A tool to efficiently discover and extract hostnames providing a large set of target IP addresses. HostHunter utilises simple OSINT techniques to map IP addresses with virtual hostnames. It generates a CSV or TXT file containing the results of the reconnaissance.
Latest version of HostHunter also takes screenshots of the targets, it is currently a beta functionality.
- Currently GitLab's markup language does not support HTML or CSS control over the images, thus the following link thumbnail is huge.
- Tested with Python 3.7.2.
- Install python dependencies.
$ pip3 install -r requirements.txt
The next few steps are only required if you would like to use the Screen Capture feature.
- Use wget command to download the latest Google Chrome Debian package.
Mac OS:
$ brew cask install google-chrome
or
Linux:
$ wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
$ dpkg -i ./google-chrome-stable_current_amd64.deb
$ sudo apt-get install -f
- Download and install ChromeDriver.
Mac OS:
wget -O /tmp/chromedriver.zip https://chromedriver.storage.googleapis.com/74.0.3729.6/chromedriver_mac64.zip && sudo unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/;
or
Linux:
wget -O /tmp/chromedriver.zip https://chromedriver.storage.googleapis.com/74.0.3729.6/chromedriver_linux64.zip && sudo unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/;
$ python3 hosthunter.py <targets.txt>
$ cat vhosts.csv
HostHunter Help Page
$ python3 hosthunter.py -h
usage: hosthunter.py [-h] [-b] [-f FORMAT] [-o OUTPUT] [-sc] [-t TARGET] [-V]
[targets]
|<--- HostHunter v1.5 - Help Page --->|
positional arguments:
targets Sets the path of the target IPs file.
optional arguments:
-h, --help show this help message and exit
-b, --bing Use Bing.com search engine to discover more hostnames
associated with the target IP addreses.
-f FORMAT, --format FORMAT
Choose between CSV and TXT output file formats.
-o OUTPUT, --output OUTPUT
Sets the path of the output file.
-sc, --screen-capture
Capture a screen shot of any associated Web
Applications.
-t TARGET, --target TARGET
Scan a Single IP.
-V, --version Displays the currenct version.
Run HostHunter with Bing and Screen Capture modules enabled
$ python3 hosthunter.py <targets.txt> --bing -sc -f csv -o hosts.csv
Display Results
$ cat hosts.csv
View Screenshots
$ open ./screen_captures/
[X] Works with Python3
[X] Extracts and analyses hostnames from SSL certificates
[X] Utilises Hacker Target API
[X] Scraps Bing.com results
[X] Takes Screenshots of the targets
[X] Validates target IPv4 addresses
[X] Supports .txt and .csv output file formats
[_] Support for HackerTarget API key
[_] Support for IPv6
[_] Gather information from additional APIs
[_] Actively pull SSL certificates from other TCP ports
- Free APIs throttle the amount of requests per day per source IP address.
This project is licensed under the MIT License.
- Andreas Georgiou - find me on twitter - @superhedgy