theHarvester MCP Server
Enables AI assistants to perform domain reconnaissance using theHarvester OSINT tool, including email harvesting, subdomain discovery, DNS brute force, and Shodan integration, via SSH on a Kali Linux host.
README
theHarvester MCP Server
An MCP (Model Context Protocol) server that provides AI assistants with access to theHarvester - a powerful OSINT reconnaissance tool for email and subdomain harvesting during penetration testing.
Overview
theHarvester is one of the most widely used OSINT tools for gathering intelligence during the reconnaissance phase of penetration testing. This MCP server wraps theHarvester's capabilities, allowing AI assistants like Claude to perform domain reconnaissance tasks through a structured interface.
The server executes theHarvester commands via SSH on a Kali Linux host, making it ideal for security professionals who maintain a dedicated Kali environment.
Features
- Email Harvesting - Discover email addresses associated with target domains
- Subdomain Discovery - Find subdomains using 40+ public and premium data sources
- DNS Brute Force - Enumerate subdomains using wordlist-based brute forcing
- Shodan Integration - Query discovered hosts for open ports, services, and banners
- Takeover Detection - Check for subdomain takeover vulnerabilities
- Virtual Host Discovery - Identify virtual hosts on discovered IP addresses
Installation
Prerequisites
- Kali Linux Host - A Kali Linux system accessible via SSH
- SSH Configuration - SSH access configured in
~/.ssh/config - theHarvester - Installed on the Kali host:
sudo apt install theharvester - Node.js - Version 18 or higher
Setup
# Clone the repository
git clone https://github.com/schwarztim/sec-theharvester-mcp.git
cd sec-theharvester-mcp
# Install dependencies
npm install
# Build the project
npm run build
MCP Configuration
Add to your Claude Desktop or MCP client configuration:
{
"mcpServers": {
"theharvester": {
"command": "node",
"args": ["/path/to/sec-theharvester-mcp/dist/index.js"],
"env": {
"KALI_HOST": "kali"
}
}
}
}
Tools
| Tool | Description |
|---|---|
theharvester_search |
Full OSINT search with configurable sources and options |
theharvester_sources |
List available data sources and API requirements |
theharvester_emails |
Quick search focused on email harvesting |
theharvester_hosts |
Quick search for subdomain/host discovery |
theharvester_dns_brute |
DNS brute force enumeration |
theharvester_shodan |
Search with Shodan integration for detailed host info |
theharvester_full_recon |
Comprehensive reconnaissance using all features |
theharvester_check_status |
Verify theHarvester availability on Kali host |
Data Sources
No API Key Required
- anubis, baidu, bing, crtsh, dnsdumpster, duckduckgo
- hackertarget, otx, rapiddns, sitedossier, subdomaincenter
- threatminer, urlscan, yahoo
API Key Required
- bevigil, binaryedge, brave, bufferoverun, censys
- criminalip, fullhunt, github-code, hunter, hunterhow
- intelx, leakix, netlas, onyphe, pentesttools
- projectdiscovery, rocketreach, securityscorecard
- securitytrails, shodan, tomba, virustotal, zoomeye
Configure API keys in theHarvester's configuration file on your Kali host.
Configuration
Environment Variables
| Variable | Default | Description |
|---|---|---|
KALI_HOST |
kali |
SSH hostname for Kali Linux system |
SSH Setup
Ensure your SSH config (~/.ssh/config) includes an entry for your Kali host:
Host kali
HostName 192.168.1.100
User root
IdentityFile ~/.ssh/kali_key
Usage Examples
Basic Domain Search
{
"tool": "theharvester_search",
"arguments": {
"domain": "example.com",
"sources": ["bing", "crtsh", "dnsdumpster"],
"limit": 500
}
}
Email Harvesting
{
"tool": "theharvester_emails",
"arguments": {
"domain": "example.com",
"sources": ["hunter", "tomba", "bing"]
}
}
Subdomain Discovery with DNS Resolution
{
"tool": "theharvester_hosts",
"arguments": {
"domain": "example.com",
"dns_resolve": true,
"dns_brute": true
}
}
Full Reconnaissance
{
"tool": "theharvester_full_recon",
"arguments": {
"domain": "example.com"
}
}
Output Format
All tools return structured JSON with:
- Parsed results (emails, hosts, IPs, URLs, ASNs)
- Statistics and metadata
- Raw output for detailed analysis
Example response:
{
"domain": "example.com",
"sources": ["bing", "crtsh"],
"emails": ["admin@example.com", "support@example.com"],
"hosts": ["www.example.com", "mail.example.com"],
"ips": ["93.184.216.34"],
"urls": [],
"asns": [],
"interesting_urls": [],
"raw_output": "..."
}
Security Considerations
- This tool is intended for authorized security testing only
- Always obtain proper authorization before scanning any domain
- Be mindful of rate limits on data source APIs
- Some sources may log your queries
Development
# Watch mode for development
npm run dev
# Build for production
npm run build
# Run the server
npm start
Related Projects
- theHarvester - The underlying OSINT tool
- Model Context Protocol - MCP specification
License
MIT License - see LICENSE for details.
Disclaimer
This tool is provided for educational and authorized security testing purposes only. Users are responsible for ensuring they have proper authorization before scanning any systems or domains. The authors are not responsible for any misuse of this software.
推荐服务器
Baidu Map
百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。
Playwright MCP Server
一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。
Magic Component Platform (MCP)
一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。
Audiense Insights MCP Server
通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。
VeyraX
一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。
graphlit-mcp-server
模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。
Kagi MCP Server
一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。
e2b-mcp-server
使用 MCP 通过 e2b 运行代码。
Neon MCP Server
用于与 Neon 管理 API 和数据库交互的 MCP 服务器
Exa MCP Server
模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。