{"id":13459332,"url":"https://github.com/projectdiscovery/uncover","last_synced_at":"2025-05-12T13:29:02.391Z","repository":{"id":36964573,"uuid":"465344326","full_name":"projectdiscovery/uncover","owner":"projectdiscovery","description":"Quickly discover exposed hosts on the internet using multiple search engines.","archived":false,"fork":false,"pushed_at":"2025-04-25T11:08:12.000Z","size":1090,"stargazers_count":2597,"open_issues_count":13,"forks_count":222,"subscribers_count":36,"default_branch":"main","last_synced_at":"2025-05-08T00:45:56.612Z","etag":null,"topics":["asm","attack-surface","bugbounty","cli","osint","recon","reconnaissance"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/projectdiscovery.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-03-02T14:40:44.000Z","updated_at":"2025-05-07T10:14:19.000Z","dependencies_parsed_at":"2024-02-05T17:30:07.010Z","dependency_job_id":"60650ff9-52d9-4a19-9af1-aee23e1fd11b","html_url":"https://github.com/projectdiscovery/uncover","commit_stats":{"total_commits":356,"total_committers":26,"mean_commits":"13.692307692307692","dds":0.3651685393258427,"last_synced_commit":"3ad5bf034492ce7f533dfa918b8cb6f472ccd791"},"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Funcover","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Funcover/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Funcover/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Funcover/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/projectdiscovery","download_url":"https://codeload.github.com/projectdiscovery/uncover/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253747431,"owners_count":21957756,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["asm","attack-surface","bugbounty","cli","osint","recon","reconnaissance"],"created_at":"2024-07-31T09:01:16.293Z","updated_at":"2025-05-12T13:29:02.362Z","avatar_url":"https://github.com/projectdiscovery.png","language":"Go","readme":"\u003ch1 align=\"center\"\u003e\n\u003cimg src=\"https://user-images.githubusercontent.com/8293321/211795814-5dc72ad0-9539-4bf5-af5a-f806025e1bda.png\" width=\"200px\"\u003e\n\u003cbr\u003e\n\u003c/h1\u003e\n\n\n\u003ch4 align=\"center\"\u003eQuickly discover exposed hosts on the internet using multiple search engines.\u003c/h4\u003e\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://img.shields.io/github/go-mod/go-version/projectdiscovery/uncover\"\u003e\n\u003ca href=\"https://github.com/projectdiscovery/uncover/issues\"\u003e\u003cimg src=\"https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/projectdiscovery/uncover/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/release/projectdiscovery/uncover\"\u003e\u003c/a\u003e\n\u003ca href=\"https://twitter.com/pdiscoveryio\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/pdiscoveryio.svg?logo=twitter\"\u003e\u003c/a\u003e\n\u003ca href=\"https://discord.gg/projectdiscovery\"\u003e\u003cimg src=\"https://img.shields.io/discord/695645237418131507.svg?logo=discord\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#features\"\u003eFeatures\u003c/a\u003e •\n  \u003ca href=\"#installation-instructions\"\u003eInstallation\u003c/a\u003e •\n  \u003ca href=\"#usage\"\u003eUsage\u003c/a\u003e •\n  \u003ca href=\"#provider-configuration\"\u003eConfiguration\u003c/a\u003e •\n  \u003ca href=\"#running-uncover\"\u003eRunning Uncover\u003c/a\u003e •\n  \u003ca href=\"https://discord.gg/projectdiscovery\"\u003eJoin Discord\u003c/a\u003e\n\u003c/p\u003e\n\n\n---\n\n**uncover** is a go wrapper using APIs of well known search engines to quickly discover exposed hosts on the internet. It is built with automation in mind, so you can query it and utilize the results with your current pipeline tools.\n\n# Features\n\n\u003ch1 align=\"center\"\u003e\n  \u003cimg src=\"https://user-images.githubusercontent.com/8293321/156347215-a9ed00c2-4161-4773-9372-29fc32200f6a.png\" alt=\"httpx\" width=\"700px\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n\u003c/h1\u003e\n\n- Query multiple search engine at once\n- Available Search engine support\n  - **[Shodan](https://www.shodan.io)**\n  - **[Censys](https://search.censys.io)**\n  - **[FOFA](https://fofa.info)**\n  - **[Hunter](https://hunter.qianxin.com)**\n  - **[Quake](https://quake.360.net/quake/#/index)**\n  - **ZoomEye [china](https://zoomeye.org) - [worldwide](https://zoomeye.hk)**\n  - **[Netlas](https://netlas.io/)**\n  - **[CriminalIP](https://www.criminalip.io)**\n  - **[PublicWWW](https://publicwww.com)**\n  - **[HunterHow](https://hunter.how)**\n  - **[Google](https://www.google.com)**\n- Multiple API key input support\n- Automatic API key randomization\n- **stdin** / **stdout** support for input\n\n## Installation Instructions\n\nuncover requires **go1.21** to install successfully. Run the following command to get the repo -\n\n```sh\ngo install -v github.com/projectdiscovery/uncover/cmd/uncover@latest\n```\n\n## Usage\n\n```sh\nuncover -h\n```\n\nThis will display help for the tool. Here are all the flags it supports:\n\n```console\nUsage:\n  ./uncover [flags]\n\nFlags:\nINPUT:\n   -q, -query string[]   search query, supports: stdin,file,config input (example: -q 'example query', -q 'query.txt')\n   -e, -engine string[]  search engine to query (shodan,shodan-idb,fofa,censys,quake,hunter,zoomeye,netlas,criminalip,publicwww,hunterhow,google) (default shodan)\n   -asq, -awesome-search-queries string[]  use awesome search queries to discover exposed assets on the internet (example: -asq 'jira')\n\nSEARCH-ENGINE:\n   -s, -shodan string[]       search query for shodan (example: -shodan 'query.txt')\n   -sd, -shodan-idb string[]  search query for shodan-idb (example: -shodan-idb 'query.txt')\n   -ff, -fofa string[]        search query for fofa (example: -fofa 'query.txt')\n   -cs, -censys string[]      search query for censys (example: -censys 'query.txt')\n   -qk, -quake string[]       search query for quake (example: -quake 'query.txt')\n   -ht, -hunter string[]      search query for hunter (example: -hunter 'query.txt')\n   -ze, -zoomeye string[]     search query for zoomeye (example: -zoomeye 'query.txt')\n   -ne, -netlas string[]      search query for netlas (example: -netlas 'query.txt')\n   -cl, -criminalip string[]  search query for criminalip (example: -criminalip 'query.txt')\n   -pw, -publicwww string[]   search query for publicwww (example: -publicwww 'query.txt')\n   -hh, -hunterhow string[]   search query for hunterhow (example: -hunterhow 'query.txt')\n   -gg, -google string[]       search query for google (example: -google 'query.txt')\n\nCONFIG:\n   -pc, -provider string         provider configuration file (default \"$CONFIG/uncover/provider-config.yaml\")\n   -config string                flag configuration file (default \"$CONFIG/uncover/config.yaml\")\n   -timeout int                  timeout in seconds (default 30)\n   -rl, -rate-limit int          maximum number of http requests to send per second\n   -rlm, -rate-limit-minute int  maximum number of requests to send per minute\n   -retry int                    number of times to retry a failed request (default 2)\n\nOUTPUT:\n   -o, -output string  output file to write found results\n   -f, -field string   field to display in output (ip,port,host) (default \"ip:port\")\n   -j, -json           write output in JSONL(ines) format\n   -r, -raw            write raw output as received by the remote api\n   -l, -limit int      limit the number of results to return (default 100)\n   -nc, -no-color      disable colors in output\n\nDEBUG:\n   -silent   show only results in output\n   -version  show version of the project\n   -v        show verbose output\n```\n\n## Using uncover as library\n\nExample of using uncover as library is provided in [examples](examples/main.go) directory.