. Robot!
      20 November, 2022
      maxresdefault
      Introduction to PyPhisher
      27 April, 2022

        1 Comment

      1. Waren Gonzaga
        October 27, 2019
        Log in to Reply

        Alright! Thanks for sharing!

      Leave A Reply Cancel reply

      You must be logged in to post a comment.

      Categories

      • Cryptography
      • Cryptography
      • CTF
      • Forensics
      • Hacking & Security
      • Hardware
      • IOT
      • Kali Linux
      • Network Hacking
      • News
      • OSINT
      • Post Exploitation
      • Post Exploitation
      • Privacy
      • Programming
      • Security
      • Social Engineering
      • Uncategorized
      • Web Hacking

      Popular Posts

      Got a Blank Screen After Importing Kali in Virtual Box ? Here’s How To Fix It
      25Jan2018

      Connect with us

      • Facebook
      • Twitter
      • LinkedIn
      • Instagram
      • Youtube

      “Everything related to ethical hacking

      & cyber security in one place.”

      Quick Links

      • Home
      • About Us
      • Hacking & Security
      • Download Custom Kali
      • Contact
      • FAQ

      Services

      • Penetration Testing
      • Consulting
      • Code Review
      • One on one training
      • VPN
      • VIP Membership

      Company

      • About Us
      • Contact
      • Vulnerability Disclosure

      Support

      • FAQ
      • Forums

      Copyright © 2022 Z IT SECURITY LTD t/a zSecurity. All rights reserved.

      • Privacy
      • Shipping
      • Refunds
      • Terms

      Contribute

      Share your knowledge with the world

      SUBMIT AN ARTICLE

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account


      Are you a member? Login now

      Enroll in this course to access this lesson!

      All of our courses include:

      ✔ Lifetime, unlimited access to course materials & training videos.

      ✔ Watch online or download lectures for offline use.

      ✔ Verifiable certificate of completion from zSecurity, signed by the course instructor, Zaid.

      ✔ Get answers from our Support Team within a maximum of 15 hours.

      ✔ Unlimited Updates.

      Get free 1 month VIP membership per course with:

      ✔ Live mentorship and Q&A session with the course instructor, Zaid.

      ✔ Instant support from community members through our private discord channel.

      ✔ Daily updates with the latest tutorials & news in the hacking world.

      ✔ Daily resources like CTFs, bug bounty programs, onion services and more!

      ✔ Access our VIP community & connect with like-minded people.

      ✔ Discounts on other zSecurity products and services.

      We are using cookies to give you the best experience on our website. This includes but is not limited to:

      • Storing your settings and preferences.
      • Remember your access information
      • Track website performance and make our website more relevant to you.

      You can find out more about which cookies we are using or switch them off in settings.

      Privacy Overview

      This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

      Strictly Necessary Cookies

      Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

      3rd Party Cookies

      This website uses Google Analytics and Linkedin to collect anonymous information such as the number of visitors to the site, and the most popular pages.

      Keeping this cookies enabled helps us to improve our website.

      Please enable Strictly Necessary Cookies first so that we can save your preferences!

      Powered by  GDPR Cookie Compliance