MCPcopy
hub / github.com/laramies/theHarvester

github.com/laramies/theHarvester @4.11.1 sqlite

repository ↗ · DeepWiki ↗ · release 4.11.1 ↗
905 symbols 2,619 edges 104 files 232 documented · 26%
README

theHarvester

TheHarvester CI TheHarvester Docker Image CI Rawsec's CyberSecurity Inventory

About

theHarvester is a simple to use, yet powerful tool designed to be used during the reconnaissance stage of a red team assessment or penetration test. It performs open source intelligence (OSINT) gathering to help determine a domain's external threat landscape. The tool gathers names, emails, IPs, subdomains, and URLs by using multiple public resources that include:

Package versions

Packaging status

Install and dependencies

  • Python 3.12 or higher.
  • https://github.com/laramies/theHarvester/wiki/Installation

Install uv: bash curl -LsSf https://astral.sh/uv/install.sh | sh

Clone the repository: bash git clone https://github.com/laramies/theHarvester cd theHarvester

Install dependencies and create a virtual environment: bash uv sync

Run theHarvester: bash uv run theHarvester

Development

To install development dependencies:

uv sync --all-groups

To run tests:

uv run pytest

To run linting and formatting:

uv run ruff check
uv run ruff format

To protect the optional /additional/* REST API routes, set THEHARVESTER_API_KEY and pass the same value in the X-API-Key header. Those routes return 503 when the key is not configured.

Passive modules

  • baidu: Baidu search engine (https://www.baidu.com)

  • bevigil: CloudSEK BeVigil scans mobile application for OSINT assets (https://bevigil.com/osint-api)

  • brave: Brave search engine - now uses official Brave Search API (https://api-dashboard.search.brave.com)

  • bufferoverun: Fast domain name lookups for TLS certificates in IPv4 space (https://tls.bufferover.run)

  • builtwith: Find out what websites are built with (https://builtwith.com)

  • censys: Uses certificates searches to enumerate subdomains and gather emails (https://censys.io)

  • certspotter: Cert Spotter monitors Certificate Transparency logs (https://sslmate.com/certspotter)

  • criminalip: Specialized Cyber Threat Intelligence (CTI) search engine (https://www.criminalip.io)

  • crtsh: Comodo Certificate search (https://crt.sh)

  • dehashed: Take your data security to the next level is (https://dehashed.com)

  • dnsdumpster: Domain research tool that can discover hosts related to a domain (https://dnsdumpster.com)

  • duckduckgo: DuckDuckGo search engine (https://duckduckgo.com)

  • dymo: Dymo API data verifier - confirms domains, surfaces typo suggestions and MX/fraud signals (https://dymo.tpeoficial.com)

  • fofa: FOFA search eingine (https://en.fofa.info)

  • fullhunt: Next-generation attack surface security platform (https://fullhunt.io)

  • github-code: GitHub code search engine (https://www.github.com)

  • hackertarget: Online vulnerability scanners and network intelligence to help organizations (https://hackertarget.com)

  • haveibeenpwned: Check if your email address is in a data breach (https://haveibeenpwned.com)

  • hunter: Hunter search engine (https://hunter.io)

  • hunterhow: Internet search engines for security researchers (https://hunter.how)

  • intelx: Intelx search engine (https://intelx.io)

  • leakix: LeakIX search engine (https://leakix.net)

  • leaklookup: Data breach search engine (https://leak-lookup.com)

  • mojeek: Mojeek search engine (https://www.mojeek.com)

  • netlas: A Shodan or Censys competitor (https://app.netlas.io)

  • onyphe: Cyber defense search engine (https://www.onyphe.io)

  • otx: AlienVault open threat exchange (https://otx.alienvault.com)

  • pentesttools: Cloud-based toolkit for offensive security testing, focused on web applications and network penetration testing (https://pentest-tools.com)

  • projecdiscovery: Actively collects and maintains internet-wide assets data, to enhance research and analyse changes around DNS for better insights (https://chaos.projectdiscovery.io)

  • rapiddns: DNS query tool which make querying subdomains or sites of a same IP easy (https://rapiddns.io)

  • rocketreach: Access real-time verified personal/professional emails, phone numbers, and social media links (https://rocketreach.co)

  • securityscorecard: helps TPRM and SOC teams detect, prioritize, and remediate vendor risk across their entire supplier ecosystem at scale (https://securityscorecard.com)

  • securityTrails: Security Trails search engine, the world's largest repository of historical DNS data (https://securitytrails.com)

  • sherlockeye: Reverse Lookup & AI-Powered OSINT (https://sherlockeye.io)

  • -s, --shodan: Shodan search engine will search for ports and banners from discovered hosts (https://shodan.io)

  • subdomaincenter: A subdomain finder tool used to find subdomains of a given domain (https://www.subdomain.center)

  • subdomainfinderc99: A subdomain finder is a tool used to find the subdomains of a given domain (https://subdomainfinder.c99.nl)

  • thc: Free subdomain enumeration service with no API key required (https://ip.thc.org)

  • threatminer: Data mining for threat intelligence (https://www.threatminer.org)

  • tomba: Tomba search engine (https://tomba.io)

  • urlscan: A sandbox for the web that is a URL and website scanner (https://urlscan.io)

  • venacus: Venacus search engine (https://venacus.com)

  • virustotal: Domain search (https://www.virustotal.com)

