theHarvester — Install, Use, Optimise (2026)

Manish Garg
Manish Garg Associate of (ISC)² · RingSafe
Apr 29, 2026
2 min read

OSINT email, host, and metadata gathering across search engines, PGP, Shodan, and corporate-disclosure sources.

Use case: OSINTDifficulty: BeginnerHomepage: https://github.com/laramies/theHarvester

Installation

Pick the install method that matches your stack. The Docker option is the cleanest for one-off scans where you don’t want to pollute your workstation.

Linux (apt)

sudo apt install theharvester

pipx (recommended)

pipx install theHarvester

Source

git clone https://github.com/laramies/theHarvester && cd theHarvester && pip install -r requirements.txt

Core commands

The handful of invocations you’ll actually run on 90% of engagements:

Emails + hosts via Bing

theHarvester -d target.com -b bing -l 500

All sources, save HTML report

theHarvester -d target.com -b all -f report.html

DNS brute force

theHarvester -d target.com -c -l 500

Take screenshots of hosts

theHarvester -d target.com -b all --screenshot ./screens/

Performance optimisation

What separates a junior who runs the default invocation from a practitioner who knows the knobs:

  • -l 500 caps results per source. Default is 500 and that’s a healthy sweet spot — going higher hits rate-limits.
  • API keys in api-keys.yaml for Shodan, SecurityTrails, Hunter unlock the highest-value sources.
  • -b all takes 5-15 min on typical domain. Run async/background.
  • Output formats: -f for HTML/JSON/XML — XML for ingestion into Recon-ng or Maltego.

Common pitfalls

Real failure modes that bite people on engagements. Most are recoverable; a few are reputation-damaging.

  • Half the listed sources require API keys. Without keys, output is mostly Google/Bing/DuckDuckGo — limited.
  • Email-harvest results are HEAVILY stale. Cross-check with hunter.io or LinkedIn.
  • Some sources (e.g. Shodan free tier) cap to 100 results regardless of -l.

Modern alternatives in 2026

The ecosystem moves fast. These are tools you should at least be aware of:

  • spiderfoot — full-spectrum OSINT framework, dashboard UI.
  • recon-ng — modular, scriptable.
  • maltego — graph-first, commercial.

India context and engagement notes

For India-context OSINT: combine theHarvester with linkedin2username for plausible username generation, and search NSDL/ROC public filings for corporate hierarchy. Useful in social engineering pretext development.

⚖️ Legal: Use only on systems you own or have explicit written authorisation to test. In India, unauthorised access is punishable under Section 66 of the IT Act, 2000 (up to 3 years imprisonment + fine). Pair every engagement with a signed Statement of Work or Rules of Engagement before running anything from this page.

Continue learning

Want this for your team?

Custom team training + practitioner advisory

Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.

Book team training call Replies in 4 working hrs · India-only · Senior consultants
Continue Learning

Related Academy modules

View all modules
Hacking Tools 2026

Caido for Web Pentest — A Modern Alternative to Burp Suite Pro (Hands-On Walkthrough)

Caido is the first credible challenger to Burp Suite Pro — Rust-built, web UI, multi-tester collaboration.…

May 8, 2026 · 6 min read
Hacking Tools 2026

Burp Suite Pro 2026 — Five Production Bambdas and Three Custom BChecks (Paste-Ready)

Burp Bambdas (per-request JavaScript) and BChecks (YAML scanner checks) are the highest-leverage features in Burp Pro…

May 8, 2026 · 6 min read
Hacking Tools 2026

Sliver C2 Operator Guide — Implants, Transports, OPSEC, and the Detection Patterns Blue Teams Should Hunt

Sliver is the open-source post-Cobalt-Strike C2 framework — accessible to Indian red teams without licensing barriers,…

May 8, 2026 · 6 min read