theHarvester

mirror of https://github.com/laramies/theHarvester.git synced 2024-09-20 15:26:31 +08:00

E-mails, subdomains and names Harvester - OSINT

blueteam discovery emails information-gathering osint python recon reconnaissance redteam starred-laramies-repo starred-repo subdomain-enumeration

Go to file

dependabot[bot] 3ad8043ff0 Bump ruff from 0.4.4 to 0.4.5 Bumps [ruff](https://github.com/astral-sh/ruff) from 0.4.4 to 0.4.5. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/v0.4.4...v0.4.5) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>		2024-05-23 22:28:12 +01:00
.github	fix: create static directory when missing (#1721 )	2024-04-27 17:46:47 +01:00
bin	#1492 run `black .` and `isort .`	2023-07-27 01:34:21 +01:00
README	Update CONTRIBUTING.md	2020-04-02 10:06:59 +02:00
requirements	Bump ruff from 0.4.4 to 0.4.5	2024-05-23 22:28:12 +01:00
tests	remove test that is not stable enough due to the site not always being up or is getting blocked intermittently	2023-12-16 13:46:38 +00:00
theHarvester	Update crtsh to add params to exclude expired certs and de-duplicate	2024-05-13 00:18:51 +01:00
.dockerignore	fix docker file and move it to use ubuntu and add docker ignore file	2021-06-28 21:37:47 +01:00
.git-blame-ignore-revs	update run formatter commit	2023-07-26 22:10:19 -04:00
.gitattributes	Removed google-profiles and clean up.	2019-02-13 23:05:52 -06:00
.gitignore	update deps and gitignore	2022-10-31 00:50:38 +00:00
.pyre_configuration	add pyre config	2022-10-31 00:51:16 +00:00
docker-compose.yml	Update Docker settings and shift to pipx for module installation	2023-12-18 16:34:06 +00:00
Dockerfile	fix: create static directory when missing (#1721 )	2024-04-27 17:46:47 +01:00
pyproject.toml	Refactor core.py and update pyproject.toml configuration	2024-03-17 22:27:42 +00:00
README.md	Fix typo in README	2023-09-25 11:18:22 +01:00
requirements.txt	added requirements.txt	2019-12-31 13:23:32 -05:00
restfulHarvest.py	Refactor code for better readability and consistency	2024-03-02 22:36:01 +00:00
theHarvester-logo.png	Update theHarvester-logo.png	2019-09-10 23:14:45 +02:00
theHarvester-logo.webp	add webp format of theHarvester logo	2023-02-05 14:57:27 +00:00
theHarvester.py	Refactor code for better readability and consistency	2024-03-02 22:36:01 +00:00

README.md

What is this?

theHarvester is a simple to use, yet powerful tool designed to be used during the reconnaissance stage of a red
team assessment or penetration test. It performs open source intelligence (OSINT) gathering to help determine
a domain's external threat landscape. The tool gathers names, emails, IPs, subdomains, and URLs by using
multiple public resources that include:

Passive modules:

