{"id":13469241,"url":"https://github.com/Te-k/harpoon","last_synced_at":"2025-03-26T06:32:01.800Z","repository":{"id":38849653,"uuid":"104700494","full_name":"Te-k/harpoon","owner":"Te-k","description":"CLI tool for open source and threat intelligence","archived":false,"fork":false,"pushed_at":"2025-02-27T18:31:32.000Z","size":830,"stargazers_count":1199,"open_issues_count":73,"forks_count":180,"subscribers_count":50,"default_branch":"main","last_synced_at":"2025-03-15T19:03:34.899Z","etag":null,"topics":["osint","osint-framework","threat-intelligence","threatintel"],"latest_commit_sha":null,"homepage":"https://www.randhome.io/blog/2018/02/23/harpoon-an-osint-/-threat-intelligence-tool/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Te-k.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-09-25T03:43:25.000Z","updated_at":"2025-03-15T11:53:02.000Z","dependencies_parsed_at":"2023-12-13T00:29:44.176Z","dependency_job_id":"c1c352a8-bbfb-430a-b917-bd62262f88a2","html_url":"https://github.com/Te-k/harpoon","commit_stats":{"total_commits":335,"total_committers":17,"mean_commits":"19.705882352941178","dds":"0.15820895522388057","last_synced_commit":"c42961c2d1b2dc13857b2eb23398699e07285a72"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Te-k%2Fharpoon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Te-k%2Fharpoon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Te-k%2Fharpoon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Te-k%2Fharpoon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Te-k","download_url":"https://codeload.github.com/Te-k/harpoon/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245007240,"owners_count":20546143,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["osint","osint-framework","threat-intelligence","threatintel"],"created_at":"2024-07-31T15:01:30.214Z","updated_at":"2025-03-26T06:32:01.793Z","avatar_url":"https://github.com/Te-k.png","language":"Python","readme":"# Harpoon\n\nOSINT / Threat Intel CLI tool.\n\n[![PyPI](https://img.shields.io/pypi/v/harpoon)](https://pypi.org/project/harpoon/) [![PyPI - Downloads](https://img.shields.io/pypi/dm/harpoon)](https://pypistats.org/packages/harpoon) [![PyPI - License](https://img.shields.io/pypi/l/harpoon)](LICENSE) [![GitHub issues](https://img.shields.io/github/issues/te-k/harpoon)](https://github.com/Te-k/harpoon/issues)\n\n\u003cimg src=\"logo.png\" width=\"100\" height=\"100\"\u003e\n\n# Install\n\n## Requirements\n\nAs a pre-requesite for Harpoon, you need to install [lxml](https://lxml.de/installation.html) requirements, on Debian/Ubuntu : `sudo apt-get install libxml2-dev libxslt-dev python3-dev`. On Fedora: `sudo dnf install sqlite-devel automake bzip2 bzip2-devel bzip2-lib cython g++ gcc gcc-c++ kernel-devel libffi-devel libxlt libxml2 libxml2-devel libxslt libxslt-devel make openssl openssl-devel python3-dev python3-devel python3-lxml python-dev python-devel sqlite-devel`.\n\nYou need to have [geoipupdate](https://github.com/maxmind/geoipupdate) installed and [correctly configured](https://dev.maxmind.com/geoip/geoipupdate/) to use geolocation correctly (make sure you to have `GeoLite2-Country GeoLite2-City GeoLite2-ASN` as `EditionIDs`).\n\n## Installing harpoon\n\nYou can simply install the package from [pypi](https://pypi.org/project/harpoon/) with `pip install harpoon`\n\nIf the above install instructions didn't work, you can build the tool from source by executing the following commands in the terminal (this assumes you are using virtualenvs):\n\n```\ngit clone https://github.com/Te-k/harpoon.git\ncd harpoon\npip3 install .\n```\n\nYou may want to install [harpoontools](https://github.com/Te-k/harpoontools) to have additional commands using harpoon features.\n\n## Configuration\n\nTo configure harpoon, run `harpoon config` and fill in the needed API keys.\n\nThen run `harpoon update` to download needed files. Check what plugins are configured with `harpoon config -c`.\n\nSee the [wiki](https://github.com/Te-k/harpoon/wiki) for more information.\n\n## Updating Harpoon\n\nIf you installed harpoon from [pypi](https://pypi.org/project/harpoon/), just do `pip install -U harpoon`.\n\nIf you installed harpoon from the git repository, go to the repository and use the following commands:\n```\ngit pull origin master\npip install .\n```\n\n# Usage\n\nAfter configuration the following plugins are available within the `harpoon` command:\n\n```\n    asn                 Gather information on an ASN\n    binaryedge          Request BinaryEdge API\n    cache               Requests webpage cache from different sources\n    censys              Request information from Censys database (https://censys.io/)\n    certspotter         Get certificates from https://sslmate.com/certspotter\n    circl               Request the CIRCL passive DNS database\n    config              Configure Harpoon\n    crtsh               Search in https://crt.sh/ (Certificate Transparency database)\n    cybercure           Search cybercure.ai intelligence database for specific indicators.