\n\n## Provider Configuration\n\nThe default provider configuration file should be located at `$CONFIG/uncover/provider-config.yaml` and has the following contents as an example.\n\n\n\u003e **Note**: API keys are required and must be configured before running uncover.\n\n```yaml\nshodan:\n  - SHODAN_API_KEY_1\n  - SHODAN_API_KEY_2\ncensys:\n  - CENSYS_API_ID_1:CENSYS_API_SECRET_1\n  - CENSYS_API_ID_2:CENSYS_API_SECRET_2\nfofa:\n  - FOFA_EMAIL_1:FOFA_KEY_1\n  - FOFA_EMAIL_2:FOFA_KEY_2\nquake:\n  - QUAKE_TOKEN_1\n  - QUAKE_TOKEN_2\nhunter:\n  - HUNTER_API_KEY_1\n  - HUNTER_API_KEY_2\nzoomeye:\n  - ZOOMEYE_API_KEY_1:zoomeye.hk\n  - ZOOMEYE_API_KEY_2\nnetlas:\n  - NETLAS_API_KEY_1\n  - NETLAS_API_KEY_2\ncriminalip:\n  - CRIMINALIP_API_KEY_1\n  - CRIMINALIP_API_KEY_2\npublicwww:\n  - PUBLICWWW_API_KEY_1\n  - PUBLICWWW_API_KEY_2\nhunterhow:\n  - HUNTERHOW_API_KEY_1 \n  - HUNTERHOW_API_KEY_2\ngoogle:\n  - GOOGLE_API_KEY_1:Google_API_CX_1\n  - GOOGLE_API_KEY_2:Google_API_CX_2\n```\n\nWhen multiple keys/credentials are specified for same provider in the config file, random key will be used for each execution.\n\nalternatively you can also set the API key as environment variable in your bash profile.\n\n```yaml\nexport SHODAN_API_KEY=xxx\nexport CENSYS_API_ID=xxx\nexport CENSYS_API_SECRET=xxx\nexport FOFA_EMAIL=xxx\nexport FOFA_KEY=xxx\nexport QUAKE_TOKEN=xxx\nexport HUNTER_API_KEY=xxx\nexport ZOOMEYE_API_KEY=xxx\nexport NETLAS_API_KEY=xxx\nexport CRIMINALIP_API_KEY=xxx\nexport PUBLICWWW_API_KEY=xxx\nexport HUNTERHOW_API_KEY=xxx\nexport GOOGLE_API_KEY=xxx\nexport GOOGLE_API_CX=xxx\n```\n\nRequired API keys can be obtained by signing up on following platform [Shodan](https://account.shodan.io/register), [Censys](https://censys.io/register), [Fofa](https://fofa.info/toLogin), [Quake](https://quake.360.net/quake/#/index), [Hunter](https://user.skyeye.qianxin.com/user/register?next=https%3A//hunter.qianxin.com/api/uLogin\u0026fromLogin=1), ZoomEye [china](https://api.zoomeye.org) - [worldwide](https://api.zoomeye.hk), [Netlas](https://app.netlas.io/registration/), [CriminalIP](https://www.criminalip.io/register), [Publicwww](https://publicwww.com/profile/signup.html) and Google [[1]](https://developers.google.com/custom-search/v1/introduction#identify_your_application_to_google_with_api_key),[[2]](https://programmablesearchengine.google.com/controlpanel/create).\n\n\n### ZoomEye API\n\n Before conducting any scans, please ensure you are using the correct host to comply with geographical access restrictions of the ZoomEye API:\n\n - **zoomeye.org** is exclusively for users within China.\n - **zoomeye.hk** is for users outside China (this is default if no host provided).\n\n\n## Running Uncover\n\n### Default run:\n\n**uncover** supports multiple ways to make the query including **stdin** or `q` flag, as default `shodan` engine is used for search if no engine is specified.\n\n```console\necho 'ssl:\"Uber Technologies, Inc.\"' | uncover \n                                        \n  __  ______  _________ _   _____  _____\n / / / / __ \\/ ___/ __ \\ | / / _ \\/ ___/\n/ /_/ / / / / /__/ /_/ / |/ /  __/ /    \n\\__,_/_/ /_/\\___/\\____/|___/\\___/_/ v0.0.9    \n                                        \n\n\t\tprojectdiscovery.io\n\n[WRN] Use with caution. You are responsible for your actions\n[WRN] Developers assume no liability and are not responsible for any misuse or damage.\n[WRN] By using uncover, you also agree to the terms of the APIs used.