Skip to content

laramies/theHarvester

Repository files navigation

theHarvester

TheHarvester CI TheHarvester Docker Image CI Rawsec's CyberSecurity Inventory

What is this?

theHarvester is a simple to use, yet powerful tool designed to be used during the reconnaissance stage of a red
team assessment or penetration test. It performs open source intelligence (OSINT) gathering to help determine
a domain's external threat landscape. The tool gathers names, emails, IPs, subdomains, and URLs by using
multiple public resources that include:

Passive modules:

Active modules:

  • DNS brute force: dictionary brute force enumeration
  • Screenshots: Take screenshots of subdomains that were found

Modules that require an API key:

Documentation to setup API keys can be found at - https://github.com/laramies/theHarvester/wiki/Installation#api-keys

  • bevigil - Free upto 50 queries. Pricing can be found here: https://bevigil.com/pricing/osint
  • binaryedge - $10/month
  • bing
  • bufferoverun - uses the free API
  • censys - API keys are required and can be retrieved from your Censys account.
  • criminalip
  • fullhunt
  • github
  • hunter - limited to 10 on the free plan, so you will need to do -l 10 switch
  • hunterhow
  • intelx
  • netlas - $
  • onyphe -$
  • pentestTools - $
  • projecDiscovery - invite only for now
  • rocketreach - $
  • securityTrails
  • shodan - $
  • tomba - Free up to 50 search.
  • zoomeye

Install and dependencies:

Comments, bugs, and requests:

  • Twitter Follow Christian Martorella @laramies [email protected]
  • Twitter Follow Matthew Brown @NotoriousRebel1
  • Twitter Follow Jay "L1ghtn1ng" Townsend @jay_townsend1

Main contributors:

  • Twitter Follow Matthew Brown @NotoriousRebel1
  • Twitter Follow Jay "L1ghtn1ng" Townsend @jay_townsend1
  • Twitter Follow Lee Baird @discoverscripts

Thanks:

  • John Matherly - Shodan project
  • Ahmed Aboul Ela - subdomain names dictionaries (big and small)