# Install uncover with Homebrew, Nix

Tool to discover exposed hosts on the internet using multiple search engines. Version 1.2.1 via Homebrew; verified 2026-05-20.

## Install

```sh
sudo av install brew:uncover
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install uncover
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#uncover
```

  Evidence: nixpkgs package indexes: pkgs/by-name/un/uncover/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:uncover
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/uncover>
- **Version:** 1.2.1
- **Source summary:** Tool to discover exposed hosts on the internet using multiple search engines
- **Homepage:** <https://github.com/projectdiscovery/uncover>
- **Repository:** <https://github.com/projectdiscovery/uncover>
- **Upstream docs:** <https://docs.projectdiscovery.io/opensource/uncover/overview>
- **License:** MIT
- **Source archive:** <https://github.com/projectdiscovery/uncover/archive/refs/tags/v1.2.1.tar.gz>
- **Last updated:** 2026-05-20T15:38:03Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- uncover (cli)
- uncover (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.2.1
- Package-manager updated: 2026-05-20
- Local data: ok
- Upstream repository: https://github.com/projectdiscovery/uncover
- Upstream latest detected: v1.2.1 (current)
## Project history and usage

uncover is a ProjectDiscovery reconnaissance CLI that queries public internet search engines to discover exposed hosts. Its history is recent, but it fits a well-defined package-nerd niche: small Go security tools that compose through stdin/stdout and API-key-backed provider configuration.

### Project history

ProjectDiscovery's official docs describe uncover as a Go wrapper using APIs from well-known search engines to quickly discover exposed hosts on the internet. The GitHub repository was created in 2022, and its first public tag/release series began with 0.0.1 in March 2022.

The official ProjectDiscovery blog frames uncover as a CLI for simplifying Shodan, Censys, ZoomEye, FOFA, and related internet-search workflows, especially inside automation pipelines. Later releases expanded provider support and added features such as multiple API keys and output customization.

### Adoption history

uncover belongs to the broader ProjectDiscovery ecosystem of security automation tools. Official ProjectDiscovery documentation emphasizes CLI and Cloud workflows for asset discovery and vulnerability management, and the project's llms.txt lists uncover among the major open-source tools.

The input package metadata shows package-manager availability in Homebrew and Nix. In practice, uncover's adoption is strongest among security engineers, bug-bounty hunters, and recon automation users who already chain tools such as httpx, nuclei, subfinder, and naabu.

### How it is used

The docs describe querying multiple search engines at once, using provider API keys, randomizing across multiple keys, and integrating results with existing pipeline tools. The README documents `go install` installation and flags for query input, engine selection, and awesome-search-queries support.

Package-manager users install uncover to avoid maintaining a separate Go build checkout and to keep the binary updated alongside the rest of a recon toolkit. The important operational state is the provider configuration file that stores search-engine API keys.

### Why package nerds care

uncover is significant in the security package niche because it normalizes many proprietary search APIs behind one CLI. That makes it easy to slot into shell pipelines, CI-style reconnaissance jobs, and ProjectDiscovery-style workflows.

It is young compared with classic Unix tools, but its value is exactly the modern package-manager value proposition: one small binary, fast updates, many upstream integrations, and predictable config paths.

### Timeline

- 2022: GitHub repository created and 0.0.1 release published.
- 2022: ProjectDiscovery blog introduces uncover as a CLI for discovering exposed hosts and vulnerable instances.
- 2022: v1.0.0 release published.
- 2025: v1.0.10 adds new search-query and provider support.
- 2026: v1.2.1 release published.

### Related projects

- ProjectDiscovery tools such as nuclei, httpx, subfinder, naabu, dnsx, and cloudlist are adjacent tools in the same security automation ecosystem.
- Supported search/provider ecosystems include Shodan, Censys, FOFA, Hunter, Quake, ZoomEye, Netlas, CriminalIP, PublicWWW, HunterHow, Google, Onyphe, Driftnet, DayDayMap, and NerdyData as documented by official sources.

### Sources

- GitHub repository and release metadata via `gh api repos/projectdiscovery/uncover` and `gh api repos/projectdiscovery/uncover/releases`
- <https://docs.projectdiscovery.io/opensource/uncover/overview>
- <https://github.com/projectdiscovery/uncover>
- <https://projectdiscovery.io/blog/uncover>
- <https://projectdiscovery.io/llms.txt>
- source_facts.package-manager


## Security Notes

No matching local secret-handling manifest was found for uncover. Nucleus package metadata is still published here so future coverage has a stable package URL.



## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: ~/.config/uncover/config.yaml

## Credential files

- Unix: ~/.config/uncover/provider-config.yaml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** uncover
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - uncover: normalized package name match | nixpkgs package indexes: pkgs/by-name/un/uncover/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Text processing packages](https://www.automicvault.com/pkg/text-processing-tools/) - Matched text, document, or structured-data processing metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [amass](https://www.automicvault.com/pkg/brew/amass/) - Shares av.db curated category or tags: asset-discovery, cli, osint, reconnaissance, security.
- [bbot](https://www.automicvault.com/pkg/brew/bbot/) - Shares av.db curated category or tags: cli, osint, reconnaissance, security.
- [favirecon](https://www.automicvault.com/pkg/brew/favirecon/) - Shares av.db curated category or tags: cli, osint, reconnaissance, security.
- [recon-ng](https://www.automicvault.com/pkg/brew/recon-ng/) - Shares av.db curated category or tags: cli, osint, reconnaissance, security.
- [subfinder](https://www.automicvault.com/pkg/brew/subfinder/) - Shares av.db curated category or tags: cli, osint, reconnaissance, security.
- [theharvester](https://www.automicvault.com/pkg/brew/theharvester/) - Shares av.db curated category or tags: cli, osint, reconnaissance, security.
- [csprecon](https://www.automicvault.com/pkg/brew/csprecon/) - Shares av.db curated category or tags: cli, reconnaissance, security.
- [findomain](https://www.automicvault.com/pkg/brew/findomain/) - Shares av.db curated category or tags: cli, osint, reconnaissance, security.

## Combined YAML source

View the package source record on GitHub. [combined/uncover.yml](https://github.com/automic-vault/db/blob/main/combined/uncover.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
