Recon & OSINT

theHarvester

Email, subdomain, and host OSINT gathering.

osintrecon

theharvester — terminal

$ theHarvester -d example.com -b all

What it does

theHarvester collects emails, names, subdomains, IPs, and URLs from public sources like search engines and certificate transparency logs. Useful for early footprinting of a target organization.

Source

https://github.com/laramies/theHarvester ↗

More Recon & OSINT tools

AmassIn-depth DNS enumeration and attack-surface mapping.SubfinderPassive subdomain discovery at scale.dnsxFast, multi-purpose DNS toolkit for resolution and probing.MetagoofilMetadata extraction from public documents.

Need hosted scanning instead of local tooling?

Run a scan in the browser →