\n\n107.180.12.116:993\n107.180.26.155:443\n104.244.99.31:443\n161.28.20.79:443\n104.21.8.108:443\n198.71.233.203:443\n104.17.237.13:443\n162.255.165.171:443\n12.237.119.61:443\n192.169.250.211:443\n104.16.251.50:443\n```\n\nRunning **uncover**  with **file** input containing multiple search queries per line.\n\n```console\ncat dorks.txt\n\nssl:\"Uber Technologies, Inc.\"\ntitle:\"Grafana\"\n```\n\n```console\nuncover -q dorks.txt\n                                        \n  __  ______  _________ _   _____  _____\n / / / / __ \\/ ___/ __ \\ | / / _ \\/ ___/\n/ /_/ / / / / /__/ /_/ / |/ /  __/ /    \n\\__,_/_/ /_/\\___/\\____/|___/\\___/_/ v0.0.9    \n                                        \n\n    projectdiscovery.io\n\n[WRN] Use with caution. You are responsible for your actions\n[WRN] Developers assume no liability and are not responsible for any misuse or damage.\n[WRN] By using uncover, you also agree to the terms of the APIs used.\n\n107.180.12.116:993\n107.180.26.155:443\n104.244.99.31:443\n161.28.20.79:443\n104.21.8.108:443\n198.71.233.203:443\n2607:7c80:54:3::74:3001\n104.198.55.35:80\n46.101.82.244:3000\n34.147.126.112:80\n138.197.147.213:8086\n```\n\n### Single query against multiple search engine\n\n\n**uncover** supports multiple search engine, as default **shodan** is used, `-e` flag can be used to run same query against any or all search engines.\n\n```console\necho jira | uncover -e shodan,censys,fofa,quake,hunter,zoomeye,netlas,criminalip\n\n  __  ______  _________ _   _____  _____\n / / / / __ \\/ ___/ __ \\ | / / _ \\/ ___/\n/ /_/ / / / / /__/ /_/ / |/ /  __/ /    \n\\__,_/_/ /_/\\___/\\____/|___/\\___/_/ v0.0.9  \n                                        \n\n    projectdiscovery.io\n\n[WRN] Use with caution. You are responsible for your actions\n[WRN] Developers assume no liability and are not responsible for any misuse or damage.\n[WRN] By using uncover, you also agree to the terms of the APIs used.\n\n176.31.249.189:5001\n13.211.116.80:443\n43.130.1.221:631\n192.195.70.29:443\n52.27.22.181:443\n117.48.120.226:8889\n106.52.115.145:49153\n13.69.135.128:443\n193.35.99.158:443\n18.202.109.218:8089\n101.36.105.97:21379\n42.194.226.30:2626\n```\n\n### Multiple query against multiple search engine\n\n\n```console\nuncover -shodan 'http.component:\"Atlassian Jira\"' -censys 'services.software.product=`Jira`' -fofa 'app=\"ATLASSIAN-JIRA\"' -quake 'Jira' -hunter 'Jira' -zoomeye 'app:\"Atlassian JIRA\"' -netlas 'jira' -criminalip 'Jira'\n\n  __  ______  _________ _   _____  _____\n / / / / __ \\/ ___/ __ \\ | / / _ \\/ ___/\n/ /_/ / / / / /__/ /_/ / |/ /  __/ /    \n\\__,_/_/ /_/\\___/\\____/|___/\\___/_/ v0.0.9\n                                        \n\n    projectdiscovery.io\n\n[WRN] Use with caution. You are responsible for your actions\n[WRN] Developers assume no liability and are not responsible for any misuse or damage.\n[WRN] By using uncover, you also agree to the terms of the APIs used.\n\n104.68.37.129:443\n162.222.160.42:443\n34.255.84.133:443\n52.204.121.166:443\n23.198.29.120:443\n136.156.180.95:443\n54.194.233.15:443\n104.117.55.155:443\n149.81.4.6:443\n54.255.218.95:443\n3.223.137.57:443\n83.228.124.171:443\n23.202.195.82:443\n52.16.59.25:443\n18.159.145.227:443\n104.105.53.236:443\n```\n\n\n### Shodan-InternetDB API\n\n**uncover** supports [shodan-internetdb](https://internetdb.shodan.io) API to pull available ports for given IP/CIDR input.\n\n`shodan-idb` used as **default** engine when **IP/CIDR** is provided as input, otherwise `shodan` search engine is used.\n\n```console\necho 51.83.59.99/24 | uncover\n\n  __  ______  _________ _   _____  _____\n / / / / __ \\/ ___/ __ \\ | / / _ \\/ ___/\n/ /_/ / / / / /__/ /_/ / |/ /  __/ /    \n\\__,_/_/ /_/\\___/\\____/|___/\\___/_/ v0.0.9  \n                                        \n\n    projectdiscovery.io\n\n[WRN] Use with caution. You are responsible for your actions\n[WRN] Developers assume no liability and are not responsible for any misuse or damage.\n[WRN] By using uncover, you also agree to the terms of the APIs used.\n\n51.83.59.1:53\n51.83.59.1:10000\n51.83.59.2:53\n51.83.59.3:25\n51.83.59.3:80\n51.83.59.3:389\n51.83.59.3:443\n51.83.59.3:465\n51.83.59.3:587\n51.83.59.3:993\n```\n\n### Field Format\n\n`-f, -field` flag can be used to indicate which fields to return, currently, `ip`, `port`, and `host` are supported and can be used to return desired fields.\n\n```console\nuncover -q jira -f host -silent\n\nec2-44-198-22-253.compute-1.amazonaws.com\nec2-18-246-31-139.us-west-2.compute.amazonaws.com\ntasks.devrtb.com\nleased-line-91-149-128-229.telecom.by\n74.242.203.213.static.inetbone.net\nec2-52-211-7-108.eu-west-1.compute.amazonaws.com\nec2-54-187-161-180.us-west-2.compute.amazonaws.com\n185-2-52-226.static.nucleus.be\nec2-34-241-80-255.eu-west-1.compute.amazonaws.com\n```\n\n### Field Formatting\n\n**uncover** has a `-f, -field` flag that can be used to customize the output format. For example, in the case of `uncover -f https://ip:port/version`, ip:port will be replaced with results in the output while keeping the format defined, It can also be used to specify a known scheme/path/file in order to prepare the output so that it can be immediately passed as input to other tools in the pipeline.\n\n\n```console\necho kubernetes | uncover -f https://ip:port/version -silent\n\nhttps://35.222.229.38:443/version\nhttps://52.11.181.228:443/version\nhttps://35.239.255.1:443/version\nhttps://34.71.48.11:443/version\nhttps://130.211.54.173:443/version\nhttps://54.184.250.232:443/version\n```\n\nOutput of **uncover** can be further piped to other projects in workflow accepting **stdin** as input, for example:\n\n\n- `uncover -q example -f ip | naabu` - Runs [naabu](https://github.com/projectdiscovery/naabu) for port scanning on the found host.\n- `uncover -q title:GitLab | httpx` - Runs [httpx](https://github.com/projectdiscovery/httpx) for web server probing the found result.\n- `uncover -q 51.83.59.99/24 | httpx` - Runs [httpx](https://github.com/projectdiscovery/naabu) on host/ports obtained from shodan-internetdb.\n\n\n```console\nuncover -q http.title:GitLab -silent | httpx -silent\n\nhttps://15.185.150.109\nhttps://139.162.137.16\nhttps://164.68.115.243\nhttps://135.125.215.186\nhttps://163.172.59.119\nhttp://15.236.10.197\nhttps://129.206.117.248\n```\n\n- `uncover -q 'org:\"Example  Inc.\"' | httpx | nuclei` - Runs [httpx](https://github.com/projectdiscovery/httpx) / [nuclei](https://github.com/projectdiscovery/nuclei) for vulnerability assessment.\n\n\n![image](https://user-images.githubusercontent.com/8293321/156753063-86ea4c5d-92ad-4c24-a7af-871c12aa278c.png)\n\n## Notes:\n\n-  **keys/ credentials** are required to configure before running or using this project.\n- `query` flag supports **all and only filters supported by search engine.**\n- results are limited to `100` as default and can be increased with `limit` flag.\n- `shodan-idb` API doesn't requires an API key and works out of the box.\n- `shodan-idb` API is used as **default** engine when **IP/CIDR** is provided as input.\n\n-----\n\n\u003cdiv align=\"center\"\u003e\n\n**uncover** is made with 🖤 by the [projectdiscovery](https://projectdiscovery.io) team.\n\n\u003c/div\u003e\n","funding_links":[],"categories":["Go","Future Ideas","Weapons","其他_安全与渗透","Miscellaneous","信息搜集"],"sub_categories":["Tools","网络服务_其他","Uncategorized"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojectdiscovery%2Funcover","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprojectdiscovery%2Funcover","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojectdiscovery%2Funcover/lists"}