Quick command reference and usage guide for TheHarvester OSINT tool

TheHarvester is a powerful OSINT tool used to gather emails, subdomains, usernames, and more from public sources. Ideal for ethical hackers, bug bounty hunters, and red teamers, this cheatsheet provides all essential commands, modules, and use cases to quickly extract intel from various sources like Google, Shodan, and LinkedIn.

TheHarvester Cheatsheet

The Ultimate OSINT Gathering Tool Reference Guide

Basic TheHarvester Usage

Basic Domain Search
theHarvester -d example.com -l 500 -b all
Search all sources for information about example.com, limited to 500 results.
Show Help
theHarvester -h
Display help message with all available options.
Version Information
theHarvester -v
Display the version of TheHarvester.
Simple Domain Search
theHarvester -d example.com -b google
Search Google for information about example.com.
Limit Results
theHarvester -d example.com -l 200 -b bing
Search Bing for information about example.com, limited to 200 results.
Search Multiple Domains
theHarvester -d example.com,example2.com -b all
Search all sources for multiple domains.

Data Source Options

All Sources
theHarvester -d example.com -b all
Search all available data sources (may be slow).
Google
theHarvester -d example.com -b google
Search Google for emails, subdomains, hosts, and URLs.
Bing
theHarvester -d example.com -b bing
Search Bing for emails, subdomains, hosts, and URLs.
Yahoo
theHarvester -d example.com -b yahoo
Search Yahoo for emails, subdomains, hosts, and URLs.
Baidu
theHarvester -d example.com -b baidu
Search Baidu (Chinese search engine) for information.
DNS Dumpster
theHarvester -d example.com -b dnsdumpster
Use DNS Dumpster for subdomain discovery.
LinkedIn
theHarvester -d example.com -b linkedin
Search LinkedIn for employee names (requires API key).
Twitter
theHarvester -d example.com -b twitter
Search Twitter for related accounts (requires API key).
PGP Key Servers
theHarvester -d example.com -b pgp
Search PGP key servers for emails associated with the domain.
Threat Crowd
theHarvester -d example.com -b threatcrowd
Use Threat Crowd’s API for subdomain discovery.
Censys
theHarvester -d example.com -b censys
Search Censys for hosts and certificates (requires API key).
Crtsh
theHarvester -d example.com -b crtsh
Search crt.sh certificate database for subdomains.
SecurityTrails
theHarvester -d example.com -b securitytrails
Use SecurityTrails API for historical DNS data (requires API key).
Netcraft
theHarvester -d example.com -b netcraft
Search Netcraft for host information.
Virustotal
theHarvester -d example.com -b virustotal
Use Virustotal API for subdomains (requires API key).
Shodan
theHarvester -d example.com -b shodan
Search Shodan for hosts (requires API key).

Advanced TheHarvester Options

Proxy Configuration
theHarvester -d example.com -b google --proxy 127.0.0.1:8080
Use a proxy server for requests.
Take Screenshots
theHarvester -d example.com -b all --take-screenshot
Take screenshots of discovered web pages (requires Selenium).
DNS Brute Force
theHarvester -d example.com -b all --dns-brute
Perform DNS brute force on the domain.
DNS Brute Limit
theHarvester -d example.com --dns-brute --dns-limit 100
Limit DNS brute force to 100 subdomains.
DNS Resolver
theHarvester -d example.com -b all --dns-server 8.8.8.8
Use a specific DNS server for resolutions.
Filename Output
theHarvester -d example.com -b all -f results.html
Save results to an HTML file.
JSON Output
theHarvester -d example.com -b all -j results.json
Save results to a JSON file.
XML Output
theHarvester -d example.com -b all -x results.xml
Save results to an XML file.
CSV Output
theHarvester -d example.com -b all -c results.csv
Save results to a CSV file.
Shodan Filters
theHarvester -d example.com -b shodan --shodan-filters "port:22"
Apply filters to Shodan search results.
Google CSE ID
theHarvester -d example.com -b google --google-cse-id YOUR_CSE_ID
Use a custom Google CSE for searches.
Google API Key
theHarvester -d example.com -b google --google-api-key YOUR_API_KEY
Use a Google API key for searches.
LinkedIn API Key
theHarvester -d example.com -b linkedin --linkedin-api-key YOUR_API_KEY
Use a LinkedIn API key for searches.
Twitter API Keys
theHarvester -d example.com -b twitter --twitter-consumer-key KEY --twitter-consumer-secret SECRET --twitter-access-token TOKEN --twitter-access-token-secret TOKEN_SECRET
Use Twitter API keys for searches.
Virustotal API Key
theHarvester -d example.com -b virustotal --virustotal-api-key YOUR_API_KEY
Use a Virustotal API key for searches.
Shodan API Key
theHarvester -d example.com -b shodan --shodan-api-key YOUR_API_KEY
Use a Shodan API key for searches.
SecurityTrails API Key
theHarvester -d example.com -b securitytrails --securitytrails-api-key YOUR_API_KEY
Use a SecurityTrails API key for searches.

Practical Examples

Basic Reconnaissance
theHarvester -d example.com -l 500 -b google,bing,dnsdumpster -f report.html
Basic reconnaissance with limited results, saving to HTML.
Comprehensive Search
theHarvester -d example.com -b all --dns-brute --take-screenshot -j results.json
Comprehensive search with DNS brute force, screenshots, and JSON output.
Email Collection
theHarvester -d example.com -b google,bing,pgp -l 1000
Focus on collecting emails from multiple sources.
Subdomain Discovery
theHarvester -d example.com -b dnsdumpster,threatcrowd,crtsh --dns-brute --dns-limit 200
Focus on subdomain discovery with brute force.
Employee Discovery
theHarvester -d example.com -b linkedin --linkedin-api-key YOUR_API_KEY
Discover employees using LinkedIn API.
Shodan Host Discovery
theHarvester -d example.com -b shodan --shodan-api-key YOUR_API_KEY --shodan-filters "port:80,443"
Find web servers associated with the domain using Shodan.
Historical DNS Data
theHarvester -d example.com -b securitytrails --securitytrails-api-key YOUR_API_KEY
Retrieve historical DNS data from SecurityTrails.
SSL Certificate Search
theHarvester -d example.com -b censys --censys-api-id YOUR_API_ID --censys-api-secret YOUR_API_SECRET
Search SSL certificates associated with the domain using Censys.
Twitter Account Discovery
theHarvester -d example.com -b twitter --twitter-consumer-key KEY --twitter-consumer-secret SECRET --twitter-access-token TOKEN --twitter-access-token-secret TOKEN_SECRET
Find Twitter accounts associated with the domain.

This cheatsheet is for educational purposes only. Always ensure you have proper authorization before gathering information about any organization.

Related Articles

Discover more from Cyber Samir

Subscribe to get the latest posts sent to your email.

Avatar photo

I'm passionate about technology, coding. I've been interested in computers since I was a kid. My favorite programming languages are python and JavaScript

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *