UberHarvest – Email & Domain Harvesting Multi Purpose Tool

This FREE tool was designed to get a user to enter an individual website or load a text file containing many URLs at once. Once the URL(s) have been entered, the uberharvest application crawl through the website (and all the links within that website) searching for valid email addresses. The application can search for email addresses randomly (i.e. [email protected] or the user can chose to search for email addresses for a specific domain (i.e. for www.ubersec.com the application can search for all @ubersec.com email addresses within the website). 
Then the user can chose to either print the results on the screen or save them into a text file or print them out to an XML file with XSL style-sheet. In addition, the application can also be used to search for Mail Exchange (MX) server Internet Protocol (IP) addresses corresponding with each URL that has been found by the uberharvest application. And then that information can be used by the uberharvest application to test if the MX server is also an Open-Relay server or not. Yet, the uberharvest application also provides the user with the option to use a random user-agent crawling each link and performing the scans using anonymous proxy servers.


The uberharvest tool was designed in the Python language. It requires Python version 2.52 and UP to work properly. If you are using Ubuntu/Backtrack and you have a Python version that is lower than the Python 2.52 supported version, please refer my blog for instructions on downloading and switching a newer version of Python.

Uberharvest also require the user to manually download and install Network Mapper (NMAP) from http://www.insecure.org

Uberharvest Features

Harvest for email addresses from one website or many at once

Get target website domain name, domain IP and Geo location

Scan target website for Mail Exchange (MX) servers IP address.

Test whether the target MX servers are open-relay server

Get the target web server version and x-powered-by from the header

Harvest information using evasion techniques through the use of anonymous proxy and different user-agents.

Get target server domains from Google search engine

Use the UP ARROW to reuse old input to increase time efficiency

Print out results in XML format and XSL style-sheet.


This tool was created by Yakov Goldberg for legal penetration testing purposes only. The tool is FREE of charge and must only be used for helping society and improving upon cyber security. That tool (uberharvest) was created to automate and make the life of security professionals a little easier. Thus, this tool MUST NOT is used to harm any entity or cause an damage. Yakov Goldberg does not claim any responsibility for any information that is retrieved by using this tool and any other further reckless or intentional malicious or none malicious attacks that someone might or may attempt to do by using the information gathered from this tool.

Operating System(s) compatibility

The uberharvest tool was designed by the Python language and is currently compatible with newer UBUNTU/Backtrack releases. However, all other Linux distribution users may try to attempt using the Uberharvest application as well. Yet, the instructions below are compatible with UBUNTU only so none UBUNTU users may need to refer to some other websites to get some instructions other than those provided in this website for installing modules and perquisites required for using the uberharvest tool. Uberharvest have been tested in the following Ubuntu/Backtrack distributions:

Distributor ID: Ubuntu
Description: Ubuntu 10.04.2 LTS
Release: 10.04
Codename: lucid

Distributor ID: Ubuntu
Description: Ubuntu 10.10
Release: 10.10
Codename: maverick

Distributor ID: BackTrack
Description: BackTrack 4 R2
Release: 4 R2
Codename: Nemesis

Distributor ID: Ubuntu
Description: Ubuntu 11.10
Release: 11.10
Codename: oneiric

Distributor ID: BackTrack 5

Download and installation process

[email protected]:~ #wget http://ubersec.com/downloads/uberharvest_2_80.tar.bz2
[email protected]:~ #md5sum uberharvest_2_80.tar.bz2
Now compare the md5sum value with the value posted in www.ubersec.com/downloads
[email protected]:~ #bzip2 -cd uberharvest_2_80.tar.bz2 | tar xvf –
[email protected]:~ #cd <uberharvest folder>
[email protected]:~/uberharvest#./setup


The following tag [-m] will load the uberharvest tool and require the user to type one URL address of a
website he or she are interested in for harvesting email address.

[email protected]:~/uberharvest#./uberharvest -m


Now you will be required to type a full website address that you would like to scan
Please enter a valid web address. For example, http://www.ubersec.com

Please enter the address: http://www.ubersec.com

I typed this full URL http://www.ubersec.com for scanning this website

Would you like to search for a specific email address domain? For example, @ubersec.com

[Y]es – The user will specify domain name (i.e. ubersec.com)
[N]o – The tool will search for random emails (i.e. <wildcard>@ <wildcard>.<wildcard>)

Please type Y or N:n

If you select [y], you will have to specify a domain name such as ubersec.com or @ubersec.com.
In that case, uberharvest will search through the website and harvest all email that follow the
<wildcard>@ubersec.com criteria.
If you select [n], the uberharvest tool will search through the target website and harvest all emails (i.e.
<wildcard>@ <wildcard>.<wildcard>)


Would you like to save output to a text file?

[Y]es – The output will be saved to a file
[N]o – The output will be displayed on the screen

Please type Y or N: n

If you select [n], the output will be displayed on the screen only.
If you select [y], the output will be save on a results will be saved to a file in the [vault/] folder


Would you like to search only for URLs that are specific for the website that you are interested?


For example, if your website is http://www.ubersec.com if you say [Y], uberharvest will only search for emails within links that belong to ubersec.com rather than jumping to other websites.

[Y]es – Uberharvest will only search for emails in links that belong to that website (i.e. ubersec.com)
[N]o – Uberharvest will search for emails also in other links that are referenced in the website.

Please type Y or N:n

If you select [n], uberharvest tool will search through www.ubersec.com website, get all other links mention in the ubersec website and finally the tool will search within these links for all other email addresses.
If you select [y], uberharvest tool will search through www.ubersec.com website, get only the links that belongs to ubersec.com and finally search within these links for all other email addresses.

Press [Enter] and off we go…


More tutorials and updates can be found Here.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...