[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-2764":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":10,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":22,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":36,"readmeContent":37,"aiSummary":38,"trendingCount":16,"starSnapshotCount":16,"syncStatus":39,"lastSyncTime":40,"discoverSource":41},2764,"theHarvester","laramies\u002FtheHarvester","laramies","E-mails, subdomains and names Harvester - OSINT ","http:\u002F\u002Fwww.edge-security.com\u002F",null,"Python",16443,2488,337,1,0,35,79,280,105,45,false,"master",true,[26,27,28,29,30,31,32,33,34,35],"blueteam","discovery","emails","information-gathering","osint","python","recon","reconnaissance","redteam","subdomain-enumeration","2026-06-12 02:00:43","![theHarvester](https:\u002F\u002Fgithub.com\u002Flaramies\u002FtheHarvester\u002Fblob\u002Fmaster\u002FtheHarvester-logo.webp)\n\n![TheHarvester CI](https:\u002F\u002Fgithub.com\u002Flaramies\u002FtheHarvester\u002Fworkflows\u002FTheHarvester%20Python%20CI\u002Fbadge.svg) ![TheHarvester Docker Image CI](https:\u002F\u002Fgithub.com\u002Flaramies\u002FtheHarvester\u002Fworkflows\u002FTheHarvester%20Docker%20Image%20CI\u002Fbadge.svg)\n[![Rawsec's CyberSecurity Inventory](https:\u002F\u002Finventory.raw.pm\u002Fimg\u002Fbadges\u002FRawsec-inventoried-FF5050_flat_without_logo.svg)](https:\u002F\u002Finventory.raw.pm\u002F)\n\n[![Packaging status](https:\u002F\u002Frepology.org\u002Fbadge\u002Fvertical-allrepos\u002Ftheharvester.svg)](https:\u002F\u002Frepology.org\u002Fproject\u002Ftheharvester\u002Fversions)\n\nAbout\n-----\ntheHarvester is a simple to use, yet powerful tool designed to be used during the reconnaissance stage of a red\nteam assessment or penetration test. It performs open source intelligence (OSINT) gathering to help determine\na domain's external threat landscape. The tool gathers names, emails, IPs, subdomains, and URLs by using\nmultiple public resources that include:\n\nInstall and dependencies\n------------------------\n* Python 3.12 or higher.\n* https:\u002F\u002Fgithub.com\u002Flaramies\u002FtheHarvester\u002Fwiki\u002FInstallation\n\nInstall uv:\n   ```bash\n   curl -LsSf https:\u002F\u002Fastral.sh\u002Fuv\u002Finstall.sh | sh\n   ```\n\nClone the repository:\n   ```bash\n   git clone https:\u002F\u002Fgithub.com\u002Flaramies\u002FtheHarvester\n   cd theHarvester\n   ```\n\nInstall dependencies and create a virtual environment:\n   ```bash\n   uv sync\n   ```\n\nRun theHarvester:\n   ```bash\n   uv run theHarvester\n   ```\n\n## Development\n\nTo install development dependencies:\n```bash\nuv sync --all-groups\n```\n\nTo run tests:\n```bash\nuv run pytest\n```\n\nTo run linting and formatting:\n```bash\nuv run ruff check\n```\n```bash\nuv run ruff format\n```\n\nPassive modules\n---------------\n\n* baidu: Baidu search engine (https:\u002F\u002Fwww.baidu.com)\n\n* bevigil: CloudSEK BeVigil scans mobile application for OSINT assets (https:\u002F\u002Fbevigil.com\u002Fosint-api)\n\n* brave: Brave search engine - now uses official Brave Search API (https:\u002F\u002Fapi-dashboard.search.brave.com)\n\n* bufferoverun: Fast domain name lookups for TLS certificates in IPv4 space (https:\u002F\u002Ftls.bufferover.run)\n\n* builtwith: Find out what websites are built with (https:\u002F\u002Fbuiltwith.com)\n\n* censys: Uses certificates searches to enumerate subdomains and gather emails (https:\u002F\u002Fcensys.io)\n\n* certspotter: Cert Spotter monitors Certificate Transparency logs (https:\u002F\u002Fsslmate.com\u002Fcertspotter)\n\n* criminalip: Specialized Cyber Threat Intelligence (CTI) search engine (https:\u002F\u002Fwww.criminalip.io)\n\n* crtsh: Comodo Certificate search (https:\u002F\u002Fcrt.sh)\n\n* dehashed: Take your data security to the next level is (https:\u002F\u002Fdehashed.com)\n\n* dnsdumpster: Domain research tool that can discover hosts related to a domain (https:\u002F\u002Fdnsdumpster.com)\n\n* duckduckgo: DuckDuckGo search engine (https:\u002F\u002Fduckduckgo.com)\n\n* fofa: FOFA search eingine (https:\u002F\u002Fen.fofa.info)\n\n* fullhunt: Next-generation attack surface security platform (https:\u002F\u002Ffullhunt.io)\n\n* github-code: GitHub code search engine (https:\u002F\u002Fwww.github.com)\n\n* hackertarget: Online vulnerability scanners and network intelligence to help organizations (https:\u002F\u002Fhackertarget.com)\n\n* haveibeenpwned: Check if your email address is in a data breach (https:\u002F\u002Fhaveibeenpwned.com)\n\n* hunter: Hunter search engine (https:\u002F\u002Fhunter.io)\n\n* hunterhow: Internet search engines for security researchers (https:\u002F\u002Fhunter.how)\n\n* intelx: Intelx search engine (https:\u002F\u002Fintelx.io)\n\n* leakix: LeakIX search engine (https:\u002F\u002Fleakix.net)\n\n* leaklookup: Data breach search engine (https:\u002F\u002Fleak-lookup.com)\n\n* mojeek: Mojeek search engine (https:\u002F\u002Fwww.mojeek.com)\n\n* netlas: A Shodan or Censys competitor (https:\u002F\u002Fapp.netlas.io)\n\n* onyphe: Cyber defense search engine (https:\u002F\u002Fwww.onyphe.io)\n\n* otx: AlienVault open threat exchange (https:\u002F\u002Fotx.alienvault.com)\n\n* pentesttools: Cloud-based toolkit for offensive security testing, focused on web applications and network penetration testing (https:\u002F\u002Fpentest-tools.com)\n\n* projecdiscovery: Actively collects and maintains internet-wide assets data, to enhance research and analyse changes around DNS for better insights (https:\u002F\u002Fchaos.projectdiscovery.io)\n\n* rapiddns: DNS query tool which make querying subdomains or sites of a same IP easy (https:\u002F\u002Frapiddns.io)\n\n* rocketreach: Access real-time verified personal\u002Fprofessional emails, phone numbers, and social media links (https:\u002F\u002Frocketreach.co)\n\n* securityscorecard: helps TPRM and SOC teams detect, prioritize, and remediate vendor risk across their entire supplier ecosystem at scale (https:\u002F\u002Fsecurityscorecard.com)\n\n* securityTrails: Security Trails search engine, the world's largest repository of historical DNS data (https:\u002F\u002Fsecuritytrails.com)\n\n* -s, --shodan: Shodan search engine will search for ports and banners from discovered hosts (https:\u002F\u002Fshodan.io)\n\n* subdomaincenter: A subdomain finder tool used to find subdomains of a given domain (https:\u002F\u002Fwww.subdomain.center)\n\n* subdomainfinderc99: A subdomain finder is a tool used to find the subdomains of a given domain (https:\u002F\u002Fsubdomainfinder.c99.nl)\n\n* thc: Free subdomain enumeration service with no API key required (https:\u002F\u002Fip.thc.org)\n\n* threatminer: Data mining for threat intelligence (https:\u002F\u002Fwww.threatminer.org)\n\n* tomba: Tomba search engine (https:\u002F\u002Ftomba.io)\n\n* urlscan: A sandbox for the web that is a URL and website scanner (https:\u002F\u002Furlscan.io)\n\n* venacus: Venacus search engine (https:\u002F\u002Fvenacus.com)\n\n* virustotal: Domain search (https:\u002F\u002Fwww.virustotal.com)\n\n* whoisxml: Subdomain search (https:\u002F\u002Fsubdomains.whoisxmlapi.com\u002Fapi\u002Fpricing)\n\n* yahoo: Yahoo search engine (https:\u002F\u002Fwww.yahoo.com)\n\n* windvane: Windvane search engine (https:\u002F\u002Fwindvane.lichoin.com)\n\n* zoomeye: China's version of Shodan (https:\u002F\u002Fwww.zoomeye.org)\n\nActive modules\n--------------\n* DNS brute force: dictionary brute force enumeration\n* Screenshots: Take screenshots of subdomains that were found\n\nModules that require an API key\n-------------------------------\nDocumentation to setup API keys can be found at - https:\u002F\u002Fgithub.com\u002Flaramies\u002FtheHarvester\u002Fwiki\u002FInstallation#api-keys\n\n* bevigil - 50 free queries\u002Fmonth. 1k queries\u002Fmonth $50\n* brave - free plan available. Pro plans for higher limits\n* bufferoverun - 100 free queries\u002Fmonth. 