theHarvester Domain OSINT - Subdomains, Hosts & Emails avatar

theHarvester Domain OSINT - Subdomains, Hosts & Emails

Pricing

$50.00 / 1,000 domain harvesteds

Try for free
Go to Apify Store
theHarvester Domain OSINT - Subdomains, Hosts & Emails

theHarvester Domain OSINT - Subdomains, Hosts & Emails

Try for free

Run theHarvester (the standard open-source OSINT tool) on any domain: discover subdomains, hosts, IPs and emails from free public sources (crt.sh, Certspotter, HackerTarget, DuckDuckGo). For recon, attack-surface mapping and due diligence.

Pricing

$50.00 / 1,000 domain harvesteds

Rating

0.0

(0)

Developer

daehwan kim

daehwan kim

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

19 hours ago

Last modified

Categories

Developer tools

Business

Share

theHarvester Domain OSINT — Subdomains, Hosts, IPs & Emails

Run theHarvester — the standard open-source OSINT tool — on any domain, with zero setup and no API keys. Discover subdomains, hosts, IPs and emails gathered from free public sources.

Built for security recon, attack-surface mapping, penetration testing (authorized), and due diligence.

This Actor wraps the open-source theHarvester (GPL-2.0) and is not affiliated with the original project. It queries only free, key-free public sources. Use only on domains you own or are authorized to investigate. Comply with GDPR, PIPA, CCPA and applicable laws.

Why this Actor

  • theHarvester, zero setup — no install, no API keys, no config
  • Free public sources — crt.sh, Certspotter, HackerTarget, DuckDuckGo, and more
  • Subdomain & host discovery — map a domain's public footprint fast
  • Bulk — up to 10 domains per run
  • Structured JSON — hosts, IPs, emails separated and de-duplicated
  • Pay per result — $0.05 per domain investigated. No subscription.

Input

FieldTypeDescription
domainsarrayUp to 10 bare domains (e.g. example.com)
domainstringSingle-domain alternative
sourcesarrayFree sources to query (default: crtsh, certspotter, hackertarget). Key-requiring sources are intentionally excluded.
limitintegerMax results per source (default 200)
{
  "domains": ["example.com"],
  "sources": ["crtsh", "certspotter", "hackertarget"],
  "limit": 200
}

Output

One dataset item per domain: domain, hostCount, ipCount, emailCount, hosts, ips, emails, sourcesUsed, errors, scannedAt.

Use cases

  • Attack-surface mapping — enumerate subdomains and hosts of an in-scope target
  • Security recon — initial footprinting phase of an authorized engagement
  • M&A / vendor due diligence — understand a company's external infrastructure
  • Brand monitoring — track subdomains appearing in public sources

A note on sources

Sources that require paid/registered API keys (Shodan, Hunter, IntelX, Brave, Censys, etc.) are not included — this Actor is designed to work out of the box with free sources only. Some sources may rate-limit or return partial data; errors are reported per run in the errors field.

Disclaimer

For informational and authorized security purposes only. Not legal advice. Results come from public sources and may contain false positives. The operator is not responsible for misuse or for decisions made from these results.

You might also like

NetIntel - IP + Domain Intelligence | WHOIS DNS Geo Port avatar

NetIntel - IP + Domain Intelligence | WHOIS DNS Geo Port

anshumanatrey/netintel

Unified IP & domain intelligence tool. Get WHOIS, DNS, GeoIP, reputation & port scan data with confidence scores. Reduce false positives by 90%.

User avatar

Anshuman Atrey

4

Holehe Email OSINT - Find Registered Accounts avatar

Holehe Email OSINT - Find Registered Accounts

anshumanatrey/holehe-email-osint

Check if an email is registered on 120+ platforms (Instagram, Twitter, GitHub, Discord, etc.) without alerting the target. Perfect for OSINT investigations, security research, and email verification.

User avatar

Anshuman Atrey

1.1K

5.0

(4)

theHarvester Cloud - Email + Subdomain OSINT | 54 Sources Bulk avatar

theHarvester Cloud - Email + Subdomain OSINT | 54 Sources Bulk

anshumanatrey/theharvester-osint

Cloud-hosted theHarvester OSINT tool. Harvest emails, subdomains, IPs, URLs and ASNs from 54+ public sources (Shodan, Censys, crt.sh, VirusTotal, SecurityTrails, GitHub, hunter.io). Full CLI feature parity — DNS brute force, subdomain takeover, screenshots. $0.003 per record harvested.

User avatar

Anshuman Atrey

4

Social Analyzer - Username OSINT Across 900+ Sites | Bulk avatar

Social Analyzer - Username OSINT Across 900+ Sites | Bulk

anshumanatrey/social-analyzer

Cloud-hosted social-analyzer by qeeqbox. Find a username across 900+ social media and online platforms — confidence scored, country/category tagged, metadata extracted. One dataset record per detected profile. $0.005 per record.

User avatar

Anshuman Atrey

12

UPI ID OSINT - Phone to UPI VPAs + Bank Names (India) avatar

UPI ID OSINT - Phone to UPI VPAs + Bank Names (India)

anshumanatrey/upi-id-osint

Direct UPI OSINT lookup. Phone number → all active UPI VPAs across PhonePe, Paytm, BHIM, GPay etc. + full bank-registered name from NPCI. No guessing, no scraping. Razorpay + PayU validateVPA backends.

User avatar

Anshuman Atrey

3

Gitleaks Cloud - GitHub API Key Hunter & Secret Scanner avatar

Gitleaks Cloud - GitHub API Key Hunter & Secret Scanner

anshumanatrey/gitleaks-github-secret-scanner

Hunt leaked API keys across GitHub. Pick a known platform (36 services: Razorpay, Stripe, AWS, OpenAI, Anthropic, Cashfree, PayU, Surepass, Decentro, Karza, Attestr, Tartan +24 more), a keyword (auto-expanded), or a regex. Scan a repo, org, or all of GitHub. PAT unlocks fast Code Search.

User avatar

Anshuman Atrey

2

Instagram Profile Scraper No Login - Bio + Emails + 25 Fields avatar

Instagram Profile Scraper No Login - Bio + Emails + 25 Fields

anshumanatrey/instagram-profile-intel-no-login

No login no cookies Instagram profile scraper for B2B lead generation. Bio emails (MX-validated), phones, multi-link bios, engagement quality, account age, posting patterns, cross-platform check (8 platforms), tech stack, niche. 25+ structured fields per username.

User avatar

Anshuman Atrey

2

Zomato Restaurant Scraper - City, Cuisine, Contact avatar

Zomato Restaurant Scraper - City, Cuisine, Contact

anshumanatrey/zomato-restaurant-scraper

Scrape restaurants from any Zomato city page. Each restaurant pushed as one record with name, phone, address, cuisines, rating, cost for two. Built for B2B sales, food-tech research, ghost kitchen analysis, and restaurant competitor intelligence.

User avatar

Anshuman Atrey

2

Nmap Cloud Scanner - Port Scanner + Service Detection | Bulk avatar

Nmap Cloud Scanner - Port Scanner + Service Detection | Bulk

anshumanatrey/nmap-scanner

Cloud-hosted nmap (industry-standard network scanner by Fyodor). TCP connect port scans, service/version detection, NSE scripts. Results streamed as structured dataset records — one row per discovered port. $0.005 per record. Authorize scans before running.

User avatar

Anshuman Atrey

2

Bug Bounty Finder - HackerOne + Bugcrowd + security.txt avatar

Bug Bounty Finder - HackerOne + Bugcrowd + security.txt

anshumanatrey/bug-bounty-finder

Find every public bug bounty / responsible disclosure program for a target. Aggregates HackerOne directory + Bugcrowd engagements + target /.well-known/security.txt. Daily-use lookup for bug bounty hunters — know if a target has a program before hunting.

User avatar

Anshuman Atrey

4