Tools no image

Published on April 17th, 2012 | by MaxiSoler


theHarvester v2.2 Released

theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).

Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet.

Changelog v2.2

  • Added Jigsaw (www.jigsaw.com)
  • Added 123People (www.123people.com)
  • Added limit to google searches as the maximum results we can obtain is 1000
  • Removed SET, as service was discontinued by Google
  • Fixed parser to remove wrong results like emails starting with @

Actual Sources


  • google: google search engine – www.google.com
  • google-profiles: google search engine, specific search for Google profiles
  • bing: microsoft search engine – www.bing.com
  • bingapi: microsoft search engine, through the API (you need to add your Key in the discovery/bingsearch.py file)
  • pgp: pgp key server – pgp.rediris.es
  • linkedin: google search engine, specific search for Linkedin users
  • shodan: Shodan Computer search engine, will search for ports and banner of the discovered hosts (http://www.shodanhq.com/)
  • vhost: Bing virtual hosts search


  • DNS brute force: this plugin will run a dictionary brute force enumeration
  • DNS reverse lookup: reverse lookup of ip´s discovered in order to find hostnames
  • DNS TDL expansion: TLD dictionary brute force enumeration

Download theHarvester v2.2

Tags: , , ,

About the Author

www.artssec.com @maxisoler

Back to Top ↑