Today we’ll be running through a simple tutorial with the Harvester. We’ll show you how to run the Harvester, how it’s used, and it’s value for pentesters and hackers. The Harvester comes prepackaged in Kali Linux, but can be installed on other Linux systems. For this article, we’re going to utilize a Kali box.
What is the Harvester?
The Harvester is an automated information gathering tool and pretty darn useful for hackers. Unlike other hacking tools, the Harvester doesn’t use advanced algorithms to crack passwords, test firewalls, or capture local network data. Instead, it gathers public information such as the names of employees, email addresses, subdomains, banners, and other public information. But why collect this information, you might ask? Well, it is extremely important in the first stage of reconnaissance and information gathering. Information helps hackers or pentesters understand their target, and help map their attack tactics.

Furthermore, it will help paint a map the the target’s Internet footprint. In addition, it’s useful for organizations who want to see how much of their employees’ information is available to the public on freely accessible web pages. The latest version of the tool has added some useful features such as the ability to set time delays between web server requests, improved sources search, enumeration techniques, graph and statistic plotting, SHODAN integration, and more. Essentially, given certain criteria, the Harvester will run around on the Internet as your surrogate, snatching up any and all information that fits certain criteria.
Using the Harvester
The Harvester has a basic command syntax outlined below:
theharvester -d [domain] -l [number_of_results] -b [source_of_search_query]
Using the preceding query on a domain of your choice will return email addresses, depending on how many you set the limit to. And the results can be stored in a file of your choosing. For instance, I could run the following query on a school’s website to gather email addresses of all the faculty:
theharvester -d kali.com -l 200 -b duckduckgo

…and that’s about all there is to it. See? I told you it was simple! Of course, there are some additional special options and flags, but that’s the Harvester in a nutshell. Note that you can substitute different domains and search engines, too. Also consider that you could use the collected email addresses as tools to attack login passwords through account recovery procedures. But don’t do that in real life – just know that hackers can utilize the Harvester this way.
Final Thoughts
Normally with Kali tutorials, I have to give a disclaimer detailing a spiel about how you shouldn’t abuse the tool we used. After all, breaking into computer systems is against the law. However, the Harvester program is different. You can use it to your hearts desire to gather information as much as you want – so long as you don’t abuse the data.
I don’t need to provide a disclaimer because all the information it gathers is already in the public domain. If you really wanted to, I suppose you could manually crawl the web to gather all the information that this tool collects – but it would take a while. The only real abuse I can see someone easily committing with this tool (without the aid of more sophisticated hacking, reconnaissance, and information gather tools) is farming email addresses for a spammy marketing campaign. Other than that, feel free to play around with this tool and craft your own unique queries. You can read more about the Harvester on the Kali Linux tool page or directly from the GitHub repo.
Leave a Reply