Using Backtrack 4: Information Gathering: TheHarvester



Finding hosts and thus subdomains, as well as account names and email addresses.


Warming up your penetration test? Then you’re looking for these hosts, accounts and email addresses. Of course these list exactly your initial targets, and if you’re hooking for a particular person their account name is a plum to find. For instance.

Opening Screen:

*TheHarvester Ver. 1.6             *
*Coded by Christian Martorella      *
*Edge-Security Research             *
*      *

Usage: theharvester options

-d: domain to search or company name
-b: data source (google,bing,pgp,linkedin)
-s: start in result number X (default 0)
-v: verify host name via dns resolution
-l: limit the number of results to work with(bing goes from 50 to 50 results,
google 100 to 100, and pgp does’nt use this option)

Examples:./ -d -l 500 -b google
./ -d -b pgp
./ -d microsoft -l 200 -b linkedin


Information gathering

Home Page:
This is one of several tools from Edge-Security. Get to know them.