theHarvester is designed to gather email addresses, domains, and employee details for a given company. theHarvester uses multiple open sources on the internet, such as search engines, to piece together details in a readable format.

To get started with theHarvester, execute the following steps:

1. Open a Terminal window and execute theharvester. The description and usage of the tool will be presented on the Terminal, as shown in the following screenshot:

2. Let's attempt to gather the email addresses of employees of a company whose email addresses are published publicly, such as on forums, websites, blogs, and social media platforms. We can use the theharvester –d <domain> –b <data source> command to do this. In our example, we'll search for email addresses of the checkpoint.com domain while using Google as the data source:

The results have provided us with some corporate email accounts of some of the employees of the company and the IP addresses of some subdomains. I would recommend using various data sources to gather as much information as possible. One purpose of gathering the email addresses of a company is to perform phishing attacks.

Next, we are going to use the Shodan search engine, which indexes Internet of Things (IoT) and other online devices to retrieve information about a potential target.