2018-08-09 03:38:53 +08:00
|
|
|
|
```*******************************************************************
|
2014-12-17 07:28:01 +08:00
|
|
|
|
* *
|
|
|
|
|
|
* | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
|
|
|
|
|
|
* | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
|
|
|
|
|
|
* | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
|
|
|
|
|
|
* \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
|
|
|
|
|
|
* *
|
2018-08-09 03:34:10 +08:00
|
|
|
|
* TheHarvester Ver. 3.0.0 *
|
2014-12-17 07:28:01 +08:00
|
|
|
|
* Coded by Christian Martorella *
|
|
|
|
|
|
* Edge-Security Research *
|
|
|
|
|
|
* cmartorella@edge-security.com *
|
2018-08-09 03:38:53 +08:00
|
|
|
|
*******************************************************************```
|
2011-05-04 23:07:06 +08:00
|
|
|
|
|
|
|
|
|
|
What is this?
|
|
|
|
|
|
-------------
|
|
|
|
|
|
|
2018-03-23 06:40:41 +08:00
|
|
|
|
theHarvester is a tool for gathering subdomain names, e-mail addresses, virtual
|
2014-12-17 07:25:12 +08:00
|
|
|
|
hosts, open ports/ banners, and employee names from different public sources
|
|
|
|
|
|
(search engines, pgp key servers).
|
|
|
|
|
|
|
|
|
|
|
|
Is a really simple tool, but very effective for the early stages of a penetration
|
|
|
|
|
|
test or just to know the visibility of your company in the Internet.
|
2011-05-04 23:07:06 +08:00
|
|
|
|
|
2014-12-17 07:34:08 +08:00
|
|
|
|
The sources are:
|
2011-05-04 23:07:06 +08:00
|
|
|
|
|
2018-08-09 03:34:10 +08:00
|
|
|
|
**Passive**:
|
|
|
|
|
|
---------
|
2018-03-23 06:40:41 +08:00
|
|
|
|
|
2018-08-09 03:34:10 +08:00
|
|
|
|
-threatcrowd: Open source threat intelligence - https://www.threatcrowd.org/
|
2018-03-23 06:40:41 +08:00
|
|
|
|
|
|
|
|
|
|
-crtsh: Comodo Certificate search - www.crt.sh
|
|
|
|
|
|
|
2014-12-17 07:25:12 +08:00
|
|
|
|
-google: google search engine - www.google.com
|
|
|
|
|
|
|
2014-12-17 07:33:13 +08:00
|
|
|
|
-googleCSE: google custom search engine
|
|
|
|
|
|
|
2014-12-17 07:25:12 +08:00
|
|
|
|
-google-profiles: google search engine, specific search for Google profiles
|
|
|
|
|
|
|
|
|
|
|
|
-bing: microsoft search engine - www.bing.com
|
|
|
|
|
|
|
|
|
|
|
|
-bingapi: microsoft search engine, through the API (you need to add your Key in
|
|
|
|
|
|
the discovery/bingsearch.py file)
|
|
|
|
|
|
|
2016-10-11 16:57:24 +08:00
|
|
|
|
-dogpile: Dogpile search engine - www.dogpile.com
|
|
|
|
|
|
|
2016-10-11 16:28:37 +08:00
|
|
|
|
-pgp: pgp key server - mit.edu
|
2014-12-17 07:25:12 +08:00
|
|
|
|
|
|
|
|
|
|
-linkedin: google search engine, specific search for Linkedin users
|
|
|
|
|
|
|
2014-12-17 07:33:13 +08:00
|
|
|
|
|
|
|
|
|
|
-vhost: Bing virtual hosts search
|
|
|
|
|
|
|
|
|
|
|
|
-twitter: twitter accounts related to an specific domain (uses google search)
|
|
|
|
|
|
|
|
|
|
|
|
-googleplus: users that works in target company (uses google search)
|
|
|
|
|
|
|
2015-05-11 06:37:00 +08:00
|
|
|
|
-yahoo: Yahoo search engine
|
|
|
|
|
|
|
|
|
|
|
|
-baidu: Baidu search engine
|
2014-12-17 07:33:13 +08:00
|
|
|
|
|
2014-12-17 07:25:12 +08:00
|
|
|
|
-shodan: Shodan Computer search engine, will search for ports and banner of the
|
|
|
|
|
|
discovered hosts (http://www.shodanhq.com/)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Active:
|
|
|
|
|
|
-------
|
|
|
|
|
|
-DNS brute force: this plugin will run a dictionary brute force enumeration
|
|
|
|
|
|
-DNS reverse lookup: reverse lookup of ip´s discovered in order to find hostnames
|
|
|
|
|
|
-DNS TDL expansion: TLD dictionary brute force enumeration
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Modules that need API keys to work:
|
|
|
|
|
|
----------------------------------
|
|
|
|
|
|
-googleCSE: You need to create a Google Custom Search engine(CSE), and add your
|
|
|
|
|
|
Google API key and CSE ID in the plugin (discovery/googleCSE.py)
|
|
|
|
|
|
-shodan: You need to provide your API key in discovery/shodansearch.py
|
|
|
|
|
|
|
2011-05-04 23:07:06 +08:00
|
|
|
|
|
|
|
|
|
|
Dependencies:
|
|
|
|
|
|
------------
|
2014-12-17 20:24:32 +08:00
|
|
|
|
-Requests library (http://docs.python-requests.org/en/latest/)
|
2015-07-05 17:06:33 +08:00
|
|
|
|
`pip install requests`
|
|
|
|
|
|
|
2018-08-09 03:34:10 +08:00
|
|
|
|
|
|
|
|
|
|
Changelog in 3.0.0:
|
|
|
|
|
|
------------------
|
|
|
|
|
|
-Subdomain takeover checks
|
|
|
|
|
|
-Port scanning (basic)
|
|
|
|
|
|
-Improved DNS dictionary
|
2018-08-09 03:38:53 +08:00
|
|
|
|
-Shodan DB search fixed
|
|
|
|
|
|
-Result storage in Sqlite
|
|
|
|
|
|
|
2018-08-09 03:34:10 +08:00
|
|
|
|
|
|
|
|
|
|
|
2018-03-23 06:40:41 +08:00
|
|
|
|
Changelog in 2.7.2:
|
|
|
|
|
|
------------------
|
|
|
|
|
|
-Added threatcrowd
|
|
|
|
|
|
-Added IP resolution for all results
|
|
|
|
|
|
-Basic local storage of results using Sqlite (WIP)
|
|
|
|
|
|
|
|
|
|
|
|
|
2015-03-29 03:14:26 +08:00
|
|
|
|
Comments? Bugs? Requests?
|
2011-05-04 23:07:06 +08:00
|
|
|
|
------------------------
|
|
|
|
|
|
cmartorella@edge-security.com
|
2014-12-17 07:25:12 +08:00
|
|
|
|
|
|
|
|
|
|
Updates:
|
|
|
|
|
|
--------
|
2014-12-17 07:33:13 +08:00
|
|
|
|
https://github.com/laramies/theHarvester
|
2014-12-17 07:25:12 +08:00
|
|
|
|
|
|
|
|
|
|
Thanks:
|
|
|
|
|
|
-------
|
|
|
|
|
|
John Matherly - SHODAN project
|
|
|
|
|
|
Lee Baird for suggestions and bugs reporting
|
2018-08-09 03:34:10 +08:00
|
|
|
|
Ahmed Aboul Ela - subdomain names dictionary (big and small)
|
