Skip to content

0xh4di/HostHunter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

77 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
hosthunter.py
hosthunter.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Python Version GitHub Twitter Follow

HostHunter v1.5

A tool to efficiently discover and extract hostnames providing a large set of target IP addresses. HostHunter utilises simple OSINT techniques to map IP addresses with virtual hostnames. It generates a CSV or TXT file containing the results of the reconnaissance.

Latest version of HostHunter also takes screenshots of the targets, it is currently a beta functionality.

Demo

  • Currently GitLab's markup language does not support HTML or CSS control over the images, thus the following link thumbnail is huge.

asciicast

Installation

  • Tested with Python 3.7.2.

Linux / Mac OS

  • Install python dependencies.
$ pip3 install -r requirements.txt

The next few steps are only required if you would like to use the Screen Capture feature.

  • Use wget command to download the latest Google Chrome Debian package.

Mac OS:

$ brew cask install google-chrome

or

Linux:

$ wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb

$ dpkg -i ./google-chrome-stable_current_amd64.deb

$ sudo apt-get install -f
  • Download and install ChromeDriver.

Mac OS:

wget -O /tmp/chromedriver.zip https://chromedriver.storage.googleapis.com/74.0.3729.6/chromedriver_mac64.zip && sudo unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/;

or

Linux:

wget -O /tmp/chromedriver.zip https://chromedriver.storage.googleapis.com/74.0.3729.6/chromedriver_linux64.zip && sudo unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/;

Simple Usage Example

$ python3 hosthunter.py <targets.txt>
$ cat vhosts.csv

More Examples

HostHunter Help Page

$ python3 hosthunter.py -h
usage: hosthunter.py [-h] [-b] [-f FORMAT] [-o OUTPUT] [-sc] [-t TARGET] [-V]
                     [targets]

|<--- HostHunter v1.5 - Help Page --->|

positional arguments:
  targets               Sets the path of the target IPs file.

optional arguments:
  -h, --help            show this help message and exit
  -b, --bing            Use Bing.com search engine to discover more hostnames
                        associated with the target IP addreses.
  -f FORMAT, --format FORMAT
                        Choose between CSV and TXT output file formats.
  -o OUTPUT, --output OUTPUT
                        Sets the path of the output file.
  -sc, --screen-capture
                        Capture a screen shot of any associated Web
                        Applications.
  -t TARGET, --target TARGET
                        Scan a Single IP.
  -V, --version         Displays the currenct version.

Run HostHunter with Bing and Screen Capture modules enabled

$ python3 hosthunter.py <targets.txt> --bing -sc -f csv -o hosts.csv

Display Results

$ cat hosts.csv

View Screenshots

$ open ./screen_captures/

Features

[X] Works with Python3
[X] Extracts and analyses hostnames from SSL certificates
[X] Utilises Hacker Target API
[X] Scraps Bing.com results
[X] Takes Screenshots of the targets
[X] Validates target IPv4 addresses
[X] Supports .txt and .csv output file formats

Coming Next

[_] Support for HackerTarget API key
[_] Support for IPv6
[_] Gather information from additional APIs
[_] Actively pull SSL certificates from other TCP ports

Notes

  • Free APIs throttle the amount of requests per day per source IP address.

License

This project is licensed under the MIT License.

Authors

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

10 stars

Watchers

2 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages