theHarvester/README.md

```
*******************************************************************
*                                                                 *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __| '_ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* theHarvester 3.0.6 v322                                         *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* cmartorella@edge-security.com                                   *
*******************************************************************
```
[![Build Status](https://travis-ci.com/laramies/theHarvester.svg?branch=master)](https://travis-ci.com/laramies/theHarvester)

What is this?
-------------
theHarvester is a very simple, yet effective tool designed to be used in the early<br>
stages of a penetration test. Use it for open source intelligence gathering and helping<br>
to determine a company's external threat landscape on the internet. The tool gathers<br>
emails, names, subdomains, IPs, and URLs using multiple public data sources that include:

Passive:
--------
* baidu: Baidu search engine

* bing: Microsoft search engine - www.bing.com

* bingapi: Microsoft search engine, through the API (Requires API key, see below.)

* censys: Censys.io search engine

* crtsh: Comodo Certificate search - www.crt.sh

* cymon: Cymon.io search engine

* dogpile: Dogpile search engine - www.dogpile.com

* duckduckgo: DuckDuckGo search engine - www.duckduckgo.com 

* google: Google search engine (Optional Google dorking.) - www.google.com

* google-certificates: Google Certificate Transparency report

* hunter: Hunter search engine (Requires API key, see below.) - www.hunter.io

* intelx: Intelx search engine (Requires API key, see below.) - www.intelx.io

* linkedin: Google search engine, specific search for Linkedin users

* netcraft: Netcraft Data Mining

* securityTrails: Security Trails search engine, the world's largest repository<br>
  of historical DNS data (Requires API key, see below.) - www.securitytrails.com

* shodan: Shodan search engine, will search for ports and banners from discovered<br>
  hosts - www.shodanhq.com

* threatcrowd: Open source threat intelligence - www.threatcrowd.org

* trello: Search trello boards (Uses Google search.)

* twitter: Twitter accounts related to a specific domain (Uses Google search.)

* vhost: Bing virtual hosts search

* virustotal: Virustotal.com domain search  

* yahoo: Yahoo search engine

* all: currently a subset of all the most effective plugins

Active:
-------
* DNS brute force: dictionary brute force enumeration
* DNS reverse lookup: reverse lookup of IP´s discovered in order to find hostnames
* DNS TDL expansion: TLD dictionary brute force enumeration

Modules that require an API key:
--------------------------------
Add your keys to api-keys.yaml

* hunter: API key
* intelx: API key
* securityTrails: API key
* shodan: API key

Dependencies:
-------------
* Python 3.6
* python3 -m pip install -r requirements.txt

Changelog in 3.0:
-----------------
* Subdomain takeover checks.
* Port scanning (basic).
* Improved DNS dictionary.
* Shodan DB search fixed.
* Result storage in Sqlite.

Comments, bugs, or requests?
----------------------------
cmartorella@edge-security.com

Main contributors:
------------------
* Matthew Brown @NotoriousRebel
* Janos Zold @Jzold
* Lee Baird @discoverscripts [![Twitter Follow](https://img.shields.io/twitter/follow/discoverscripts.svg?style=social&label=Follow)](https://twitter.com/discoverscripts)
* Jay Townsend @L1ghtn1ng [![Twitter Follow](https://img.shields.io/twitter/follow/jay_townsend1.svg?style=social&label=Follow)](https://twitter.com/jay_townsend1)

Thanks:
-------
* John Matherly - Shodan project
* Ahmed Aboul Ela - subdomain names dictionaries (big and small)
-												MD fix

											
										
										
											2018-08-09 03:40:29 +08:00
+								```
 								*******************************************************************
-												Logo

											
										
										
											2014-12-17 07:28:01 +08:00
+								*                                                                 *
 								* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
 								* | __| '_ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
 								* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
 								*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
 								*                                                                 *
-												Removed googleCSE.

											
										
										
											2019-02-26 11:02:08 +08:00
+								* theHarvester 3.0.6 v322                                         *
-												Logo

											
										
										
											2014-12-17 07:28:01 +08:00
+								* Coded by Christian Martorella                                   *
 								* Edge-Security Research                                          *
 								* cmartorella@edge-security.com                                   *
-												MD fix

											
										
										
											2018-08-09 03:40:29 +08:00
+								*******************************************************************
 								```
-												Add build status to readme file

											
										
										
											2019-02-11 05:56:01 +08:00
+								[![Build Status](https://travis-ci.com/laramies/theHarvester.svg?branch=master)](https://travis-ci.com/laramies/theHarvester)
-												Initial commit for version 2.0

											
										
										
											2011-05-04 23:07:06 +08:00
 								What is this?
 								-------------
-												Updated README and alphabetized.

											
										
										
											2019-01-02 06:40:40 +08:00
+								theHarvester is a very simple, yet effective tool designed to be used in the early<br>
 								stages of a penetration test. Use it for open source intelligence gathering and helping<br>
 								to determine a company's external threat landscape on the internet. The tool gathers<br>
-												Added back names.
											
										
										
											2019-01-02 10:08:05 +08:00
+								emails, names, subdomains, IPs, and URLs using multiple public data sources that include:
-.5

Fixed Google searches, and introduced Requests library

											
										
										
											2014-12-17 07:25:12 +08:00
-												Minor Lee fixes

											
										
										
											2018-12-23 04:29:11 +08:00
+								Passive:
 								--------
 								* baidu: Baidu search engine
-												Initial commit for version 2.0

											
										
										
											2011-05-04 23:07:06 +08:00
-												Minor Lee fixes

											
										
										
											2018-12-23 04:29:11 +08:00
+								* bing: Microsoft search engine - www.bing.com
-												Initial commit for version 2.0

											
										
										
											2011-05-04 23:07:06 +08:00
-												Minor Lee fixes

											
										
										
											2018-12-23 04:29:11 +08:00
+								* bingapi: Microsoft search engine, through the API (Requires API key, see below.)
-												Local DB, Threatcrowd, output colors.

											
										
										
											2018-03-23 06:40:41 +08:00
-												Update README.md

											
										
										
											2019-01-01 19:58:14 +08:00
+								* censys: Censys.io search engine
-												Local DB, Threatcrowd, output colors.

											
										
										
											2018-03-23 06:40:41 +08:00
-												Md

											
										
										
											2018-08-09 03:44:02 +08:00
+								* crtsh: Comodo Certificate search - www.crt.sh
-												Local DB, Threatcrowd, output colors.

											
										
										
											2018-03-23 06:40:41 +08:00
-												Update README.md

											
										
										
											2019-01-01 19:58:14 +08:00
+								* cymon: Cymon.io search engine
-.5

Fixed Google searches, and introduced Requests library

											
										
										
											2014-12-17 07:25:12 +08:00
-												Minor Lee fixes

											
										
										
											2018-12-23 04:29:11 +08:00
+								* dogpile: Dogpile search engine - www.dogpile.com
-												Cleaning Readme

											
										
										
											2014-12-17 07:33:13 +08:00
-												Update README.md

											
										
										
											2019-01-23 06:29:04 +08:00
+								* duckduckgo: DuckDuckGo search engine - www.duckduckgo.com
-												Added new module.

											
										
										
											2019-01-02 10:43:42 +08:00
-												Cleaned up README.

											
										
										
											2018-12-27 15:19:13 +08:00
+								* google: Google search engine (Optional Google dorking.) - www.google.com
-.5

Fixed Google searches, and introduced Requests library

											
										
										
											2014-12-17 07:25:12 +08:00
-												Minor Lee fixes

											
										
										
											2018-12-23 04:29:11 +08:00
+								* google-certificates: Google Certificate Transparency report
-												Added missing search engines.

Added missing search engines, fixed search engine handling.

											
										
										
											2016-10-11 16:57:24 +08:00
-												Cleaned up README.

											
										
										
											2018-12-27 15:19:13 +08:00
+								* hunter: Hunter search engine (Requires API key, see below.) - www.hunter.io
-.5

Fixed Google searches, and introduced Requests library

											
										
										
											2014-12-17 07:25:12 +08:00
-												Updated README.md

											
										
										
											2019-02-01 05:13:37 +08:00
+								* intelx: Intelx search engine (Requires API key, see below.) - www.intelx.io
-												Minor fixes

											
										
										
											2018-12-18 07:14:42 +08:00
+								* linkedin: Google search engine, specific search for Linkedin users
-.5

Fixed Google searches, and introduced Requests library

											
										
										
											2014-12-17 07:25:12 +08:00
-												Update README.md

											
										
										
											2019-01-01 19:58:14 +08:00
+								* netcraft: Netcraft Data Mining
-												Cleaning Readme

											
										
										
											2014-12-17 07:33:13 +08:00
-												Clean up menu, add missing source.

											
										
										
											2019-01-27 09:01:30 +08:00
+								* securityTrails: Security Trails search engine, the world's largest repository<br>
-												Cleaned up README.

											
										
										
											2018-12-27 15:19:13 +08:00
+								  of historical DNS data (Requires API key, see below.) - www.securitytrails.com
-												Added securitytrailssearch.py to init.py in discovery directory and added more info to README.md

											
										
										
											2018-12-23 09:20:55 +08:00
-												Cleaned up README.

											
										
										
											2018-12-27 15:19:13 +08:00
+								* shodan: Shodan search engine, will search for ports and banners from discovered<br>
 								  hosts - www.shodanhq.com
-												Cleaning Readme

											
										
										
											2014-12-17 07:33:13 +08:00
-												Minor Lee fixes

											
										
										
											2018-12-23 04:29:11 +08:00
+								* threatcrowd: Open source threat intelligence - www.threatcrowd.org
-												Cleaning Readme

											
										
										
											2014-12-17 07:33:13 +08:00
-												Added securitytrailssearch.py to init.py in discovery directory and added more info to README.md

											
										
										
											2018-12-23 09:20:55 +08:00
+								* trello: Search trello boards (Uses Google search.)
-.6

Changelog and new search engines.

											
										
										
											2015-05-11 06:37:00 +08:00
-												Minor Lee fixes

											
										
										
											2018-12-23 04:29:11 +08:00
+								* twitter: Twitter accounts related to a specific domain (Uses Google search.)
 								* vhost: Bing virtual hosts search
-												Cleaning Readme

											
										
										
											2014-12-17 07:33:13 +08:00
-												Update README.md

											
										
										
											2019-01-23 06:29:04 +08:00
+								* virustotal: Virustotal.com domain search
-												Modified hunter search engine so user just specificies key in huntersearch.py!

											
										
										
											2018-11-07 06:12:20 +08:00
-												Minor Lee fixes

											
										
										
											2018-12-23 04:29:11 +08:00
+								* yahoo: Yahoo search engine
-.5

Fixed Google searches, and introduced Requests library

											
										
										
											2014-12-17 07:25:12 +08:00
-												Update README.md

											
										
										
											2019-01-01 19:58:14 +08:00
+								* all: currently a subset of all the most effective plugins
-												Update README.md

											
										
										
											2018-11-23 07:33:04 +08:00
-.5

Fixed Google searches, and introduced Requests library

											
										
										
											2014-12-17 07:25:12 +08:00
+								Active:
 								-------
