discovery subdomain-enumeration Python information-gathering redteam blueteam emails osint reconnaissance recon
Need help with theHarvester?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.
laramies

Description

E-mails, subdomains and names Harvester - OSINT

4.5K Stars 1.2K Forks GNU General Public License v2.0 2.1K Commits 17 Opened issues

Services available

Need anything else?

theHarvester

TheHarvester CI TheHarvester Docker Image CI Language grade: Python Rawsec's CyberSecurity Inventory

What is this?

theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a
penetration test or red team engagement. Use it for open source intelligence (OSINT) gathering to help determine a
company's external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs and URLs using
multiple public data sources that include:

Passive:

  • baidu: Baidu search engine - www.baidu.com

  • bing: Microsoft search engine - www.bing.com

  • bingapi: Microsoft search engine, through the API (Requires an API key, see below.)

  • bufferoverun: Uses data from Rapid7's Project Sonar - www.rapid7.com/research/project-sonar/

  • certspotter: Cert Spotter monitors Certificate Transparency logs - https://sslmate.com/certspotter/

  • crtsh: Comodo Certificate search - https://crt.sh

  • dnsdumpster: DNSdumpster search engine - https://dnsdumpster.com

  • duckduckgo: DuckDuckGo search engine - www.duckduckgo.com

  • exalead: a Meta search engine - www.exalead.com/search

  • github-code: GitHub code search engine (Requires a GitHub Personal Access Token, see below.) - www.github.com

  • google: Google search engine (Optional Google dorking.) - www.google.com

  • hackertarget: Online vulnerability scanners and network intelligence to help organizations - https://hackertarget.com

  • hunter: Hunter search engine (Requires an API key, see below.) - www.hunter.io

  • intelx: Intelx search engine (Requires an API key, see below.) - www.intelx.io

  • linkedin: Google search engine, specific search for LinkedIn users - www.linkedin.com

  • linkedin_links:

  • netcraft: Internet Security and Data Mining - www.netcraft.com

  • otx: AlienVault Open Threat Exchange - https://otx.alienvault.com

  • pentesttools: Powerful Penetration Testing Tools, Easy to Use (Needs an API key and is not free for API access) - https://pentest-tools.com/home

  • projecdiscovery: We actively collect and maintain internet-wide assets data, to enhance research and analyse changes around DNS for better insights - https://chaos.projectdiscovery.io (Requires an API key)

  • qwant: Qwant search engine - www.qwant.com

  • rapiddns: DNS query tool which make querying subdomains or sites of a same IP easy! https://rapiddns.io

  • securityTrails: Security Trails search engine, the world's largest repository of historical DNS data
    (Requires an API key, see below.) - www.securitytrails.com

  • shodan: Shodan search engine, will search for ports and banners from discovered hosts - www.shodanhq.com

  • spyse: Web research tools for professionals (Requires an API key.) - https://spyse.com

  • sublist3r: Fast subdomains enumeration tool for penetration testers - https://api.sublist3r.com/search.php?domain=example.com

  • threatcrowd: Open source threat intelligence - www.threatcrowd.org

  • threatminer: Data mining for threat intelligence - https://www.threatminer.org/

  • trello: Search trello boards (Uses Google search.)

  • twitter: Twitter accounts related to a specific domain (Uses Google search.)

  • urlscan: A sandbox for the web that is a URL and website scanner - https://urlscan.io

  • vhost: Bing virtual hosts search

  • virustotal: virustotal.com domain search

  • yahoo: Yahoo search engine

Active:

  • DNS brute force: dictionary brute force enumeration
  • Screenshots: Take screenshots of subdomains that were found

Modules that require an API key:

Documentation to setup API keys can be found at - https://github.com/laramies/theHarvester/wiki/Installation#api-keys

  • bing
  • github
  • hunter - limited to 10 on the free plan so you will ned to do -l 10 switch
  • intelx
  • pentesttools
  • projecdiscovery - invite only for now
  • securityTrails
  • shodan
  • spyse - need to have a paid account be able to use the api now

Install and dependencies:

  • Python 3.7+
  • https://github.com/laramies/theHarvester/wiki/Installation

Comments, bugs and requests:

  • Twitter Follow Christian Martorella @laramies [email protected]
  • Twitter Follow Matthew Brown @NotoriousRebel1
  • Twitter Follow Jay "L1ghtn1ng" Townsend @jay_townsend1

Main contributors:

  • Twitter Follow Matthew Brown @NotoriousRebel1
  • Twitter Follow Jay "L1ghtn1ng" Townsend @jay_townsend1
  • Twitter Follow Lee Baird @discoverscripts
  • LinkedIn Janos Zold

Thanks:

  • John Matherly - Shodan project
  • Ahmed Aboul Ela - subdomain names dictionaries (big and small)

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.