theHarvester 命令

常用示例

说明

theHarvester is an open-source intelligence (OSINT) tool used during reconnaissance in penetration testing and red team assessments. It gathers publicly available information about a target domain including email addresses, subdomains, hostnames, employee names, and open ports. The tool queries multiple data sources including search engines, certificate databases, DNS databases, and security-focused services. Results can be saved for further analysis. Many advanced sources require API keys configured in the api-keys.yaml file within the theHarvester installation directory.

参数

-d _domain_

Target domain to search (required).

-b _source_

Data source to use: google, bing, yahoo, duckduckgo, github-code, linkedin, shodan, virustotal, certspotter, crtsh, dnsdumpster, hunter, securityTrails, all, and others.

-l _limit_

Limit the number of search results.

-f _filename_

Output filename to save results (HTML/XML format).

-S _start_

Start result number for search pagination.

-e _server_

Use a specific DNS server for lookups.

-p

Route requests through a proxy server.

-s

Use Shodan to query discovered hosts.

-c

Verify discovered hosts via HTTP/HTTPS.

-n

Enable DNS server lookup.

-r _file_

Perform reverse DNS lookups on discovered ranges.

-w _wordlist_

DNS brute force using a wordlist for subdomain discovery.

--take-over

Check for possible subdomain takeover vulnerabilities.

--screenshot _path_

Take screenshots of discovered web pages.

-v

Show version information.