theHarvester

mirror of https://github.com/laramies/theHarvester.git synced 2025-02-24 06:22:57 +08:00

E-mails, subdomains and names Harvester - OSINT

blueteam discovery emails information-gathering osint python recon reconnaissance redteam starred-laramies-repo starred-repo subdomain-enumeration

Find a file

L1ghtn1ng cc1c653ad4 Move continue-on-error for Python 3.13 to individual steps Shifted the `continue-on-error` condition for Python 3.13 from the job level to each individual step within the GitHub Actions workflow. This ensures more granular control over error handling, allowing other steps to succeed or fail independently.		2024-10-16 05:51:41 +01:00
.github	Move continue-on-error for Python 3.13 to individual steps	2024-10-16 05:51:41 +01:00
bin	Update Python version requirements and clean up code	2024-10-16 03:27:09 +01:00
README	Update CONTRIBUTING.md	2020-04-02 10:06:59 +02:00
requirements	Bump uvloop from 0.20.0 to 0.21.0	2024-10-16 03:41:08 +01:00
tests	remove test that is not stable enough due to the site not always being up or is getting blocked intermittently	2023-12-16 13:46:38 +00:00
theHarvester	fix linting	2024-10-16 04:47:19 +01:00
.dockerignore	fix docker file and move it to use ubuntu and add docker ignore file	2021-06-28 21:37:47 +01:00
.git-blame-ignore-revs	update run formatter commit	2023-07-26 22:10:19 -04:00
.gitattributes	Removed google-profiles and clean up.	2019-02-13 23:05:52 -06:00
.gitignore	update deps and gitignore	2022-10-31 00:50:38 +00:00
docker-compose.yml	Update Docker settings and shift to pipx for module installation	2023-12-18 16:34:06 +00:00
Dockerfile	Properly clean up apt footprint in Dockerfile	2024-06-18 01:27:45 +08:00
pyproject.toml	Update Python version requirements and clean up code	2024-10-16 03:27:09 +01:00
README.md	* bump python version to 3.10	2024-06-16 20:38:47 +02:00
requirements.txt	added requirements.txt	2019-12-31 13:23:32 -05:00
restfulHarvest.py	reformat with ruff	2024-08-07 19:28:52 +01:00
theHarvester-logo.png	Update theHarvester-logo.png	2019-09-10 23:14:45 +02:00
theHarvester-logo.webp	add webp format of theHarvester logo	2023-02-05 14:57:27 +00:00
theHarvester.py	Update Python version requirements and clean up code	2024-10-16 03:27:09 +01:00

README.md

What is this?

theHarvester is a simple to use, yet powerful tool designed to be used during the reconnaissance stage of a red
team assessment or penetration test. It performs open source intelligence (OSINT) gathering to help determine
a domain's external threat landscape. The tool gathers names, emails, IPs, subdomains, and URLs by using
multiple public resources that include:

Passive modules:

anubis: Anubis-DB - https://github.com/jonluca/anubis
bevigil: CloudSEK BeVigil scans mobile application for OSINT assets (Requires an API key, see below.) - https://bevigil.com/osint-api
baidu: Baidu search engine - www.baidu.com
binaryedge: List of known subdomains (Requires an API key, see below.) - https://www.binaryedge.io
bing: Microsoft search engine - https://www.bing.com
bingapi: Microsoft search engine, through the API (Requires an API key, see below.)
brave: Brave search engine - https://search.brave.com/
bufferoverun: (Requires an API key, see below.) https://tls.bufferover.run
censys: Censys search engine will use certificates searches to enumerate subdomains and gather emails
(Requires an API key, see below.) https://censys.io
certspotter: Cert Spotter monitors Certificate Transparency logs - https://sslmate.com/certspotter/
criminalip: Specialized Cyber Threat Intelligence (CTI) search engine (Requires an API key, see below.) - https://www.criminalip.io
crtsh: Comodo Certificate search - https://crt.sh
dnsdumpster: DNSdumpster search engine - https://dnsdumpster.com
duckduckgo: DuckDuckGo search engine - https://duckduckgo.com
fullhunt: Next-generation attack surface security platform (Requires an API key, see below.) - https://fullhunt.io
github-code: GitHub code search engine (Requires a GitHub Personal Access Token, see below.) - www.github.com
hackertarget: Online vulnerability scanners and network intelligence to help organizations - https://hackertarget.com
hunter: Hunter search engine (Requires an API key, see below.) - https://hunter.io
hunterhow: Internet search engines for security researchers (Requires an API key, see below.) - https://hunter.how
intelx: Intelx search engine (Requires an API key, see below.) - http://intelx.io
netlas: A Shodan or Censys competitor (Requires an API key, see below.) - https://app.netlas.io
onyphe: Cyber defense search engine (Requires an API key, see below.) - https://www.onyphe.io/
otx: AlienVault open threat exchange - https://otx.alienvault.com
pentestTools: Cloud-based toolkit for offensive security testing, focused on web applications and network penetration
testing (Requires an API key, see below.) - https://pentest-tools.com/
projecDiscovery: We actively collect and maintain internet-wide assets data, to enhance research and analyse changes around
DNS for better insights (Requires an API key, see below.) - https://chaos.projectdiscovery.io
rapiddns: DNS query tool which make querying subdomains or sites of a same IP easy! https://rapiddns.io
rocketreach: Access real-time verified personal/professional emails, phone numbers, and social media links (Requires an API key,
see below.) - https://rocketreach.co
securityTrails: Security Trails search engine, the world's largest repository of historical DNS data (Requires an API key, see
below.) - https://securitytrails.com
-s, --shodan: Shodan search engine will search for ports and banners from discovered hosts (Requires an API key, see below.)
https://shodan.io
sitedossier: Find available information on a site - http://www.sitedossier.com
subdomaincenter: A subdomain finder tool used to find subdomains of a given domain - https://www.subdomain.center/
subdomainfinderc99: A subdomain finder is a tool used to find the subdomains of a given domain - https://subdomainfinder.c99.nl
threatminer: Data mining for threat intelligence - https://www.threatminer.org/
tomba: Tomba search engine (Requires an API key, see below.) - https://tomba.io
urlscan: A sandbox for the web that is a URL and website scanner - https://urlscan.io
vhost: Bing virtual hosts search
virustotal: Domain search (Requires an API key, see below.) - https://www.virustotal.com
yahoo: Yahoo search engine
zoomeye: China's version of Shodan (Requires an API key, see below.) - https://www.zoomeye.org

Active modules:

DNS brute force: dictionary brute force enumeration
Screenshots: Take screenshots of subdomains that were found

Modules that require an API key:

Documentation to setup API keys can be found at - https://github.com/laramies/theHarvester/wiki/Installation#api-keys

bevigil - Free upto 50 queries. Pricing can be found here: https://bevigil.com/pricing/osint
binaryedge - $10/month
bing
bufferoverun - uses the free API
censys - API keys are required and can be retrieved from your Censys account.
criminalip
fullhunt
github
hunter - limited to 10 on the free plan, so you will need to do -l 10 switch
hunterhow
intelx
netlas - $
onyphe -$
pentestTools - $
projecDiscovery - invite only for now
rocketreach - $
securityTrails
shodan - $
tomba - Free up to 50 search.
zoomeye

Install and dependencies:

Python 3.10+
https://github.com/laramies/theHarvester/wiki/Installation

Comments, bugs, and requests:

Christian Martorella @laramies cmartorella@edge-security.com
Matthew Brown @NotoriousRebel1
Jay "L1ghtn1ng" Townsend @jay_townsend1

Main contributors:

Matthew Brown @NotoriousRebel1
Jay "L1ghtn1ng" Townsend @jay_townsend1
Lee Baird @discoverscripts

Thanks:

John Matherly - Shodan project
Ahmed Aboul Ela - subdomain names dictionaries (big and small)