Although there might be a handful of proprietary tools out there with this capability, the spirit of open source is on full-display in the tool we are reviewing today. theHarvester is super-simple to install and obtains its data from a dozen plus sources, paid and free. The good news is tha it includes a native integration with the SecurityTrails API™.

What is theHarvester? theHarvester (purposely spelt with a lower-case ‘t’ at the beginning) is a commandline-based tool made by the team at Edge-Security. It is a Python-based tool meant to be used in the initial stages of an investigation by leveraging open source Intelligence (OSINT) to help determine a company’s external threat landscape on the internet.

The tool was originally designed to be used in the early stages of a penetration test or red team engagement. However, the passive reconnaissance abilities of theHarvester also make it suitable for blue or purple teams, depending on the situation.