theHarvester/README.md

115 lines
3.8 KiB
Markdown
Raw Normal View History

2018-08-09 03:40:29 +08:00
```
*******************************************************************
2014-12-17 07:28:01 +08:00
* *
* | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
* | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
* \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
* *
2018-11-23 05:29:40 +08:00
* TheHarvester Ver. 3.0.1 *
2014-12-17 07:28:01 +08:00
* Coded by Christian Martorella *
* Edge-Security Research *
* cmartorella@edge-security.com *
2018-08-09 03:40:29 +08:00
*******************************************************************
```
2011-05-04 23:07:06 +08:00
What is this?
-------------
2018-03-23 06:40:41 +08:00
theHarvester is a tool for gathering subdomain names, e-mail addresses, virtual
hosts, open ports/ banners, and employee names from different public sources
(search engines, pgp key servers).
Is a really simple tool, but very effective for the early stages of a penetration
test or just to know the visibility of your company in the Internet.
2011-05-04 23:07:06 +08:00
2014-12-17 07:34:08 +08:00
The sources are:
2011-05-04 23:07:06 +08:00
**Passive**:
---------
2018-03-23 06:40:41 +08:00
2018-08-09 03:44:02 +08:00
* threatcrowd: Open source threat intelligence - https://www.threatcrowd.org/
2018-03-23 06:40:41 +08:00
2018-08-09 03:44:02 +08:00
* crtsh: Comodo Certificate search - www.crt.sh
2018-03-23 06:40:41 +08:00
* google: google search engine - www.google.com (With optional google dorking)
2018-08-09 03:44:02 +08:00
* googleCSE: google custom search engine
2014-12-17 07:33:13 +08:00
2018-08-09 03:44:02 +08:00
* google-profiles: google search engine, specific search for Google profiles
2018-08-09 03:44:02 +08:00
* bing: microsoft search engine - www.bing.com
2018-08-09 03:44:02 +08:00
* bingapi: microsoft search engine, through the API (you need to add your Key in
the discovery/bingsearch.py file)
2018-08-09 03:44:02 +08:00
* dogpile: Dogpile search engine - www.dogpile.com
2018-08-09 03:44:02 +08:00
* pgp: pgp key server - mit.edu
2018-08-09 03:44:02 +08:00
* linkedin: google search engine, specific search for Linkedin users
2014-12-17 07:33:13 +08:00
2018-08-09 03:44:02 +08:00
* vhost: Bing virtual hosts search
2014-12-17 07:33:13 +08:00
2018-08-09 03:44:02 +08:00
* twitter: twitter accounts related to an specific domain (uses google search)
2014-12-17 07:33:13 +08:00
2018-08-09 03:44:02 +08:00
* googleplus: users that works in target company (uses google search)
2014-12-17 07:33:13 +08:00
2018-08-09 03:44:02 +08:00
* yahoo: Yahoo search engine
2015-05-11 06:37:00 +08:00
2018-08-09 03:44:02 +08:00
* baidu: Baidu search engine
2014-12-17 07:33:13 +08:00
2018-08-09 03:44:02 +08:00
* shodan: Shodan Computer search engine, will search for ports and banner of the
discovered hosts (http://www.shodanhq.com/)
* hunter: Hunter search engine (you need to add your Key in the discovery/huntersearch.py file)
2018-11-23 07:33:04 +08:00
* google-certificates: Google Certificate Transparency report
Active:
-------
2018-08-09 03:44:02 +08:00
* DNS brute force: this plugin will run a dictionary brute force enumeration
* DNS reverse lookup: reverse lookup of ip´s discovered in order to find hostnames
* DNS TDL expansion: TLD dictionary brute force enumeration
Modules that need API keys to work:
----------------------------------
2018-08-09 03:44:02 +08:00
* googleCSE: You need to create a Google Custom Search engine(CSE), and add your
Google API key and CSE ID in the plugin (discovery/googleCSE.py)
2018-08-09 03:44:02 +08:00
* shodan: You need to provide your API key in discovery/shodansearch.py (one provided at the moment)
2018-11-07 06:13:41 +08:00
* hunter: You need to provide your API key in discovery/huntersearch.py (none is provided at the moment)
2011-05-04 23:07:06 +08:00
Dependencies:
------------
2018-08-09 03:44:02 +08:00
* Requests library (http://docs.python-requests.org/en/latest/)
`pip install requests`
2018-11-23 05:20:06 +08:00
* Beautiful Soup 4 (https://pypi.org/project/beautifulsoup4//)
` pip install beautifulsoup4`
Changelog in 3.0.0:
------------------
2018-08-09 04:08:20 +08:00
* Subdomain takeover checks
* Port scanning (basic)
* Improved DNS dictionary
* Shodan DB search fixed
* Result storage in Sqlite
2018-03-23 06:40:41 +08:00
2015-03-29 03:14:26 +08:00
Comments? Bugs? Requests?
2011-05-04 23:07:06 +08:00
------------------------
cmartorella@edge-security.com
Updates:
--------
2014-12-17 07:33:13 +08:00
https://github.com/laramies/theHarvester
Thanks:
-------
* Matthew Brown @NotoriousRebel
* Janos Zold @Jzod
2018-08-09 04:08:20 +08:00
* John Matherly - SHODAN project
* Lee Baird for suggestions and bugs reporting
* Ahmed Aboul Ela - subdomain names dictionary (big and small)