Skip to content

laramies/theHarvester

Repository files navigation

theHarvester

TheHarvester CI TheHarvester Docker Image CI Rawsec's CyberSecurity Inventory

About

theHarvester is a simple to use, yet powerful tool designed to be used during the reconnaissance stage of a red team assessment or penetration test. It performs open source intelligence (OSINT) gathering to help determine a domain's external threat landscape. The tool gathers names, emails, IPs, subdomains, and URLs by using multiple public resources that include:

Install and dependencies

Install uv:

curl -LsSf https://astral.sh/uv/install.sh | sh

Clone the repository:

git clone https://github.com/laramies/theHarvester
cd theHarvester

Install dependencies and create a virtual environment:

uv sync

Run theHarvester:

uv run theHarvester

Development

To install development dependencies:

uv sync --extra dev

To run tests:

uv run pytest

To run linting and formatting:

uv run ruff check
uv run ruff format

Passive modules

Active modules

  • DNS brute force: dictionary brute force enumeration
  • Screenshots: Take screenshots of subdomains that were found

Modules that require an API key

Documentation to setup API keys can be found at - https://github.com/laramies/theHarvester/wiki/Installation#api-keys

  • bevigil - Free upto 50 queries. Pricing can be found here: https://bevigil.com/pricing/osint
  • bing
  • bufferoverun - uses the free binaAPI
  • builtwith
  • censys - API keys are required and can be retrieved from your Censys account.
  • criminalip
  • dehashed
  • dnsdumpster
  • fullhunt
  • github-code
  • haveibeenpwned
  • hunter - limited to 10 on the free plan, so you will need to do -l 10 switch
  • hunterhow
  • intelx
  • leaklookup
  • netlas - $
  • onyphe -$
  • pentestTools - $
  • projecDiscovery - invite only for now
  • rocketreach - $
  • securityscorecard
  • securityTrails
  • shodan - $
  • tomba - Free up to 50 search.
  • venacus - $
  • whoisxml
  • zoomeye

Comments, bugs, and requests

Main contributors

  • Twitter Follow Matthew Brown @NotoriousRebel1
  • Twitter Follow Jay "L1ghtn1ng" Townsend @jay_townsend1
  • Twitter Follow Lee Baird @discoverscripts

Thanks:

  • John Matherly - Shodan project
  • Ahmed Aboul Ela - subdomain names dictionaries (big and small)