punter: Hunt domain names

Punter (passive hunter) helps with the first step in footprinting a domain. The idea is not to touch the target domain but passively find a good initial amount of information and put it into an easy to view the report. It uses:

  • DNS Dumpster
  • Whois
  • Reverse whois on email
  • haveibeenpwned lookup on emails found
  • CRT.sh to find subdomains
  • Crimeflare to uncover true IP’s behind Cloudflare

Whois and DNS lookups are still done on the host, not through an API, so if you are worried about that take precautions. Otherwise, all other lookups are down using other services.

After the scan an HTML report is generated with results, just double click and open it.


git clone https://github.com/nethunteros/punter
cd punter
pip install -r requirements.txt


If you want to enable Shodan when searching then you need to edit config.cfg. Change enable to True then add your API key.

Change the target to a domain you are interested in:

python main.py -t google.com


Source: https://github.com/nethunteros/