October 31, 2021

677 words 4 mins read

laramies/theHarvester

laramies/theHarvester

E-mails, subdomains and names Harvester - OSINT

repo name laramies/theHarvester
repo link https://github.com/laramies/theHarvester
homepage http://www.edge-security.com/
language Python
size (curr.) 6716 kB
stars (curr.) 6052
created 2011-01-01
license GNU General Public License v2.0

theHarvester

TheHarvester CI TheHarvester Docker Image CI Language grade: Python Rawsec’s CyberSecurity Inventory

What is this?

theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a penetration test or red team engagement. Use it for open source intelligence (OSINT) gathering to help determine a company’s external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs and URLs using multiple public data sources that include:

Passive:

Active:

  • DNS brute force: dictionary brute force enumeration
  • Screenshots: Take screenshots of subdomains that were found

Modules that require an API key:

Documentation to setup API keys can be found at - https://github.com/laramies/theHarvester/wiki/Installation#api-keys

  • binaryedge - not free
  • bing
  • censys - API keys are required and can be retrieved from your Censys account.
  • fullhunt
  • github
  • hunter - limited to 10 on the free plan so you will need to do -l 10 switch
  • intelx
  • pentesttools - not free
  • projecdiscovery - invite only for now
  • rocketreach - not free
  • securityTrails
  • shodan
  • spyse - not free
  • zoomeye

Install and dependencies:

Comments, bugs, and requests:

Main contributors:

  • Twitter Follow Matthew Brown @NotoriousRebel1
  • Twitter Follow Jay “L1ghtn1ng” Townsend @jay_townsend1
  • Twitter Follow Lee Baird @discoverscripts

Thanks:

  • John Matherly - Shodan project
  • Ahmed Aboul Ela - subdomain names dictionaries (big and small)
comments powered by Disqus