-												Minor Lee fixes

											
										
										
											2018-12-23 04:29:11 +08:00
+								* DNS brute force: dictionary brute force enumeration
 								* DNS reverse lookup: reverse lookup of IP´s discovered in order to find hostnames
-												Md

											
										
										
											2018-08-09 03:44:02 +08:00
+								* DNS TDL expansion: TLD dictionary brute force enumeration
-.5

Fixed Google searches, and introduced Requests library

											
										
										
											2014-12-17 07:25:12 +08:00
-												Minor Lee fixes

											
										
										
											2018-12-23 04:29:11 +08:00
+								Modules that require an API key:
 								--------------------------------
-												Done the changes that @leebaird mentioned

											
										
										
											2019-01-22 04:46:10 +08:00
+								Add your keys to api-keys.yaml
-												Cleaned up README.

											
										
										
											2018-12-27 15:19:13 +08:00
 								* hunter: API key
-												Updated README.md

											
										
										
											2019-02-01 05:13:37 +08:00
+								* intelx: API key
-												Fixed source typo.

											
										
										
											2019-01-28 12:56:20 +08:00
+								* securityTrails: API key
-												Cleaned up README.

											
										
										
											2018-12-27 15:19:13 +08:00
+								* shodan: API key
-												Initial commit for version 2.0

											
										
										
											2011-05-04 23:07:06 +08:00
 								Dependencies:
-												Minor Lee fixes

											
										
										
											2018-12-23 04:29:11 +08:00
+								-------------
-												Updated README and alphabetized.

											
										
										
											2019-01-02 06:40:40 +08:00
+								* Python 3.6
-												Update readme with new instructions for install

											
										
										
											2019-01-21 00:13:34 +08:00
+								* python3 -m pip install -r requirements.txt
-												Release 3.0

Added Port scanning, Subdomain takeover, Fixed Shodan, improved Dns bruteforce and added SQLite support to store the results.

											
										
										
											2018-08-09 03:34:10 +08:00
-												Cleaned up README.

											
										
										
											2018-12-27 15:19:13 +08:00
+								Changelog in 3.0:
 								-----------------
 								* Subdomain takeover checks.
 								* Port scanning (basic).
 								* Improved DNS dictionary.
 								* Shodan DB search fixed.
 								* Result storage in Sqlite.
-												Local DB, Threatcrowd, output colors.

											
										
										
											2018-03-23 06:40:41 +08:00
-												Minor Lee fixes

											
										
										
											2018-12-23 04:29:11 +08:00
+								Comments, bugs, or requests?
 								----------------------------
-												Initial commit for version 2.0

											
										
										
											2011-05-04 23:07:06 +08:00
+								cmartorella@edge-security.com
-.5

Fixed Google searches, and introduced Requests library

											
										
										
											2014-12-17 07:25:12 +08:00
-												Update README.md

Added collaborators

											
										
										
											2019-01-09 07:49:26 +08:00
+								Main contributors:
-												Removed additional google-profiles code.

											
										
										
											2019-01-28 09:33:18 +08:00
+								------------------
-												Minor fixes

Readme fixes, and added Dockerfile

											
										
										
											2018-11-15 07:25:59 +08:00
+								* Matthew Brown @NotoriousRebel
-												Cleaned up README.

											
										
										
											2018-12-27 15:19:13 +08:00
+								* Janos Zold @Jzold
-												Update readme with mine and Lee's twitter

											
										
										
											2019-01-22 08:26:03 +08:00
+								* Lee Baird @discoverscripts [![Twitter Follow](https://img.shields.io/twitter/follow/discoverscripts.svg?style=social&label=Follow)](https://twitter.com/discoverscripts)
 								* Jay Townsend @L1ghtn1ng [![Twitter Follow](https://img.shields.io/twitter/follow/jay_townsend1.svg?style=social&label=Follow)](https://twitter.com/jay_townsend1)
-												Update README.md

Added collaborators

											
										
										
											2019-01-09 07:49:26 +08:00
 								Thanks:
 								-------
-												Update README.md

											
										
										
											2019-01-01 19:58:14 +08:00
+								* John Matherly - Shodan project
-												Minor Lee fixes

											
										
										
											2018-12-23 04:29:11 +08:00
+								* Ahmed Aboul Ela - subdomain names dictionaries (big and small)