theHarvester – Advanced Pentesters & Ethical Hackers Information Gathering Tool


This Information Collection Tool was designed to collect e-mails, subdomains, websites, employee names, open ports and banners from various public sources, such as search engines, PGP Key Servers and SHODAN software databases.

This tool is intended to help Penetration Testers to understand the client footprint on the Internet in the early stages of the penetration test. It is also helpful for anyone who wants to understand what an attacker can see in their organisation.

This method was designed to assist penetration testing in an earlier stage and is reliable, simple and easy to use.The sources supported are:

  1. Google – emails, subdomains
  2. Google profiles – Employee names
  3. Bing search – emails, subdomains/hostnames, virtual hosts
  4. Pgp servers – emails, subdomains/hostnames
  5. LinkedIn – Employee names
  6. Exalead – emails, subdomains/hostnames

New features:

  1. Time delays between requests
  2. XML results export.

How it functions – System to collect information

[url] -l 300 -b [search engine name]

#theHarvester -d -l 300 -b google

-d [url] will be the remote site from which you wants to fetch the juicy information.

-l will limit the search for specified number.

-b is used to specify search engine name.

Tool Location:


theHarvester Options:


How to Find Email ID’s in Domain:

Example #1:



Example #2:


Download and install the full Harvester kit – GitHub Information Gathering Tool

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.