Usage: theHarvester [-h] -d DOMAIN [-l LIMIT] [-S START] [-p] [-s]
[--screenshot SCREENSHOT] [-v] [-e DNS_SERVER] [-t] [-r [DNS_RESOLVE]] [-n] [-c] [-f FILENAME] [-b SOURCE]
| Options | Description |
|---|---|
| -h, --help | Show this help message and exit |
| -d, --domain Required | Company name or domain to search. |
| -l, --limit | Limit the number of search results |
| -S, --start | Start with result number X |
| -p, --proxies | Use proxies for requests, enter proxies in proxies.yaml. |
| -s, --shodan | Use Shodan to query discovered hosts. |
| --screenshot Disabled | Take screenshots of resolved domains. Specify output directory. |
| -v, --virtual-host | Verify host name via DNS resolution and search for virtual hosts. |
| -e, --dns-server | DNS server to use for lookup. |
| -t, --take-over | Check for takeovers. |
| -r, --dns-resolve | Perform DNS resolution on subdomains with a resolver list or passed in resolvers. |
| -n, --dns-lookup | Enable DNS server lookup. |
| -c, --dns-brute | Perform a DNS brute force on the domain. |
| -f, --filename Disabled | Save the results to an XML and JSON file. |
| -b, --source |
Data sources to use.
Choices: anubis, baidu, bevigil, binaryedge, bing, bingapi, brave, bufferoverun, censys, certspotter, criminalip, crtsh, duckduckgo, fullhunt, github-code, hackertarget, hunter, hunterhow, intelx, netlas, onyphe, otx, pentesttools, projectdiscovery, rapiddns, rocketreach, securityTrails, sitedossier, subdomaincenter, subdomainfinderc99, threatminer, tomba, urlscan, virustotal, yahoo, whoisxml, zoomeye, venacus |
theHarvester online
An easy-to-use but powerful tool for reconnaissance during the red team assessment or penetration test phase. With OSINT, it collects names, emails, IP addresses, subdomains and URLs from public sources.
Homepage
v3.4.1