Need help with theHarvester?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

5.2K Stars 1.3K Forks GNU General Public License v2.0 2.3K Commits 17 Opened issues


E-mails, subdomains and names Harvester - OSINT

Services available


Need anything else?

Contributors list


TheHarvester CI TheHarvester Docker Image CI Language grade: Python Rawsec's CyberSecurity Inventory

What is this?

theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a
penetration test or red team engagement. Use it for open source intelligence (OSINT) gathering to help determine a
company's external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs and URLs using
multiple public data sources that include:


  • baidu: Baidu search engine -

  • bing: Microsoft search engine -

  • bingapi: Microsoft search engine, through the API (Requires an API key, see below.)

  • bufferoverun: Uses data from Rapid7's Project Sonar -

  • censys: Censys search engine, will use certificates searches to enumerate subdomains (Requires an API key, see below.) -

  • certspotter: Cert Spotter monitors Certificate Transparency logs -

  • crtsh: Comodo Certificate search -

  • dnsdumpster: DNSdumpster search engine -

  • duckduckgo: DuckDuckGo search engine -

  • exalead: a Meta search engine -

  • github-code: GitHub code search engine (Requires a GitHub Personal Access Token, see below.) -

  • google: Google search engine (Optional Google dorking.) -

  • hackertarget: Online vulnerability scanners and network intelligence to help organizations -

  • hunter: Hunter search engine (Requires an API key, see below.) -

  • intelx: Intelx search engine (Requires an API key, see below.) -

  • linkedin: Google search engine, specific search for LinkedIn users -

  • linkedin_links: specific search for LinkedIn users for target domain

  • netcraft: Internet Security and Data Mining -

  • omnisint: Project Crobat, A Centralised Searchable Open Source Project Sonar DNS Database -

  • otx: AlienVault Open Threat Exchange -

  • pentesttools: Powerful Penetration Testing Tools, Easy to Use (Needs an API key and is not free for API access) -

  • projecdiscovery: We actively collect and maintain internet-wide assets data, to enhance research and analyse changes around DNS for better insights - (Requires an API key)

  • qwant: Qwant search engine -

  • rapiddns: DNS query tool which make querying subdomains or sites of a same IP easy!

  • securityTrails: Security Trails search engine, the world's largest repository of historical DNS data
    (Requires an API key, see below.) -

  • shodan: Shodan search engine, will search for ports and banners from discovered hosts (Requires an API key, see below.) -

  • spyse: Web research tools for professionals (Requires an API key.) -

  • sublist3r: Fast subdomains enumeration tool for penetration testers -

  • threatcrowd: Open source threat intelligence -

  • threatminer: Data mining for threat intelligence -

  • trello: Search trello boards (Uses Google search.)

  • twitter: Twitter accounts related to a specific domain (Uses Google search.)

  • urlscan: A sandbox for the web that is a URL and website scanner -

  • vhost: Bing virtual hosts search

  • virustotal: domain search

  • yahoo: Yahoo search engine


  • DNS brute force: dictionary brute force enumeration
  • Screenshots: Take screenshots of subdomains that were found

Modules that require an API key:

Documentation to setup API keys can be found at -

  • bing
  • github
  • hunter - limited to 10 on the free plan so you will need to do -l 10 switch
  • intelx
  • pentesttools
  • projecdiscovery - invite only for now
  • securityTrails
  • shodan
  • spyse - need to have a paid account be able to use the api now
  • censys

Install and dependencies:

  • Python 3.7+

Comments, bugs and requests:

  • Twitter Follow Christian Martorella @laramies [email protected]
  • Twitter Follow Matthew Brown @NotoriousRebel1
  • Twitter Follow Jay "L1ghtn1ng" Townsend @jay_townsend1

Main contributors:

  • Twitter Follow Matthew Brown @NotoriousRebel1
  • Twitter Follow Jay "L1ghtn1ng" Townsend @jay_townsend1
  • Twitter Follow Lee Baird @discoverscripts
  • LinkedIn Janos Zold


  • John Matherly - Shodan project
  • Ahmed Aboul Ela - subdomain names dictionaries (big and small)

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.