43

GitHub - laramies/theHarvester: E-mails, subdomains and names Harvester - OSINT

 4 years ago
source link: https://github.com/laramies/theHarvester
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

README.md

theHarvester

Build Status Language grade: Python Rawsec's CyberSecurity Inventory

What is this?

theHarvester is a very simple, yet effective tool designed to be used in the early
stages of a penetration test. Use it for open source intelligence gathering and
helping to determine a company's external threat landscape on the internet. The
tool gathers emails, names, subdomains, IPs, and URLs using multiple public data
sources that include:

Passive:

  • baidu: Baidu search engine - www.baidu.com

  • bing: Microsoft search engine - www.bing.com

  • bingapi: Microsoft search engine, through the API (Requires API key, see below.)

  • censys: Censys.io search engine - www.censys.io

  • crtsh: Comodo Certificate search - www.crt.sh

  • dnsdumpster: DNSdumpster search engine - dnsdumpster.com

  • dogpile: Dogpile search engine - www.dogpile.com

  • duckduckgo: DuckDuckGo search engine - www.duckduckgo.com

  • Exalead: a Meta search engine - https://www.exalead.com/search

  • github-code: Github code search engine (Requires Github Personal Access Token, see below.) - www.github.com

  • google: Google search engine (Optional Google dorking.) - www.google.com

  • hunter: Hunter search engine (Requires API key, see below.) - www.hunter.io

  • intelx: Intelx search engine (Requires API key, see below.) - www.intelx.io

  • linkedin: Google search engine, specific search for Linkedin users - www.linkedin.com

  • netcraft: Netcraft Data Mining - www.netcraft.com

  • otx: AlienVault Open Threat Exchange - https://otx.alienvault.com

  • securityTrails: Security Trails search engine, the world's largest repository
    of historical DNS data (Requires API key, see below.) - www.securitytrails.com

  • shodan: Shodan search engine, will search for ports and banners from discovered
    hosts - www.shodanhq.com

  • threatcrowd: Open source threat intelligence - www.threatcrowd.org

  • trello: Search trello boards (Uses Google search.)

  • twitter: Twitter accounts related to a specific domain (Uses Google search.)

  • vhost: Bing virtual hosts search

  • virustotal: virustotal.com domain search

  • yahoo: Yahoo search engine

Active:

  • DNS brute force: dictionary brute force enumeration

Modules that require an API key:

Add your keys to api-keys.yaml

  • bingapi
  • github
  • hunter
  • intelx
  • securityTrails
  • shodan

Dependencies:

  • Python 3.6+
  • python3 -m pip install -r requirements.txt
  • Recommend that you use a virtualenv when cloning from git

Comments, bugs, or requests?

Main contributors:

  • Twitter Follow Matthew Brown @NotoriousRebel1
  • Twitter Follow Jay "L1ghtn1ng" Townsend @jay_townsend1
  • LinkedIn Janos Zold
  • Twitter Follow Lee Baird @discoverscripts

Thanks:

  • John Matherly - Shodan project
  • Ahmed Aboul Ela - subdomain names dictionaries (big and small)

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK