theHarvester 4.0.3 released: E-mails/subdomains/names Harvester – OSINT
theHarvester
What is this?
————-
theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, PGP key servers). Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company on the Internet.
The sources are:
Passive:
——–
-google: google search engine – www.google.com-googleCSE: google custom search engine
-google-profiles: google search engine, specific search for Google profiles
-bing: microsoft search engine – www.bing.com
-bingapi: microsoft search engine, through the API (you need to add your Key in
the discovery/bingsearch.py file)-dogpile: Dogpile search engine – www.dogpile.com
-pgp: pgp key server – mit.edu
-linkedin: google search engine, specific search for Linkedin users
-vhost: Bing virtual hosts search
-twitter: twitter accounts related to an specific domain (uses google search)
-googleplus: users that work in target company (uses google search)
-yahoo: Yahoo search engine
-baidu: Baidu search engine
-shodan: Shodan Computer search engine, will search for ports and banner of the
discovered hosts (http://www.shodanhq.com/)
Active:
——-
-DNS brute force: this plugin will run a dictionary brute force enumeration
-DNS reverse lookup: reverse lookup of ip´s discovered in order to find hostnames
-DNS TDL expansion: TLD dictionary brute force enumeration
Modules that need API keys to work:
———————————-
-googleCSE: You need to create a Google Custom Search engine(CSE), and add your Google API key and CSE ID in the plugin (discovery/googleCSE.py)
-shodan: You need to provide your API key in discovery/shodansearch.py
Changelog v4.0.3
What’s Changed
- company_domain seems more in line with the intention of -d by @pierce403 in #910
- chore(deps-dev): bump types-requests from 2.25.11 to 2.26.0 by @dependabot in #911
- 100x improvement in rocketreach API calls via pagination tweaks by @pierce403 in #912
- chore(deps): bump actions/setup-python from 2.2.2 to 2.3.0 by @dependabot in #919
- chore(deps-dev): bump types-pyyaml from 6.0.0 to 6.0.1 by @dependabot in #913
- chore(deps): bump setuptools from 58.5.3 to 59.1.1 by @dependabot in #918
- chore(deps): bump aiohttp from 3.8.0 to 3.8.1 by @dependabot in #916
- Updated zoomeye module, updated user agents list, fixed substring not found, and replaced orjson in favor of ujson. by @NotoriousRebel in #923
- Fix typos by @rex4539 in #914
- chore(deps): bump setuptools from 59.1.1 to 59.2.0 by @dependabot in #922
- chore(deps): bump ujson from 4.2.0 to 4.3.0 by @dependabot in #924
- Change ci to use py3.10 final by @L1ghtn1ng in #927
Installation
pip install requests
git clone https://github.com/laramies/theHarvester.git
Usage
Copyright 2011 Christian Martorella
Source: https://github.com/laramies/