theHarvester

mirror of https://github.com/laramies/theHarvester.git synced 2025-02-24 22:42:56 +08:00

E-mails, subdomains and names Harvester - OSINT

blueteam discovery emails information-gathering osint python recon reconnaissance redteam starred-laramies-repo starred-repo subdomain-enumeration

Find a file

L1ghtn1ng 5b83e45a8a Update pipx install to specify Python version Specifying Python 3.12 for pipx installation ensures compatibility and proper functionality of the installed package. This change avoids any default Python version conflicts that might arise during the build process.		2024-10-27 01:47:55 +01:00
.github	Move continue-on-error for Python 3.13 to individual steps	2024-10-16 05:51:41 +01:00
bin	Update Python version requirements and clean up code	2024-10-16 03:27:09 +01:00
README	Update Docker Python version , adjust Docker ignore files	2024-10-27 01:09:59 +01:00
requirements	Bump ruff from 0.7.0 to 0.7.1	2024-10-24 23:02:17 +01:00
tests	Add async pagination helper and update pytest settings	2024-10-27 01:02:05 +01:00
theHarvester	Add async pagination helper and update pytest settings	2024-10-27 01:02:05 +01:00
.dockerignore	Update Docker Python version , adjust Docker ignore files	2024-10-27 01:09:59 +01:00
.git-blame-ignore-revs	update run formatter commit	2023-07-26 22:10:19 -04:00
.gitattributes	Removed google-profiles and clean up.	2019-02-13 23:05:52 -06:00
.gitignore	update deps and gitignore	2022-10-31 00:50:38 +00:00
docker-compose.yml	Update Docker settings and shift to pipx for module installation	2023-12-18 16:34:06 +00:00
Dockerfile	Update pipx install to specify Python version	2024-10-27 01:47:55 +01:00
pyproject.toml	Add async pagination helper and update pytest settings	2024-10-27 01:02:05 +01:00
README.md	Update README.md	2024-10-26 17:56:31 +01:00
requirements.txt	added requirements.txt	2019-12-31 13:23:32 -05:00
restfulHarvest.py	reformat with ruff	2024-08-07 19:28:52 +01:00
theHarvester-logo.png	Update theHarvester-logo.png	2019-09-10 23:14:45 +02:00
theHarvester-logo.webp	add webp format of theHarvester logo	2023-02-05 14:57:27 +00:00
theHarvester.py	fix typo	2024-10-26 17:54:56 +01:00

README.md

What is this?

theHarvester is a simple to use, yet powerful tool designed to be used during the reconnaissance stage of a red
team assessment or penetration test. It performs open source intelligence (OSINT) gathering to help determine
a domain's external threat landscape. The tool gathers names, emails, IPs, subdomains, and URLs by using
multiple public resources that include:

Passive modules:

anubis: Anubis-DB - https://github.com/jonluca/anubis
bevigil: CloudSEK BeVigil scans mobile application for OSINT assets (Requires an API key, see below.) - https://bevigil.com/osint-api
baidu: Baidu search engine - www.baidu.com
binaryedge: List of known subdomains (Requires an API key, see below.) - https://www.binaryedge.io
bing: Microsoft search engine - https://www.bing.com
bingapi: Microsoft search engine, through the API (Requires an API key, see below.)
brave: Brave search engine - https://search.brave.com/
bufferoverun: (Requires an API key, see below.) https://tls.bufferover.run
censys: Censys search engine will use certificates searches to enumerate subdomains and gather emails
(Requires an API key, see below.) https://censys.io
certspotter: Cert Spotter monitors Certificate Transparency logs - https://sslmate.com/certspotter/
criminalip: Specialized Cyber Threat Intelligence (CTI) search engine (Requires an API key, see below.) - https://www.criminalip.io
crtsh: Comodo Certificate search - https://crt.sh
dnsdumpster: DNSdumpster search engine - https://dnsdumpster.com
duckduckgo: DuckDuckGo search engine - https://duckduckgo.com
fullhunt: Next-generation attack surface security platform (Requires an API key, see below.) - https://fullhunt.io
github-code: GitHub code search engine (Requires a GitHub Personal Access Token, see below.) - www.github.com
hackertarget: Online vulnerability scanners and network intelligence to help organizations - https://hackertarget.com
hunter: Hunter search engine (Requires an API key, see below.) - https://hunter.io
hunterhow: Internet search engines for security researchers (Requires an API key, see below.) - https://hunter.how
intelx: Intelx search engine (Requires an API key, see below.) - http://intelx.io
netlas: A Shodan or Censys competitor (Requires an API key, see below.) - https://app.netlas.io
onyphe: Cyber defense search engine (Requires an API key, see below.) - https://www.onyphe.io/
otx: AlienVault open threat exchange - https://otx.alienvault.com
pentestTools: Cloud-based toolkit for offensive security testing, focused on web applications and network penetration
testing (Requires an API key, see below.) - https://pentest-tools.com/
projecDiscovery: We actively collect and maintain internet-wide assets data, to enhance research and analyse changes around
DNS for better insights (Requires an API key, see below.) - https://chaos.projectdiscovery.io
rapiddns: DNS query tool which make querying subdomains or sites of a same IP easy! https://rapiddns.io
rocketreach: Access real-time verified personal/professional emails, phone numbers, and social media links (Requires an API key,
see below.) - https://rocketreach.co
securityTrails: Security Trails search engine, the world's largest repository of historical DNS data (Requires an API key, see
below.) - https://securitytrails.com
-s, --shodan: Shodan search engine will search for ports and banners from discovered hosts (Requires an API key, see below.)
https://shodan.io
sitedossier: Find available information on a site - http://www.sitedossier.com
subdomaincenter: A subdomain finder tool used to find subdomains of a given domain - https://www.subdomain.center/
subdomainfinderc99: A subdomain finder is a tool used to find the subdomains of a given domain - https://subdomainfinder.c99.nl
threatminer: Data mining for threat intelligence - https://www.threatminer.org/
tomba: Tomba search engine (Requires an API key, see below.) - https://tomba.io
urlscan: A sandbox for the web that is a URL and website scanner - https://urlscan.io
vhost: Bing virtual hosts search
virustotal: Domain search (Requires an API key, see below.) - https://www.virustotal.com
yahoo: Yahoo search engine
zoomeye: China's version of Shodan (Requires an API key, see below.) - https://www.zoomeye.org

Active modules:

DNS brute force: dictionary brute force enumeration
Screenshots: Take screenshots of subdomains that were found

Modules that require an API key:

Documentation to setup API keys can be found at - https://github.com/laramies/theHarvester/wiki/Installation#api-keys

bevigil - Free upto 50 queries. Pricing can be found here: https://bevigil.com/pricing/osint
binaryedge - $10/month
bing
bufferoverun - uses the free API
censys - API keys are required and can be retrieved from your Censys account.
criminalip
fullhunt
github
hunter - limited to 10 on the free plan, so you will need to do -l 10 switch
hunterhow
intelx
netlas - $
onyphe -$
pentestTools - $
projecDiscovery - invite only for now
rocketreach - $
securityTrails
shodan - $
tomba - Free up to 50 search.
zoomeye

Install and dependencies:

Python 3.11+
https://github.com/laramies/theHarvester/wiki/Installation

Comments, bugs, and requests:

Christian Martorella @laramies cmartorella@edge-security.com
Matthew Brown @NotoriousRebel1
Jay "L1ghtn1ng" Townsend @jay_townsend1

Main contributors:

Matthew Brown @NotoriousRebel1
Jay "L1ghtn1ng" Townsend @jay_townsend1
Lee Baird @discoverscripts

Thanks:

John Matherly - Shodan project
Ahmed Aboul Ela - subdomain names dictionaries (big and small)