• Home
  • Hacking & Security
    • Network Hacking
    • Web Hacking
    • Social Engineering
    • Kali Linux
    Submit An Article
  • Courses
    • All Courses
    • Bundles
    • Masterclass
    • VIP Membership
    • FAQ

    Popular Courses

  • Shop
  • Competition
  • Services
    Penetration Testing
    Consulting
    Code Review
    One on one Training
    Online Courses
    VPN
  • Blog
      • Cart

    VIP Membership Masterclass
    Got a question?
    [email protected]
    RegisterLogin
    zSecurity
    • Home
    • Hacking & Security
      • Network Hacking
      • Web Hacking
      • Social Engineering
      • Kali Linux
      Submit An Article
    • Courses
      • All Courses
      • Bundles
      • Masterclass
      • VIP Membership
      • FAQ

      Popular Courses

    • Shop
    • Competition
    • Services
      Penetration Testing
      Consulting
      Code Review
      One on one Training
      Online Courses
      VPN
    • Blog
        • Cart

      Social Engineering

      Information Gathering With theHarvester

      • Posted by Wangolo Joel
      • Date October 24, 2019

      ‘theHarvester’ is a tool designed to be used in the early stages (Information Gathering Phase) of a penetration test.

       

       

      As the name suggests, ‘theHarvester’ is used to harvest/gather sensitive information that can help in determining a company’s external threat landscape on the internet. Not just company but even individual information of particular users available on the internet. ‘theHarvester’ largely depends on public sources and the information can gather include:

      ⦁ Emails
      ⦁ Names
      ⦁ Subdomains
      ⦁ IPs
      ⦁ URLs
      ⦁ VirtualHosts
      ⦁ Even Port Scanning.

       

      TheHarvester Public engine

      One of the interesting things about ‘theHarvester’ is that it supports more than one public source to harvest information. These sources appear to be more than 20+ public sources supported by the information gathering tool. From Baidu to Yahoo. Some of these public sources require API. And this public sources that require API include;
      ⦁ Bing(bingapi)
      ⦁ Github
      ⦁ Hunter
      ⦁ Intelx
      ⦁ SecurityTrails
      ⦁ Shodan
      ⦁ Spyse

      But if you don’t have API you can still use some of its other public sources.

       

      Getting started with ‘theHarvester’on ubuntu 18.04

      Getting started with these tools is very easy. You just have to have some major dependencies on the system particular python3.6+. Some of its major dependencies include:

      ⦁ Python 3.7+
      ⦁ Python3 -m pip install pipenv
      ⦁ Pipenv install

      virtualenv -p python3 theharvester
      git clone https://github.com/laramies/theHarvester.git
      Source theharvester/bin/activate

       

      Most Effective sources of ‘theHarvester’

      I have used ‘theHarvester’, and each source supported by the tool has it’s kind of information it can harvest if you want. While using the tool, some of the sources that are effective in gathering info are:

      ⦁ Google( But google blocks queries very often so at times google will not give any result)
      ⦁ Censys
      ⦁ Shodan
      ⦁ Hunter
      ⦁ Bing

      Note that each engine has its own particular data it can scrape which the other can’t.  Also, google blocks query if used very often. The reason behind this is that may see the queries as bots. The way around this is perhaps to make google use API.

       

      Resources

      Github Repository  – https://github.com/laramies/theHarvester

      An online integration of ‘theHarvester’ – https://www.nmmapper.com/kalitools/theharvester/email-harvester-tool/online/

       

      • Share:
      author avatar
      Wangolo Joel

      Security researcher, Python software developer and Django web developer. I have lots of interest in penetration testing though I don't have certification in penetration testing.

      Previous post

      Introducing our own VPN service - ZSVPN
      October 24, 2019

      Next post

      How I Discovered a Remote Code Execution in rConfig v3.9.2 (CVE-2019-16663) & (CVE-2019-16662)
      November 1, 2019

      You may also like

      maxresdefault
      Introduction to PyPhisher
      27 April, 2022
      maxresdefault
      Browser in The Browser Attack – Advanced Phishing
      17 April, 2022
      Zsec Post (2)
      BlackEye – Creating a Phishing Page
      30 December, 2021

        1 Comment

      1. Waren Gonzaga
        October 27, 2019
        Log in to Reply

        Alright! Thanks for sharing!

      Leave A Reply Cancel reply

      You must be logged in to post a comment.

      Categories

      • Cryptography
      • Cryptography
      • CTF
      • Forensics
      • Hacking & Security
      • IOT
      • Kali Linux
      • Network Hacking
      • News
      • OSINT
      • Post Exploitation
      • Post Exploitation
      • Privacy
      • Programming
      • Security
      • Social Engineering
      • Uncategorized
      • Web Hacking

      Popular Posts

      Got a Blank Screen After Importing Kali in Virtual Box ? Here’s How To Fix It
      25Jan2018

      Connect with us

      • Facebook
      • Twitter
      • LinkedIn
      • Instagram
      • Youtube

      “Everything related to ethical hacking

      & cyber security in one place.”

      Quick Links

      • Home
      • About Us
      • Hacking & Security
      • Download Custom Kali
      • Contact
      • FAQ

      Services

      • Penetration Testing
      • Consulting
      • Code Review
      • One on one training
      • VPN
      • VIP Membership

      Company

      • About Us
      • Contact
      • Vulnerability Disclosure

      Support

      • FAQ
      • Forums

      Copyright © 2021 zSecurity Ltd. All rights reserved.

      • Privacy
      • Refunds
      • Terms

      Contribute

      Share your knowledge with the world

      SUBMIT AN ARTICLE

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account


      Are you a member? Login now

      Learn more Hacking!

      While waiting for the download, why not follow us on media? We regularly post hacking tutorials and articles


      We are using cookies to give you the best experience on our website. This includes but is not limited to:

      • Storing your settings and preferences.
      • Remember your access information
      • Track website performance and make our website more relevant to you.

      You can find out more about which cookies we are using or switch them off in settings.

      Privacy Overview

      This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

      Strictly Necessary Cookies

      Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

      3rd Party Cookies

      This website uses Google Analytics and Linkedin to collect anonymous information such as the number of visitors to the site, and the most popular pages.

      Keeping this cookies enabled helps us to improve our website.

      Please enable Strictly Necessary Cookies first so that we can save your preferences!

      Powered by  GDPR Cookie Compliance