HostHunter v1.6 releases: discovering hostnames using OSINT techniques


A tool to efficiently discover and extract hostnames over a large set of target IP addresses. HostHunter utilizes simple OSINT techniques. It generates a CSV file containing the results of the reconnaissance.


  •  Works with Python3
  •  Extracts information from SSL/TLS certificates.
  •  Supports Free HackerTarget API requests.
  •  Takes Screenshots of the target applications.
  •  Validates the targets IPv4 address.
  •  Supports .txt and .csv output file formats
  •  Gathers information from HTTP headers.
  •  Verifies Internet access.
  •  Retrieves hostname values from services at 21/tcp, 25/tcp, 80/tcp and 443/tcp ports.
  •  Supports Nessus target format output.

Changelog v1.6

I’ve updated the code to avoid duplicates in the results along with some minor performance improvements.

The screenshot-taking function was also adapted to work more reliably. The lastest chromedriver binaries are also included in the git.


git clone

pip install -r requirements.txt


$ python3 -h

usage: [-h] [-V] [-f FORMAT] [-o OUTPUT] [-b] [-sc] targets

|<--- HostHunter v1.5 - Help Page --->|

positional arguments:
targets Sets the path of the target IPs file.

optional arguments:
-h, --help show this help message and exit
-V, --version Displays the currenct version.
-f FORMAT, --format FORMAT
Choose between CSV and TXT output file formats.
-o OUTPUT, --output OUTPUT
Sets the path of the output file.
-b, --bing Use search engine to discover more hostnames
associated with the target IP addreses.
-sc, --screen-capture
Capture a screen shot of any associated Web



Copyright (C) 2019 @superhedgy