HostHunter : To Discover Hostnames Using OSINT

HostHunter is a recon tool for discovering hostnames using OSINT techniques.

HostHunter v1.5 is a tool to efficiently discover and extract hostnames over a large set of target IP addresses. It utilises simple OSINT techniques. It generates a CSV file containing the results of the reconnaissance.

Taking screenshots was also added as a beta functionality.

Demo

Currently GitLab’s markup language does not support HTML or CSS control over the images, thus the following link thumbnail is huge.

Also Read : KDE Applications 19.04 Release

Installation

Tested with Python 3.7.2.

Linux

Use wget command to download a latest Google Chrome debian package.

$ wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb

$ dpkg -i ./google-chrome-stable_current_amd64.deb

$ sudo apt-get install -f

Install python dependencies.

$ pip install -r requirements.txt

Simple Usage Example :

$ python3 hosthunter.py <targets.txt>

$ cat vhosts.csv

More Examples

HostHunter Help Page

$ python3 hosthunter.py -h
usage: hosthunter.py [-h] [-V] [-f FORMAT] [-o OUTPUT] [-b] [-sc] targets
|<— HostHunter v1.5 – Help Page —>|
positional arguments:
targets Sets the path of the target IPs file.
optional arguments:
-h, –help show this help message and exit
-V, –version Displays the currenct version.
-f FORMAT, –format FORMAT
Choose between CSV and TXT output file formats.
-o OUTPUT, –output OUTPUT
Sets the path of the output file.
-b, –bing Use Bing.com search engine to discover more hostnames
associated with the target IP addreses.
-sc, –screen-capture
Capture a screen shot of any associated Web
Applications.

Run HostHunter with Bing and Screen Captures modules enabled

$ python3 hosthunter.py –bing -sc -f csv -o hosts.csv

Display Results

$ cat hosts.csv

View Screenshots

$ open ./screen_captures/

Features

  • Works with Python3
  • Scraps Bing.com results
  • Supports .txt and .csv output file formats
  • Validates target IPv4 addresses
  • Takes Screenshots of the targets
  • Extracts hostnames from SSL certificates
  • Utilises Hacker Target API

Credits: Andreas Georgiou

Download
R K

Share
Published by
R K
Tags: HostHunterHostnamesOSINT
6 years ago

Recent Posts

Useful Bug Bounty And Security Related Write-ups : A Comprehensive Guide For Enthusiasts

This repo contains all variants of information security & Bug bounty & Penetration Testing write-up…

1 hour ago

Admin-Panel-Dorks : Mastering Google Dorks To Uncover Hidden Admin Panels

site:*/sign-in site:*/account/login site:*/forum/ucp.php?mode=login inurl:memberlist.php?mode=viewprofile intitle:"EdgeOS" intext:"Please login" inurl:user_login.php intitle:"Web Management Login" site:*/users/login_form site:*/access/unauthenticated site:account.*.*/login site:admin.*.com/signin/…

1 hour ago

Conduwuit : Pioneering A New Era In Matrix Homeservers

Matrix is an open network for secure and decentralized communication. Users from every Matrix homeserver…

1 hour ago

LSMS – Linux Security And Monitoring Scripts

Linux Security And Monitoring Scripts are a collection of security and monitoring scripts you can…

1 hour ago

Fiber – Using Fibers To Run In-Memory Code

A fiber is a unit of execution that must be manually scheduled by the application…

1 hour ago

XSS-Exploitation-Tool : A Penetration Testing Tool

XSS Exploitation Tool is a penetration testing tool that focuses on the exploit of Cross-Site…

1 hour ago