Automic VaultAutomic Vault

brew

Install uncover with Homebrew, Nix

Tool to discover exposed hosts on the internet using multiple search engines. Version 1.2.1 via Homebrew; verified 2026-05-20.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install uncover

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#uncover

nixpkgs package indexes · pkgs/by-name/un/uncover/package.nix · source: api.github.com

overview

Package summary

Tool to discover exposed hosts on the internet using multiple search engines

Commands and aliases

  • uncover

history

Project history and usage

uncover is a ProjectDiscovery reconnaissance CLI that queries public internet search engines to discover exposed hosts. Its history is recent, but it fits a well-defined package-nerd niche: small Go security tools that compose through stdin/stdout and API-key-backed provider configuration.

Project history

ProjectDiscovery's official docs describe uncover as a Go wrapper using APIs from well-known search engines to quickly discover exposed hosts on the internet. The GitHub repository was created in 2022, and its first public tag/release series began with 0.0.1 in March 2022.

The official ProjectDiscovery blog frames uncover as a CLI for simplifying Shodan, Censys, ZoomEye, FOFA, and related internet-search workflows, especially inside automation pipelines. Later releases expanded provider support and added features such as multiple API keys and output customization.

Adoption history

uncover belongs to the broader ProjectDiscovery ecosystem of security automation tools. Official ProjectDiscovery documentation emphasizes CLI and Cloud workflows for asset discovery and vulnerability management, and the project's llms.txt lists uncover among the major open-source tools.

The input package metadata shows package-manager availability in Homebrew and Nix. In practice, uncover's adoption is strongest among security engineers, bug-bounty hunters, and recon automation users who already chain tools such as httpx, nuclei, subfinder, and naabu.

How it is used

The docs describe querying multiple search engines at once, using provider API keys, randomizing across multiple keys, and integrating results with existing pipeline tools. The README documents `go install` installation and flags for query input, engine selection, and awesome-search-queries support.

Package-manager users install uncover to avoid maintaining a separate Go build checkout and to keep the binary updated alongside the rest of a recon toolkit. The important operational state is the provider configuration file that stores search-engine API keys.

Why package nerds care

uncover is significant in the security package niche because it normalizes many proprietary search APIs behind one CLI. That makes it easy to slot into shell pipelines, CI-style reconnaissance jobs, and ProjectDiscovery-style workflows.

It is young compared with classic Unix tools, but its value is exactly the modern package-manager value proposition: one small binary, fast updates, many upstream integrations, and predictable config paths.

Timeline

  • 2022: GitHub repository created and 0.0.1 release published.
  • 2022: ProjectDiscovery blog introduces uncover as a CLI for discovering exposed hosts and vulnerable instances.
  • 2022: v1.0.0 release published.
  • 2025: v1.0.10 adds new search-query and provider support.
  • 2026: v1.2.1 release published.

Related projects

  • ProjectDiscovery tools such as nuclei, httpx, subfinder, naabu, dnsx, and cloudlist are adjacent tools in the same security automation ecosystem.
  • Supported search/provider ecosystems include Shodan, Censys, FOFA, Hunter, Quake, ZoomEye, Netlas, CriminalIP, PublicWWW, HunterHow, Google, Onyphe, Driftnet, DayDayMap, and NerdyData as documented by official sources.

security posture

No protected-tool coverage found yet

No matching local secret-handling manifest was found for uncover. Nucleus package metadata is still published here so future coverage has a stable package URL.

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
~/.config/uncover/config.yaml

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
~/.config/uncover/provider-config.yaml

executables

Installed executables

CommandKindExposureNote
uncovercliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.2.1
manager updated2026-05-20
local dataok
upstreamcurrent
latest detectedv1.2.1

https://github.com/projectdiscovery/uncover

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:uncover
Version1.2.1
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/uncover
Homepagehttps://github.com/projectdiscovery/uncover
Repositoryhttps://github.com/projectdiscovery/uncover
Upstream docshttps://docs.projectdiscovery.io/opensource/uncover/overview
LicenseMIT
Source archivehttps://github.com/projectdiscovery/uncover/archive/refs/tags/v1.2.1.tar.gz
Last updated2026-05-20T15:38:03Z
Pulseupdated
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameuncover
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

uncover

nix profile install nixpkgs#uncover
  • normalized package name match
  • Matched by: Uncover
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/un/uncover/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment