HostHunter

A tool to efficiently discover and extract hostnames over a large set of target IP addresses. HostHunter utilizes simple OSINT techniques. It generates a CSV file containing the results of the reconnaissance.

Features

•  Works with Python3
•  Extracts information from SSL/TLS certificates.
•  Supports Free HackerTarget API requests.
•  Takes Screenshots of the target applications.
•  Validates the targets IPv4 address.
•  Supports .txt and .csv output file formats
•  Gathers information from HTTP headers.
•  Verifies Internet access.
•  Retrieves hostname values from services at 21/tcp, 25/tcp, 80/tcp and 443/tcp ports.
•  Supports Nessus target format output.

Changelog v1.6

I’ve updated the code to avoid duplicates in the results along with some minor performance improvements.

The screenshot-taking function was also adapted to work more reliably. The lastest chromedriver binaries are also included in the git.

Install

git clone https://github.com/SpiderLabs/HostHunter.git

pip install -r requirements.txt

Use

$ python3 hosthunter.py -h
usage: hosthunter.py [-h] [-V] [-f FORMAT] [-o OUTPUT] [-b] [-sc] targets

|<--- HostHunter v1.5 - Help Page --->|

positional arguments:
  targets               Sets the path of the target IPs file.

optional arguments:
  -h, --help            show this help message and exit
  -V, --version         Displays the currenct version.
  -f FORMAT, --format FORMAT
                        Choose between CSV and TXT output file formats.
  -o OUTPUT, --output OUTPUT
                        Sets the path of the output file.
  -b, --bing            Use Bing.com search engine to discover more hostnames
                        associated with the target IP addreses.
  -sc, --screen-capture
                        Capture a screen shot of any associated Web
                        Applications.

Demo

Copyright (C) 2019 @superhedgy

Source: https://github.com/SpiderLabs/