VOOZH about

URL: https://apify.com/ntriqpro/theharvester-osint

⇱ theHarvester Domain OSINT - Subdomains, Hosts & Emails Β· Apify

πŸ‘ theHarvester Domain OSINT - Subdomains, Hosts & Emails avatar

theHarvester Domain OSINT - Subdomains, Hosts & Emails

Pricing

$50.00 / 1,000 domain harvesteds

Go to Apify Store

theHarvester Domain OSINT - Subdomains, Hosts & Emails

Run theHarvester (the standard open-source OSINT tool) on any domain: discover subdomains, hosts, IPs and emails from free public sources (crt.sh, Certspotter, HackerTarget, DuckDuckGo). For recon, attack-surface mapping and due diligence.

Pricing

$50.00 / 1,000 domain harvesteds

Rating

0.0

(0)

Developer

πŸ‘ daehwan kim

daehwan kim

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

17 days ago

Last modified

Share

theHarvester Domain OSINT β€” Subdomains, Hosts, IPs & Emails

Run theHarvester β€” the standard open-source OSINT tool β€” on any domain, with zero setup and no API keys. Discover subdomains, hosts, IPs and emails gathered from free public sources.

Built for security recon, attack-surface mapping, penetration testing (authorized), and due diligence.

This Actor wraps the open-source theHarvester (GPL-2.0) and is not affiliated with the original project. It queries only free, key-free public sources. Use only on domains you own or are authorized to investigate. Comply with GDPR, PIPA, CCPA and applicable laws.

Why this Actor

  • theHarvester, zero setup β€” no install, no API keys, no config
  • Free public sources β€” crt.sh, Certspotter, HackerTarget, DuckDuckGo, and more
  • Subdomain & host discovery β€” map a domain's public footprint fast
  • Bulk β€” up to 10 domains per run
  • Structured JSON β€” hosts, IPs, emails separated and de-duplicated
  • Pay per result β€” $0.05 per domain investigated. No subscription.

Input

FieldTypeDescription
domainsarrayUp to 10 bare domains (e.g. example.com)
domainstringSingle-domain alternative
sourcesarrayFree sources to query (default: crtsh, certspotter, hackertarget). Key-requiring sources are intentionally excluded.
limitintegerMax results per source (default 200)
{
"domains":["example.com"],
"sources":["crtsh","certspotter","hackertarget"],
"limit":200
}

Output

One dataset item per domain: domain, hostCount, ipCount, emailCount, hosts, ips, emails, sourcesUsed, errors, scannedAt.

Use cases

  • Attack-surface mapping β€” enumerate subdomains and hosts of an in-scope target
  • Security recon β€” initial footprinting phase of an authorized engagement
  • M&A / vendor due diligence β€” understand a company's external infrastructure
  • Brand monitoring β€” track subdomains appearing in public sources

A note on sources

Sources that require paid/registered API keys (Shodan, Hunter, IntelX, Brave, Censys, etc.) are not included β€” this Actor is designed to work out of the box with free sources only. Some sources may rate-limit or return partial data; errors are reported per run in the errors field.

Disclaimer

For informational and authorized security purposes only. Not legal advice. Results come from public sources and may contain false positives. The operator is not responsible for misuse or for decisions made from these results.

You might also like

theHarvester Cloud - Email + Subdomain OSINT | 54 Sources Bulk

anshumanatrey/theharvester-osint

Cloud-hosted theHarvester OSINT tool. Harvest emails, subdomains, IPs, URLs and ASNs from 54+ public sources (Shodan, Censys, crt.sh, VirusTotal, SecurityTrails, GitHub, hunter.io). Full CLI feature parity β€” DNS brute force, subdomain takeover, screenshots. $0.003 per record harvested.

πŸ‘ User avatar

Anshuman Atrey

9

crt.sh Certificate Transparency Scraper

parseforge/crtsh-certificate-transparency-scraper

Search the crt.sh certificate transparency logs for any domain you control and surface the hosts behind it. Each record carries the common name, every subject alternative name, the issuing authority, serial number, and validity window. Built for attack surface mapping and asset inventory.

Domain OSINT Recon

prooflio/domain-osint-recon

Aggregates WHOIS, DNS records, certificate-transparency subdomains and PTR records for a domain into one structured report.

2

5.0

Subdomain Finder - Discover Subdomains via CT Logs

logiover/subdomain-finder

Discover every subdomain of any domain using Certificate Transparency logs (crt.sh). Fast bulk subdomain enumeration for security recon, attack-surface mapping, asset discovery and SEO. No API key β€” export to CSV or JSON.

Subdomain Finder & Reverse IP

canadesk/subdomain-finder-reverse-ip

Enumerate Subdomains and Reverse IPs with RapidDNS, Anubis, AlienVault and crt.sh! It's fast and costs little.

πŸ‘ User avatar

Canadesk Support

221

Scout β€” Lead Enrichment + OSINT

logical_vivacity/scout

Email finder + lead enrichment + OSINT from public sources. Pass any fragment — name, email, or domain — get a verified dossier: 700+ identity sites, SMTP-validated emails, document mining, sanctions screen, domain→team discovery. $0.05 person, $0.15 domain. No API keys

πŸ‘ User avatar

Logical Vivacity

113

Easy Email Finder - Find Emails By Company Domain

dxbear/easy-email-finder

Find emails for any domain from public web sources fast and easy

Related articles

Web scraping social media for OSINT
Read more