provocativo_
back to the arsenal
// arsenal·Recon & OSINTBeginnerFOSS

theHarvester

Email, subdomain, and employee-name OSINT from public sources.

Recon & OSINT

$ theharvester --help

theHarvester

// what it is

Description

Christian Martorella's Python OSINT collector. Pulls from 30+ data sources — search engines, certificate transparency, DNS, and LinkedIn — to build a target profile suitable for spear-phishing reconnaissance or perimeter enumeration.

// use cases

What people use it for

  • Pre-engagement email enumeration
  • Subdomain discovery via passive sources
  • Employee-name harvesting from LinkedIn for pretexting

// commands

The commands you'll type

Multi-source domain harvest

$ theHarvester -d target.tld -b crtsh,bing,duckduckgo,hackertarget

LinkedIn-only employee names

$ theHarvester -d target.tld -b linkedin -l 500

// facts

category
Recon & OSINT
platforms
LIN · MAC
license
FOSS
difficulty
Beginner

// links

// related in Recon & OSINT

Recon & OSINTBeginner

Nmap/en-map/

The Network Mapper — Fyodor's port-scanner and host-discovery framework.

FOSS
LIN·WIN·MAC
open entry →
Recon & OSINTIntermediate

Masscan

Internet-scale TCP port scanner — claims 10M packets/second on the right hardware.

FOSS
LIN·WIN·MAC
open entry →
Recon & OSINTBeginner

Shodan

Search engine for internet-connected devices — banners, certs, screenshots.

Freemium
WEB·LIN·WIN·MAC
open entry →