anubis: Anubis-DB - https://github.com/jonluca/anubis
bevigil: CloudSEK BeVigil scans mobile application for OSINT assets (Requires an API key, see below.) - https://bevigil.com/osint-api
baidu: Baidu search engine - www.baidu.com
binaryedge: List of known subdomains (Requires an API key, see below.) - https://www.binaryedge.io
bing: Microsoft search engine - https://www.bing.com
bingapi: Microsoft search engine, through the API (Requires an API key, see below.)
brave: Brave search engine - https://search.brave.com/
bufferoverun: (Requires an API key, see below.) https://tls.bufferover.run
censys: Censys search engine will use certificates searches to enumerate subdomains and gather emails
(Requires an API key, see below.) https://censys.io
certspotter: Cert Spotter monitors Certificate Transparency logs - https://sslmate.com/certspotter/
criminalip: Specialized Cyber Threat Intelligence (CTI) search engine (Requires an API key, see below.) - https://www.criminalip.io
crtsh: Comodo Certificate search - https://crt.sh
dnsdumpster: DNSdumpster search engine - https://dnsdumpster.com
duckduckgo: DuckDuckGo search engine - https://duckduckgo.com
fullhunt: Next-generation attack surface security platform (Requires an API key, see below.) - https://fullhunt.io
github-code: GitHub code search engine (Requires a GitHub Personal Access Token, see below.) - www.github.com
hackertarget: Online vulnerability scanners and network intelligence to help organizations - https://hackertarget.com
hunter: Hunter search engine (Requires an API key, see below.) - https://hunter.io
hunterhow: Internet search engines for security researchers (Requires an API key, see below.) - https://hunter.how
intelx: Intelx search engine (Requires an API key, see below.) - http://intelx.io
netlas: A Shodan or Censys competitor (Requires an API key, see below.) - https://app.netlas.io
onyphe: Cyber defense search engine (Requires an API key, see below.) - https://www.onyphe.io/
otx: AlienVault open threat exchange - https://otx.alienvault.com
pentestTools: Cloud-based toolkit for offensive security testing, focused on web applications and network penetration
testing (Requires an API key, see below.) - https://pentest-tools.com/
projecDiscovery: We actively collect and maintain internet-wide assets data, to enhance research and analyse changes around
DNS for better insights (Requires an API key, see below.) - https://chaos.projectdiscovery.io
rapiddns: DNS query tool which make querying subdomains or sites of a same IP easy! https://rapiddns.io
rocketreach: Access real-time verified personal/professional emails, phone numbers, and social media links (Requires an API key,
see below.) - https://rocketreach.co
securityTrails: Security Trails search engine, the world's largest repository of historical DNS data (Requires an API key, see
below.) - https://securitytrails.com
-s, --shodan: Shodan search engine will search for ports and banners from discovered hosts (Requires an API key, see below.)
https://shodan.io
sitedossier: Find available information on a site - http://www.sitedossier.com
subdomaincenter: A subdomain finder tool used to find subdomains of a given domain - https://www.subdomain.center/
subdomainfinderc99: A subdomain finder is a tool used to find the subdomains of a given domain - https://subdomainfinder.c99.nl
threatminer: Data mining for threat intelligence - https://www.threatminer.org/
tomba: Tomba search engine (Requires an API key, see below.) - https://tomba.io
urlscan: A sandbox for the web that is a URL and website scanner - https://urlscan.io
vhost: Bing virtual hosts search
virustotal: Domain search (Requires an API key, see below.) - https://www.virustotal.com
yahoo: Yahoo search engine
zoomeye: China's version of Shodan (Requires an API key, see below.) - https://www.zoomeye.org

Active modules:

DNS brute force: dictionary brute force enumeration
Screenshots: Take screenshots of subdomains that were found

Modules that require an API key:

Documentation to setup API keys can be found at - https://github.com/laramies/theHarvester/wiki/Installation#api-keys

bevigil - Free upto 50 queries. Pricing can be found here: https://bevigil.com/pricing/osint
binaryedge - $10/month
bing
bufferoverun - uses the free API
censys - API keys are required and can be retrieved from your Censys account.
criminalip
fullhunt
github
hunter - limited to 10 on the free plan, so you will need to do -l 10 switch
hunterhow
intelx
netlas - $
onyphe -$
pentestTools - $
projecDiscovery - invite only for now
rocketreach - $
securityTrails
shodan - $
tomba - Free up to 50 search.
zoomeye

Install and dependencies:

Python 3.9+
https://github.com/laramies/theHarvester/wiki/Installation

Comments, bugs, and requests:

Christian Martorella @laramies cmartorella@edge-security.com
Matthew Brown @NotoriousRebel1
Jay "L1ghtn1ng" Townsend @jay_townsend1

Main contributors:

Matthew Brown @NotoriousRebel1
Jay "L1ghtn1ng" Townsend @jay_townsend1
Lee Baird @discoverscripts

Thanks:

John Matherly - Shodan project
Ahmed Aboul Ela - subdomain names dictionaries (big and small)