Horn3t : Powerful Visual Subdomain Enumeration at the Click of a Mouse

Horn3t is your number one tool for exploring subdomains visually.
Tested on Windows 10 and Debian with Google Chrome/Chromium 73.

• Recon your targets at blazing speed
• Enhance your productivity by focusing on interesting looking sites
• Enumerate critical sites immediately
• Sting your target

Building on the great Sublist3r framework (or extensible with your favorite one) it searches for subdomains and generates awesome picture previews. Get a fast overview of your target with http status codes, add custom found subdomains and directly access found urls with one click.

Also Read – iCULeak : Tool To Find & Extract Credentials From Phone Configuration Files Hosted On CUCM

Installation

1. Install Google Chrome
2. Install requirements.txt with pip3
3. Install requirements.txt of sublist3r with pip3
4. Put the directory within the web server of your choice
5. Make sure to have the right permissions
6. Run horn3t.py

Or alternatively use the install.sh file with docker.
Afterwards you can access the web portal under http://localhost:1337

Todo

1. Better Scaling on Firefox
2. Add Windows Dockerfile
3. Direkt Nmap Support per click on a subdomain
4. Direkt Dirb Support per click on a subdomain
5. Generate PDF Reports of found subdomains
6. Assist with subdomain takeover

Credit: aboul3la, TheRook & bitquark