Skip to content

manojxshrestha/theHarvester

 
 

Repository files navigation

theHarvester

TheHarvester CI TheHarvester Docker Image CI Rawsec's CyberSecurity Inventory

What is this?

theHarvester is a simple to use, yet powerful tool designed to be used during the reconnaissance stage of a red
team assessment or penetration test. It performs open source intelligence (OSINT) gathering to help determine
a domain's external threat landscape. The tool gathers names, emails, IPs, subdomains, and URLs by using
multiple public resources that include:

Passive modules:

Active modules:

  • DNS brute force: dictionary brute force enumeration
  • Screenshots: Take screenshots of subdomains that were found

Modules that require an API key:

Documentation to setup API keys can be found at - https://github.com/laramies/theHarvester/wiki/Installation#api-keys

  • bevigil - Free upto 50 queries. Pricing can be found here: https://bevigil.com/pricing/osint
  • binaryedge - $10/month
  • bing
  • bufferoverun - uses the free API
  • censys - API keys are required and can be retrieved from your Censys account.
  • criminalip
  • fullhunt
  • github
  • hunter - limited to 10 on the free plan, so you will need to do -l 10 switch
  • hunterhow
  • intelx
  • netlas - $
  • onyphe -$
  • pentestTools - $
  • projecDiscovery - invite only for now
  • rocketreach - $
  • securityTrails
  • shodan - $
  • tomba - Free up to 50 search.
  • zoomeye

Install and dependencies:

Installation:

        $ sudo apt-get theharvester

If it doesn’t work you can try to clone it directly from git using the following commands

        $ git clone https://github.com/laramies/theHarvester.git
        $ cd theHarvester
        $ sudo pip3 install -r requirements.txt
        $ sudo python3 ./theHarvester.py

Upgrading:

use the following command to upgrade the harvester

        $ sudo apt-get upgrade theharvester

Usage:

   $ theHarvester [-h] -d DOMAIN [-l LIMIT] [-S START] [-g] [-p] [-s] [--screenshot SCREENSHOT] [-v] [-e DNS_SERVER [-t DNS_TLD] [-r] [-n] [-c] [-f FILENAME] [-b SOURCE]

options:

-h, --help            show this help message and exit


-d DOMAIN, --domain DOMAIN [Company name or domain to search]
           
           
-l LIMIT, --limit LIMIT [Limit the number of search results, default=500]
     
     
-S START, --start START [Start with result number X, default=0]


-g, --google-dork [Use Google Dorks for Google search]


-p, --proxies [Use proxies for requests, enter proxies in proxies.yaml]


-s, --shodan [Use Shodan to query discovered hosts]


--screenshot SCREENSHOT [Take screenshots of resolved domains specify output directory: --screenshot output_directory]
            
            
-v, --virtual-host [Verify host name via DNS resolution and search for virtual hosts]
               
               
-e DNS_SERVER, --dns-server DNS_SERVER [DNS server to use for lookup]
                  
                  
-t DNS_TLD, --dns-tld DNS_TLD [Perform a DNS TLD expansion discovery, default False]
            
            
-r, --take-over [Check for takeovers]


-n, --dns-lookup [Enable DNS server lookup, default False]


-c, --dns-brute [Perform a DNS brute force on the domain]


-f FILENAME, --filename FILENAME [Save the results to an XML and JSON file]
                   
                   
-b SOURCE, --source SOURCE [anubis, baidu, bing, binaryedge, bingapi, bufferoverun, censys, certspotter, zoomeye
                           crtsh, dnsdumpster, duckduckgo, fullhunt, github-code, google, hackertarget, hunter,                                    
                           intelx, linkedin, linkedin_links, n45ht, omnisint, otx, pentesttools, projectdiscovery,                                
                           qwant, rapiddns, rocketreach, securityTrails, spyse, sublist3r, threatcrowd, yahoo, 
                           threatminer, trello, twitter, urlscan, virustotal]
                           
 

-h: Use SHODAN database to query discovered hosts.

Examples

To list available options

 To search emails : $ theHarvester.py -d abc.com -b all
    
 To search emails with a limit : $ theHarvester.py -d abc.com -b all -l 200
    
 To save the result into an html file : $ theharvester -d abc.com -b all -h myresults.html
    
 To search in PGP(Pretty Good Privacy) only : $ theharvester -d abc.com -b pgp     

About

E-mails, subdomains and names Harvester - OSINT

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 99.9%
  • Dockerfile 0.1%