Show Menu

theHarvester Cheat Sheet Cheat Sheet by

TheHarvester is used for gathering a range of information such as emails, sub-domains, hosts, from different public sources. This is a passive reconnaissance tool.


[-h] -d DOMAIN [-l LIMIT] [-S START] [-g] [-p] [-s] [--scr­eenshot SCREEN­SHOT] [-v] [-e DNS_SE­RVER] [-t DNS_TLD] [-r] [-n] [-c] [-f FILENAME] [-b SOURCE]

Optional Arguments:

Company name or domain to search
Limit the number of search results, defaul­t=500.
Start with result number X, default=0.
Use Google Dorks for Google search.
Use proxies for requests, enter proxies in proxie­s.yaml.
Use Shodan to query discovered hosts.
--scre­enshot SCREENSHOT
Take screen­shots of resolved domains specify output directory: --scre­enshot output­_di­rectory
Verify host name via DNS resolution and search for virtual hosts.
DNS server to use for lookup.
Perform a DNS TLD expansion discovery, default False.
Check for takeovers.
Enable DNS server lookup, default False.
Perform a DNS brute force on the domain.
Save the results to an XML and JSON file.
anubis, baidu, bing, binary­edge, bingapi, buffer­overun, censys, certsp­otter, crtsh, dnsdum­pster, duckdu­ckgo, github­-code, google, hacker­target, hunter, intelx, linkedin, linked­in_­links, netcraft, omnisint, otx, pentes­ttools, projec­tdi­sco­very, qwant, rapiddns, rocket­reach, securi­tyT­rails, spyse, sublist3r, threat­crowd, threat­miner, trello, twitter, urlscan, virust­otal, yahoo, zoomeye, all
Arguments to further control your output, italics are user entered.


theHar­vester -d micros­ -l 500 -b google -f myresu­lts.html
theHar­vester -d micros­ -b pgp, virustotal
theHar­vester -d microsoft -l 200 -b linkedin
theHar­vester -d micros­ -l 200 -g -b google
theHar­vester -d -b googleCSE -l 500 -s 300
theHar­vester -d cornel­ -l 100 -b bing


No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.