E-mails, subdomains and names Harvester - OSINT
Find a file
2018-12-20 20:50:48 +00:00
discovery merge upstream and resolve conflicts 2018-12-20 20:19:32 +00:00
lib New reporting module v0.4 2018-12-19 10:45:02 +00:00
tests Converted more code to python3 shodan works for the most part. 2018-11-20 12:04:57 -05:00
wordlists Converted more code to python3 shodan works for the most part. 2018-11-20 12:04:57 -05:00
.gitignore Vesion update 2018-12-11 22:10:08 +01:00
censysparser.py code cleanup 2018-12-20 20:29:38 +00:00
changelog.txt Randomization 2018-12-19 22:41:02 +01:00
COPYING Converted more code to python3 shodan works for the most part. 2018-11-20 12:04:57 -05:00
cymonparser.py add cymon search engine 2018-12-09 17:45:36 +00:00
Dockerfile Update dockerfile with beautifulsoup4 package 2018-12-11 21:23:18 +00:00
LICENSES Converted more code to python3 shodan works for the most part. 2018-11-20 12:04:57 -05:00
myparser.py Added Trello Search 2018-12-01 10:39:01 +01:00
README.md Minor fixes 2018-12-18 00:14:42 +01:00
requirements.txt added plotly 2018-12-13 15:36:34 +00:00
stash.py bugfix: fix issue with reporting for previous scan results when theHarvester runs the first time/day 2018-12-19 10:15:46 +00:00
theHarvester.py censys fix: add unique items to the db and fixing censys with -all switch 2018-12-20 20:50:48 +00:00

*******************************************************************
*                                                                 *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __| '_ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* TheHarvester Ver. 3.0.5                                         *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* cmartorella@edge-security.com                                   *
*******************************************************************

What is this?

theHarvester is a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).

Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet.

The sources are:

Passive:

  • threatcrowd: Open source threat intelligence - https://www.threatcrowd.org/

  • crtsh: Comodo Certificate search - www.crt.sh

  • google: Google search engine - www.google.com (With optional google dorking)

  • googleCSE: Google custom search engine

  • google-profiles: Google search engine, specific search for Google profiles

  • bing: Microsoft search engine - www.bing.com

  • bingapi: microsoft search engine, through the API (you need to add your Key in the discovery/bingsearch.py file)

  • dogpile: Dogpile search engine - www.dogpile.com

  • pgp: PGP key server - mit.edu

  • linkedin: Google search engine, specific search for Linkedin users

  • vhost: Bing virtual hosts search

  • twitter: Twitter accounts related to an specific domain (uses google search)

  • googleplus: users that works in target company (uses google search)

  • yahoo: Yahoo search engine

  • baidu: Baidu search engine

  • shodan: Shodan Computer search engine, will search for ports and banner of the discovered hosts (http://www.shodanhq.com/)

  • hunter: Hunter search engine (you need to add your Key in the discovery/huntersearch.py file)

  • google-certificates: Google Certificate Transparency report

Active:

  • DNS brute force: this plugin will run a dictionary brute force enumeration
  • DNS reverse lookup: reverse lookup of ip´s discovered in order to find hostnames
  • DNS TDL expansion: TLD dictionary brute force enumeration

Modules that need API keys to work:

  • googleCSE: You need to create a Google Custom Search engine(CSE), and add your Google API key and CSE ID in the plugin (discovery/googleCSE.py)
  • shodan: You need to provide your API key in discovery/shodansearch.py (one provided at the moment)
  • hunter: You need to provide your API key in discovery/huntersearch.py (none is provided at the moment)

Dependencies:

Changelog in 3.0.0:

  • Subdomain takeover checks
  • Port scanning (basic)
  • Improved DNS dictionary
  • Shodan DB search fixed
  • Result storage in Sqlite

Comments? Bugs? Requests?

cmartorella@edge-security.com

Updates:

https://github.com/laramies/theHarvester

Thanks:

  • Matthew Brown @NotoriousRebel
  • Janos Zold @Jzold
  • John Matherly - SHODAN project
  • Lee Baird for suggestions and bugs reporting
  • Ahmed Aboul Ela - subdomain names dictionary (big and small)