theHarvester

mirror of https://github.com/laramies/theHarvester.git synced 2025-02-21 21:12:53 +08:00

E-mails, subdomains and names Harvester - OSINT

blueteam discovery emails information-gathering osint python recon reconnaissance redteam starred-laramies-repo starred-repo subdomain-enumeration

Find a file

dependabot[bot] ae037d8c03 Bump lxml from 5.3.0 to 5.3.1 Bumps [lxml](https://github.com/lxml/lxml) from 5.3.0 to 5.3.1. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](https://github.com/lxml/lxml/compare/lxml-5.3.0...lxml-5.3.1) --- updated-dependencies: - dependency-name: lxml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>		2025-02-10 22:10:59 +00:00
.github	remove dnsdumpster from ci	2025-01-26 20:41:59 +00:00
bin	Update Python version requirements and clean up code	2024-10-16 03:27:09 +01:00
README	Update Docker Python version , adjust Docker ignore files	2024-10-27 01:09:59 +01:00
requirements	Bump lxml from 5.3.0 to 5.3.1	2025-02-10 22:10:59 +00:00
tests	fix mypy errors	2025-01-26 06:28:18 +00:00
theHarvester	output fix	2025-01-26 19:52:36 +00:00
.dockerignore	Update Docker Python version , adjust Docker ignore files	2024-10-27 01:09:59 +01:00
.git-blame-ignore-revs	update run formatter commit	2023-07-26 22:10:19 -04:00
.gitattributes	Removed google-profiles and clean up.	2019-02-13 23:05:52 -06:00
.gitignore	update deps and gitignore	2022-10-31 00:50:38 +00:00
docker-compose.yml	Update Docker settings and shift to pipx for module installation	2023-12-18 16:34:06 +00:00
Dockerfile	move dockerfile to use debian testing slim	2025-01-26 21:04:16 +00:00
pyproject.toml	add uv settings	2024-11-24 06:32:59 +00:00
README.md	readme updates	2025-01-26 20:05:25 +00:00
requirements.txt	added requirements.txt	2019-12-31 13:23:32 -05:00
restfulHarvest.py	reformat with ruff	2024-08-07 19:28:52 +01:00
theHarvester-logo.png	Update theHarvester-logo.png	2019-09-10 23:14:45 +02:00
theHarvester-logo.webp	add webp format of theHarvester logo	2023-02-05 14:57:27 +00:00
theHarvester.py	fix typo	2024-10-26 17:54:56 +01:00

README.md

What is this?

theHarvester is a simple to use, yet powerful tool designed to be used during the reconnaissance stage of a red
team assessment or penetration test. It performs open source intelligence (OSINT) gathering to help determine
a domain's external threat landscape. The tool gathers names, emails, IPs, subdomains, and URLs by using
multiple public resources that include:

Passive modules:

anubis: Anubis-DB - https://github.com/jonluca/anubis
bevigil: CloudSEK BeVigil scans mobile application for OSINT assets (Requires an API key, see below.) - https://bevigil.com/osint-api
baidu: Baidu search engine - www.baidu.com
binaryedge: List of known subdomains (Requires an API key, see below.) - https://www.binaryedge.io
bing: Microsoft search engine - https://www.bing.com
bingapi: Microsoft search engine, through the API (Requires an API key, see below.)
brave: Brave search engine - https://search.brave.com/
bufferoverun: (Requires an API key, see below.) https://tls.bufferover.run
censys: Censys search engine will use certificates searches to enumerate subdomains and gather emails
(Requires an API key, see below.) https://censys.io
certspotter: Cert Spotter monitors Certificate Transparency logs - https://sslmate.com/certspotter/
criminalip: Specialized Cyber Threat Intelligence (CTI) search engine (Requires an API key, see below.) - https://www.criminalip.io
crtsh: Comodo Certificate search - https://crt.sh
duckduckgo: DuckDuckGo search engine - https://duckduckgo.com
fullhunt: Next-generation attack surface security platform (Requires an API key, see below.) - https://fullhunt.io
github-code: GitHub code search engine (Requires a GitHub Personal Access Token, see below.) - www.github.com
hackertarget: Online vulnerability scanners and network intelligence to help organizations - https://hackertarget.com
hunter: Hunter search engine (Requires an API key, see below.) - https://hunter.io
hunterhow: Internet search engines for security researchers (Requires an API key, see below.) - https://hunter.how
intelx: Intelx search engine (Requires an API key, see below.) - http://intelx.io
netlas: A Shodan or Censys competitor (Requires an API key, see below.) - https://app.netlas.io
onyphe: Cyber defense search engine (Requires an API key, see below.) - https://www.onyphe.io/
otx: AlienVault open threat exchange - https://otx.alienvault.com
pentestTools: Cloud-based toolkit for offensive security testing, focused on web applications and network penetration
testing (Requires an API key, see below.) - https://pentest-tools.com/
projecDiscovery: We actively collect and maintain internet-wide assets data, to enhance research and analyse changes around
DNS for better insights (Requires an API key, see below.) - https://chaos.projectdiscovery.io
rapiddns: DNS query tool which make querying subdomains or sites of a same IP easy! https://rapiddns.io
rocketreach: Access real-time verified personal/professional emails, phone numbers, and social media links (Requires an API key,
see below.) - https://rocketreach.co
securityTrails: Security Trails search engine, the world's largest repository of historical DNS data (Requires an API key, see
below.) - https://securitytrails.com
-s, --shodan: Shodan search engine will search for ports and banners from discovered hosts (Requires an API key, see below.)
https://shodan.io
sitedossier: Find available information on a site - http://www.sitedossier.com
subdomaincenter: A subdomain finder tool used to find subdomains of a given domain - https://www.subdomain.center/
subdomainfinderc99: A subdomain finder is a tool used to find the subdomains of a given domain - https://subdomainfinder.c99.nl
threatminer: Data mining for threat intelligence - https://www.threatminer.org/
tomba: Tomba search engine (Requires an API key, see below.) - https://tomba.io
urlscan: A sandbox for the web that is a URL and website scanner - https://urlscan.io
vhost: Bing virtual hosts search
virustotal: Domain search (Requires an API key, see below.) - https://www.virustotal.com
yahoo: Yahoo search engine
zoomeye: China's version of Shodan (Requires an API key, see below.) - https://www.zoomeye.org

Active modules:

DNS brute force: dictionary brute force enumeration
Screenshots: Take screenshots of subdomains that were found

Modules that require an API key:

Documentation to setup API keys can be found at - https://github.com/laramies/theHarvester/wiki/Installation#api-keys

bevigil - Free upto 50 queries. Pricing can be found here: https://bevigil.com/pricing/osint
binaryedge - $10/month
bing
bufferoverun - uses the free API
censys - API keys are required and can be retrieved from your Censys account.
criminalip
fullhunt
github
hunter - limited to 10 on the free plan, so you will need to do -l 10 switch
hunterhow
intelx
netlas - $
onyphe -$
pentestTools - $
projecDiscovery - invite only for now
rocketreach - $
securityTrails
shodan - $
tomba - Free up to 50 search.
zoomeye

Install and dependencies:

Python 3.11+
https://github.com/laramies/theHarvester/wiki/Installation

Comments, bugs, and requests:

Christian Martorella @laramies cmartorella@edge-security.com
Matthew Brown @NotoriousRebel1
Jay "L1ghtn1ng" Townsend @jay_townsend1

Main contributors:

Matthew Brown @NotoriousRebel1
Jay "L1ghtn1ng" Townsend @jay_townsend1
Lee Baird @discoverscripts

Thanks:

John Matherly - Shodan project
Ahmed Aboul Ela - subdomain names dictionaries (big and small)