HostHunter

A tool to efficiently discover and extract hostnames over a large set of target IP addresses. HostHunter utilizes simple OSINT techniques. It generates a CSV file containing the results of the reconnaissance.

Features

•  Works with Python3
•  Extracts information from SSL/TLS certificates.
•  Supports Free HackerTarget API requests.
•  Takes Screenshots of the target applications.
•  Validates the targets IPv4 address.
•  Supports .txt and .csv output file formats
•  Gathers information from HTTP headers.
•  Verifies Internet access.
•  Retrieves hostname values from services at 21/tcp, 25/tcp, 80/tcp and 443/tcp ports.
•  Supports Nessus target format output.

Changelog v1.6

I’ve updated the code to avoid duplicates in the results along with some minor performance improvements.

The screenshot-taking function was also adapted to work more reliably. The lastest chromedriver binaries are also included in the git.

Install

git clone https://github.com/SpiderLabs/HostHunter.git

pip install -r requirements.txt

Use

$ python3 hosthunter.py -h

usage: hosthunter.py [-h] [-V] [-f FORMAT] [-o OUTPUT] [-b] [-sc] targets



|<--- HostHunter v1.5 - Help Page --->|



positional arguments:

  targets               Sets the path of the target IPs file.



optional arguments:

  -h, --help            show this help message and exit

  -V, --version         Displays the currenct version.

  -f FORMAT, --format FORMAT

                        Choose between CSV and TXT output file formats.

  -o OUTPUT, --output OUTPUT

                        Sets the path of the output file.

  -b, --bing            Use Bing.com search engine to discover more hostnames

                        associated with the target IP addreses.

  -sc, --screen-capture

                        Capture a screen shot of any associated Web

                        Applications.

Demo

Copyright (C) 2019 @superhedgy

Source: https://github.com/SpiderLabs/