\n    dns                 Map DNS information for a domain or an IP\n    dnsdb               Requests Farsight DNSDB\n    email               Gather information on an email address\n    fullcontact         Requests Full Contact API (https://www.fullcontact.com/)\n    github              Request Github information through the API\n    greynoise           Request information from GreyNoise API (pick Community or Enterprise via api_type config)\n    hashlookup          Request CIRCL Hash Lookup db\n    help                Give help on an Harpoon command\n    hibp                Request Have I Been Pwned API (https://haveibeenpwned.com/)\n    hunter              Request hunter.io information through the API\n    hybrid              Requests Hybrid Analysis platform\n    intel               Gather information on a domain\n    ip                  Gather information on an IP address\n    ipinfo              Request ipinfo.io information\n    ip2locationio       Request IP2Location.io information\n    koodous             Request Koodous API\n    malshare            Requests MalShare database\n    misp                Get information from a MISP server through the API\n    numverify           Query phone number information from NumVerify\n    opencage            Forward/Reverse Geocoding using OpenCage\n    otx                 Requests information from AlienVault OTX\n    permacc             Request Perma.cc information through the API\n    pgp                 Search for information in PGP key servers\n    pt                  Requests Passive Total database\n    pulsedive           Request PulseDive API\n    quad9               Check if a domain is blocked by Quad9\n    robtex              Search in Robtex API (https://www.robtex.com/api/)\n    safebrowsing        Check if the given domain is in Google safe Browsing list\n    save                Save a webpage in cache platforms\n    securitytrails      Requests SecurityTrails database\n    shodan              Requests Shodan API\n    spyonweb            Search in SpyOnWeb through the API\n    subdomains          Research subdomains of a domain\n    telegram            Request information from Telegram through the API\n    threatcrowd         Request the ThreatCrowd API\n    threatgrid          Request Threat Grid API\n    threatminer         Requests TreatMiner database https://www.threatminer.org/\n    tor                 Check if an IP is a Tor exit node listed in the public list\n    totalhash           Request Total Hash API\n    twitter             Requests Twitter API\n    umbrella            Check if a domain is in Umbrella Top 1 million domains\n    update              Update Harpoon data\n    urlhaus             Request urlhaus.abuse.ch API\n    urlscan             Search and submit urls to urlscan.io\n    vt                  Request Virus Total API\n    xforce              Query IBM Xforce Exchange API\n    zetalytics          Search in Zetalytics database\n```\n\nYou can get information on each command with `harpoon help COMMAND`\n\n## Access Keys\n\n* [AlienVault OTX](https://otx.alienvault.com/)\n* [BinaryEdge](https://www.binaryedge.io/)\n* [Censys](https://censys.io/register)\n* [CertSpotter](https://sslmate.com/certspotter/pricing) : paid plans provide search in expired certificates (little interests imho, just use crtsh or censys). You don't need an account for current certificates\n* [CIRCL Passive DNS](https://www.circl.lu/services/passive-dns/)\n* [Farsight Dnsdb](https://www.farsightsecurity.com/dnsdb-community-edition/)\n* [FullContact](https://dashboard.fullcontact.com/register)\n* [GreyNoise](https://viz.greynoise.io/account) : supports both Community and Enterprise API.  Use api_type config setting to specify which API type to use.  Both still require an API key to work.\n* [Have I Been Pwned](https://haveibeenpwned.com/)\n* [Hunter](https://hunter.io/users/sign_up)\n* [Hybrid Analysis](https://www.hybrid-analysis.com/apikeys/info)\n* [IBM Xforce Exchange](https://exchange.xforce.ibmcloud.com/settings/api)\n* [ipinfo.io](https://ipinfo.io/)\n* [IP2Location.io](https://www.ip2location.io/)\n* [Koodous](https://koodous.com/)\n* [MalShare](https://malshare.com/register.php)\n* [NumVerify](https://numverify.com/)\n* [OpenCage](https://opencagedata.com/)\n* [PassiveTotal](https://community.riskiq.com/registration)\n* [Permacc](https://perma.cc/)\n* [PulseDive](https://pulsedive.com/)\n* [Security Trails](https://securitytrails.com/)\n* [Shodan](https://account.shodan.io/register)\n* [SpyOnWeb](https://api.spyonweb.com/)\n* Telegram : [Create an application](https://core.telegram.org/api/obtaining_api_id)\n* [Total Hash](https://totalhash.cymru.com/contact-us/)\n* [Twitter](https://developer.twitter.com/en/docs/ads/general/guides/getting-started)\n* [UrlHaus](https://urlhaus.abuse.ch/api/#account)\n* [UrlScan](https://urlscan.io/)\n* Virus Total : for public, create an account and get the API key in the [Settings page](https://www.virustotal.com/#/settings/apikey)\n* [Zetalytics](https://zetalytics.com/)\n\n## Contributions\n\nThanks to people who helped improving Harpoon : [@jakubd](https://github.com/jakubd) [@marrouchi](https://github.com/marrouchi) [@grispan56](https://github.com/grispan56) [@christalib](https://github.com/christalib)\n\nCredits for the logo goes to [@euphoricfall](https://twitter.com/euphoricfall) and the [PulseDive team](https://pulsedive.com/)\n\n## License\n\nThis code is released under [GPLv3](LICENSE) license.\n","funding_links":[],"categories":["Python","[](#table-of-contents) Table of contents"],"sub_categories":["[](#netflix)Netflix"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTe-k%2Fharpoon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FTe-k%2Fharpoon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTe-k%2Fharpoon/lists"}