Python theHarvester – How to use it?

theHarvester is another tool like sublist3r which is developed using Python. This tool can be used by penetration testers  for gathering information of emails, sub-domains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool can be used in passive reconnaissance  and by anyone who needs to know what an attacker can see about the organization.

How to install theHarvester

If you are using a Kali Linux machine then this tool is already installed in it, just type the command 




It  will generate a help menu and list all available options which looks like this:

root@kali:~# theharvester

*                                                                 *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __| '_ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__, _|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* TheHarvester Ver. 3.0.0                                         *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
*                                   *

Usage: theharvester options 

       -d: Domain to search or company name
       -b: data source: baidu, bing, bingapi, dogpile, google, googleCSE,
                        googleplus, google-profiles, linkedin, pgp, twitter, vhost, 
                        virustotal, threatcrowd, crtsh, netcraft, yahoo, all

       -s: start in result number X (default: 0)
       -v: verify host name via dns resolution and search for virtual hosts
       -f: save the results into an HTML and XML file (both)
       -n: perform a DNS reverse query on all ranges discovered
       -c: perform a DNS brute force for the domain name
       -t: perform a DNS TLD expansion discovery
       -e: use this DNS server
       -p: port scan the detected hosts and check for Takeovers (80, 443, 22, 21, 8080)
       -l: limit the number of results to work with(bing goes from 50 to 50 results,
            google 100 to 100, and pgp doesn't use this option)
       -h: use SHODAN database to query discovered hosts

        theharvester -d -l 500 -b google -h myresults.html
        theharvester -d -b pgp
        theharvester -d microsoft -l 200 -b linkedin
        theharvester -d -b googleCSE -l 500 -s 300

To install it in other Linux os you can use the command

 sudo apt-get theharvester

If this do not work you can clone thhe Git hub repository and use it using commands

git clone
cd theHarvester
sudo python ./


Search email addresses from domain with results of 200 and using Bing as data source.

theharvester -d -l 200 -b bing

Attention geek! Strengthen your foundations with the Python Programming Foundation Course and learn the basics.

To begin with, your interview preparations Enhance your Data Structures concepts with the Python DS Course.

My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using or mail your article to See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.

Article Tags :

Be the First to upvote.

Please write to us at to report any issue with the above content.