Need help with theHarvester?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

6.0K Stars 1.4K Forks GNU General Public License v2.0 2.5K Commits 17 Opened issues


E-mails, subdomains and names Harvester - OSINT

Services available


Need anything else?

Contributors list


TheHarvester CI TheHarvester Docker Image CI Language grade: Python Rawsec's CyberSecurity Inventory

What is this?

theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a
penetration test or red team engagement. Use it for open source intelligence (OSINT) gathering to help determine a
company's external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs and URLs using
multiple public data sources that include:


  • anubis: Anubis-DB -

  • baidu: Baidu search engine -

  • binaryedge: placeholder -

  • bing: Microsoft search engine -

  • bingapi: Microsoft search engine, through the API (Requires an API key, see below.)

  • bufferoverun: Uses data from Rapid7's Project Sonar -

  • censys: Censys search engine, will use certificates searches to enumerate subdomains and gather emails (Requires an API key, see below.) -

  • certspotter: Cert Spotter monitors Certificate Transparency logs -

  • crtsh: Comodo Certificate search -

  • dnsdumpster: DNSdumpster search engine -

  • duckduckgo: DuckDuckGo search engine -

  • github-code: GitHub code search engine (Requires a GitHub Personal Access Token, see below.) -

  • google: Google search engine (Optional Google dorking.) -

  • hackertarget: Online vulnerability scanners and network intelligence to help organizations -

  • hunter: Hunter search engine (Requires an API key, see below.) -

  • intelx: Intelx search engine (Requires an API key, see below.) -

  • linkedin: Google search engine, specific search for LinkedIn users -

  • linkedin_links: specific search for LinkedIn users for target domain (Uses Google search.)

  • omnisint: Project Crobat, A Centralised Searchable Open Source Project Sonar DNS Database -

  • otx: AlienVault Open Threat Exchange -

  • pentesttools: Powerful Penetration Testing Tools, Easy to Use (Requires an API key, see below.) -

  • projecdiscovery: We actively collect and maintain internet-wide assets data, to enhance research and analyse changes around DNS for better insights (Requires an API key, see below.) -

  • qwant: Qwant search engine -

  • rapiddns: DNS query tool which make querying subdomains or sites of a same IP easy!

  • rocketreach: Access real-time verified personal/professional emails, phone numbers, and social media links. -

  • securityTrails: Security Trails search engine, the world's largest repository of historical DNS data
    (Requires an API key, see below.) -

  • shodan: Shodan search engine, will search for ports and banners from discovered hosts (Requires an API key, see below.) -

  • spyse: Spyse is a search engine built for a quick cyber intelligence of IT infrastructures, networks, and even the smallest parts of the internet. (Requires an API key, see below.) -

  • sublist3r: Fast subdomains enumeration tool for penetration testers -

  • threatcrowd: Open source threat intelligence -

  • threatminer: Data mining for threat intelligence -

  • trello: Search trello boards (Uses Google search.)

  • twitter: Twitter accounts related to a specific domain (Uses Google search.)

  • urlscan: A sandbox for the web that is a URL and website scanner -

  • vhost: Bing virtual hosts search

  • virustotal: domain search

  • yahoo: Yahoo search engine

  • zoomeye: China version of shodan -


  • DNS brute force: dictionary brute force enumeration
  • Screenshots: Take screenshots of subdomains that were found

Modules that require an API key:

Documentation to setup API keys can be found at -

  • binaryedge - not free
  • bing
  • censys - API keys are required and can be retrieved from your Censys account.
  • github
  • hunter - limited to 10 on the free plan so you will need to do -l 10 switch
  • intelx
  • pentesttools - not free
  • projecdiscovery - invite only for now
  • rocketreach - not free
  • securityTrails
  • shodan
  • spyse - not free
  • zoomeye - not free

Install and dependencies:

  • Python 3.7+

Comments, bugs, and requests:

  • Twitter Follow Christian Martorella @laramies [email protected]
  • Twitter Follow Matthew Brown @NotoriousRebel1
  • Twitter Follow Jay "L1ghtn1ng" Townsend @jay_townsend1

Main contributors:

  • Twitter Follow Matthew Brown @NotoriousRebel1
  • Twitter Follow Jay "L1ghtn1ng" Townsend @jay_townsend1
  • Twitter Follow Lee Baird @discoverscripts


  • John Matherly - Shodan project
  • Ahmed Aboul Ela - subdomain names dictionaries (big and small)

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.