10k\u002Fmonth $25\n* builtwith - 50 free queries ever. $2950\u002Fyr\n* censys - 500 credits $100\n* criminalip - 100 free queries\u002Fmonth. 700k\u002Fmonth $59\n* dehashed - 500 credts $15, 5k credits $150\n* dnsdumpster - 50 free querries\u002Fday, $49\n* fofa - query credits 10,000\u002Fmonth. 100k results\u002Fmonth $25\n* fullhunt - 50 free queries. 200 queries $29\u002Fmonth, 500 queries $59 \n* github-code\n* haveibeenpwned - 10 email searches\u002Fmin $4.50, 50 email searches\u002Fmin $22\n* hunter - 50 free credits\u002Fmonth. 12k credits\u002Fyr $34\n* hunterhow - 10k free API results per 30 days. 50k API results per 30 days $10\n* intelx - free account is very limited. Business acount $2900\n* leakix - free 25 results pages, 3000 API requests\u002Fmonth. Bounty Hunter $29\n* leaklookup - 20 credits $10, 50 credits $20, 140 credits $50, 300 credits $100\n* mojeek - 5000 free credits $6.50, $1.30 CPM (Personal), $2.60 CPM (Startup), $3.90 CPM (Business)\n* netlas - 50 free requests\u002Fday. 1k requests $49, 10k requests $249\n* onyphe - 10M results\u002Fmonth $587\n* pentesttools - 5 assets netsec $95\u002Fmonth, 5 assets webnetsec $140\u002Fmonth\n* projecdiscovery - requires work email. Free monthly discovery and vulnerability scans on sign-up email domain, enterprise $\n* rocketreach - 100 email lookups\u002Fmonth $48, 250 email lookups\u002Fmonth $108\n* securityscorecard - requires a work email\n* securityTrails - 50 free queries\u002Fmonth. 20k queries\u002Fmonth $500\n* shodan - Freelancer $69 month, Small Business $359 month\n* tomba - 25 free searches\u002Fmonth. 1k searches\u002Fmonth $39, 5k searches\u002Fmonth $89\n* venacus - 1 free search\u002Fday. 10 searches\u002Fday $12, 30 searches\u002Fday $36\n* virustotal - 500 free lookups\u002Fday, 15.5k lookups\u002Fmonth. Busines accounts requires a work email\n* whoisxml - 2k queries $50, 5k queries $105\n* windvane - 100 free queries\n* zoomeye - 5 free results\u002Fday. 30\u002Fresults\u002Fday $190\u002Fyr\n\n## Package versions\n[![Packaging status](https:\u002F\u002Frepology.org\u002Fbadge\u002Fvertical-allrepos\u002Ftheharvester.svg)](https:\u002F\u002Frepology.org\u002Fproject\u002Ftheharvester\u002Fversions)\n\nComments, bugs, and requests\n----------------------------\n* [![Twitter Follow](https:\u002F\u002Fimg.shields.io\u002Ftwitter\u002Ffollow\u002Flaramies.svg?style=social&label=Follow)](https:\u002F\u002Ftwitter.com\u002Flaramies) Christian Martorella @laramies\n  cmartorella@edge-security.com\n* [![Twitter Follow](https:\u002F\u002Fimg.shields.io\u002Ftwitter\u002Ffollow\u002FNotoriousRebel1.svg?style=social&label=Follow)](https:\u002F\u002Ftwitter.com\u002FNotoriousRebel1) Matthew Brown @NotoriousRebel1\n* [![Twitter Follow](https:\u002F\u002Fimg.shields.io\u002Ftwitter\u002Ffollow\u002Fjay_townsend1.svg?style=social&label=Follow)](https:\u002F\u002Ftwitter.com\u002Fjay_townsend1) Jay \"L1ghtn1ng\" Townsend @jay_townsend1\n\nMain contributors\n-----------------\n* [![Twitter Follow](https:\u002F\u002Fimg.shields.io\u002Ftwitter\u002Ffollow\u002FNotoriousRebel1.svg?style=social&label=Follow)](https:\u002F\u002Ftwitter.com\u002FNotoriousRebel1) Matthew Brown @NotoriousRebel1\n* [![Twitter Follow](https:\u002F\u002Fimg.shields.io\u002Ftwitter\u002Ffollow\u002Fjay_townsend1.svg?style=social&label=Follow)](https:\u002F\u002Ftwitter.com\u002Fjay_townsend1) Jay \"L1ghtn1ng\" Townsend @jay_townsend1\n* [![Twitter Follow](https:\u002F\u002Fimg.shields.io\u002Ftwitter\u002Ffollow\u002Fdiscoverscripts.svg?style=social&label=Follow)](https:\u002F\u002Ftwitter.com\u002Fdiscoverscripts) Lee Baird @discoverscripts\n\n\nThanks\n------\n* John Matherly - Shodan project\n* Ahmed Aboul Ela - subdomain names dictionaries (big and small)\n","theHarvester 是一款用于红队评估或渗透测试中侦察阶段的开源情报（OSINT）收集工具。它通过利用多个公开资源，如搜索引擎、证书透明度日志和域名研究工具等，来搜集目标域的电子邮件地址、子域名、IP 地址及URL等信息，帮助安全团队了解外部威胁态势。该工具支持Python 3.12及以上版本，并提供了Docker镜像以简化部署流程。适用于需要进行网络安全评估、资产发现或是增强组织防御能力的各种场景。",2,"2026-06-11 02:51:10","top_language"]