  • whoisxml: Subdomain search (https://subdomains.whoisxmlapi.com/api/pricing)

  • yahoo: Yahoo search engine (https://www.yahoo.com)

  • windvane: Windvane search engine (https://windvane.lichoin.com)

  • zoomeye: China's version of Shodan (https://www.zoomeye.org)

Active modules

  • DNS brute force: dictionary brute force enumeration
  • Screenshots: Take screenshots of subdomains that were found

Modules that require an API key

Documentation to setup API keys can be found at - https://github.com/laramies/theHarvester/wiki/Installation#api-keys

  • bevigil - 50 free queries/month. 1k queries/month $50
  • brave - free plan available. Pro plans for higher limits
  • bufferoverun - 100 free queries/month. 10k/month $25
  • builtwith - 50 free queries ever. $2950/yr
  • censys - 500 credits $100
  • criminalip - 100 free queries/month. 700k/month $59
  • dehashed - 500 credts $15, 5k credits $150
  • dnsdumpster - 50 free querries/day, $49
  • dymo - free tier available, paid plans for higher limits
  • fofa - query credits 10,000/month. 100k results/month $25
  • fullhunt - 50 free queries. 200 queries $29/month, 500 queries $59
  • github-code
  • haveibeenpwned - 10 email searches/min $4.50, 50 email searches/min $22
  • hunter - 50 free credits/month. 12k credits/yr $34
  • hunterhow - 10k free API results per 30 days. 50k API results per 30 days $10
  • intelx - free account is very limited. Business acount $2900
  • leakix - free 25 results pages, 3000 API requests/month. Bounty Hunter $29
  • leaklookup - 20 credits $10, 50 credits $20, 140 credits $50, 300 credits $100
  • mojeek - 5000 free credits $6.50, $1.30 CPM (Personal), $2.60 CPM (Startup), $3.90 CPM (Business)
  • netlas - 50 free requests/day. 1k requests $49, 10k requests $249
  • onyphe - 10M results/month $587
  • pentesttools - 5 assets netsec $95/month, 5 assets webnetsec $140/month
  • projecdiscovery - requires work email. Free monthly discovery and vulnerability scans on sign-up email domain, enterprise $
  • rocketreach - 100 email lookups/month $48, 250 email lookups/month $108
  • securityscorecard - requires a work email
  • securityTrails - 50 free queries/month. 20k queries/month $500
  • sherlockeye - Intermediate $46 month, Advanced $120 month. Enterprise available.
  • shodan - Freelancer $69 month, Small Business $359 month
  • tomba - 25 free searches/month. 1k searches/month $39, 5k searches/month $89
  • venacus - 1 free search/day. 10 searches/day $12, 30 searches/day $36
  • virustotal - 500 free lookups/day, 15.5k lookups/month. Busines accounts requires a work email
  • whoisxml - 2k queries $50, 5k queries $105
  • windvane - 100 free queries
  • zoomeye - 5 free results/day. 30/results/day $190/yr

Comments, bugs, and requests

  • Twitter Follow Christian Martorella @laramies cmartorella@edge-security.com
  • Twitter Follow Matthew Brown @NotoriousRebel1
  • Twitter Follow Jay "L1ghtn1ng" Townsend @jay_townsend1

Main contributors

  • Twitter Follow Matthew Brown @NotoriousRebel1
  • Twitter Follow Jay "L1ghtn1ng" Townsend @jay_townsend1
  • Twitter Follow Lee Baird @discoverscripts

Thanks

  • John Matherly - Shodan project
  • Ahmed Aboul Ela - subdomain names dictionaries (big and small)

Core symbols most depended-on inside this repo

fetch_all
called by 59
theHarvester/lib/core.py
store
called by 55
theHarvester/__main__.py
get_user_agent
called by 48
theHarvester/lib/core.py
_api_key_value
called by 36
theHarvester/lib/core.py
show_default_error_message
called by 22
theHarvester/lib/core.py
_col0_int
called by 21
theHarvester/lib/stash.py
sorted_unique
called by 16
theHarvester/lib/output.py
post_fetch
called by 15
theHarvester/lib/core.py

Shape

Method 689
Class 128
Function 78
Route 10

Languages

Python100%

Modules by API surface

theHarvester/lib/core.py61 symbols
tests/discovery/test_thc.py37 symbols
theHarvester/discovery/fullhuntsearch.py35 symbols
tests/test_security.py30 symbols
theHarvester/discovery/api_endpoints.py28 symbols
tests/lib/test_core.py28 symbols
theHarvester/discovery/zoomeyesearch.py19 symbols
theHarvester/discovery/hudsonrocksearch.py19 symbols
tests/discovery/test_githubcode.py17 symbols
theHarvester/discovery/windvane.py16 symbols
theHarvester/discovery/sherlockeye.py16 symbols
theHarvester/lib/api/api.py15 symbols

Dependencies from manifests, versioned

PyYAML6.0.3 · 1×
aiodns4.0.4 · 1×
aiofiles25.1.0 · 1×
aiohttp3.14.0 · 1×
aiohttp-socks0.11.0 · 1×
aiomultiprocess0.9.1 · 1×
aiosqlite0.22.1 · 1×
beautifulsoup44.14.3 · 1×
censys2.2.19 · 1×
certifi2026.5.20 · 1×
dnspython2.8.0 · 1×
fastapi0.136.3 · 1×

For agents

$ claude mcp add theHarvester \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact