Automating OSINT for Contacts

Collecting a list of employee email addresses is crucial for launching targeted spear phishing or social engineering campaigns.

theHarvester is a passive reconnaissance tool built into Kali Linux that searches public data sources (search engines, LinkedIn, specialized databases) to find email addresses, employee names, hostnames, and subdomains associated with a target domain.

How it Works

theHarvester uses search engine queries (like Google Dorks) and API lookups to gather data.

Basic Usage Syntax

bash theharvester -d [domain] -l [limit] -b [source]

Example: Searching for up to 50 results related to targetcorp.com using Google and LinkedIn:

bash theharvester -d targetcorp.com -l 50 -b google,linkedin

Security Relevance: A large list of correctly formatted email addresses (e.g., firstname.lastname@target.com) provides a powerful foundation for social engineering attacks.