GithubHelp home page GithubHelp logo

spiderlabs / hosthunter Goto Github PK

View Code? Open in Web Editor NEW
1.0K 46.0 175.0 19.63 MB

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Home Page: https://github.com/SpiderLabs/HostHunter

License: MIT License

Python 100.00%
osint recon tool hostnames ip reconnaissance pentesting bugbounty virtual-hosts security-tools

hosthunter's Introduction

Python Version GitHub release License Issues Twitter Follow

HostHunter v2.0

logo

A tool to efficiently discover and extract hostnames providing a large set of target IPv4 or IPv6 addresses. HostHunter utilises simple OSINT and active reconaissance techniques to map IP targets with virtual hostnames. This is especially useful for discovering the true attack surface of your organisation. Output can be generated in multiple formats including CSV, TXT or Nessus file formats.

Demo

asciicast

Click on the thumbnail above to view the demo.

Installation

  • Tested with Python 3.10.8.

Linux / Mac OS

  • Install Python dependencies.
$ python3.10 -m pip install -r requirements.txt

Simple Usage Example

$ python3.10 hosthunter.py <targets.txt>
$ cat vhosts.csv

More Examples

HostHunter Help Page

$ python3.10 ./hosthunter.py -h
usage: hosthunter.py [-h] [-f FORMAT] [-o OUTPUT] [-t TARGET] [-g GRAB] [-v] [-V] [-d] [targets]

[?] HostHunter v2.0 - Help Page

positional arguments:
  targets               Sets the path of the target IPs file.

options:
  -h, --help            show this help message and exit
  -f FORMAT, --format FORMAT
                        Choose between .CSV and .TXT output file formats.
  -o OUTPUT, --output OUTPUT
                        Sets the path of the output file.
  -t TARGET, --target TARGET
                        Hunt a Single IP.
  -g GRAB, --grab GRAB  Choose which SSL ports to actively scan. Default ports: 21/tcp, 25/tcp, 443/tcp, 993/tcp, 8443/tcp
  -v, --verify          Attempts to resolve IP Address
  -V, --version         Displays the current version.
  -d, --debug           Displays additional output and debugging information.

Author: Andreas Georgiou (@superhedgy)

Run HostHunter Screen Capture module and output a Nessus file:

$ python3.10 hosthunter.py <targets.txt> --nessus -o hosts.csv

Display Results

$ cat hosts.csv

View Screenshots

$ open ./screen_captures/

Features

  • Works with Python3.10
  • Extracts information from SSL/TLS certificates.
  • Supports Free HackerTarget API requests.
  • Takes Screenshots of the target applications.
  • Validates the targets IPv4 address.
  • Supports .txt and .csv output file formats
  • Gathers information from HTTP headers.
  • Verifies Internet access.
  • Retrieves hostname values from services at 21/tcp, 25/tcp, 80/tcp and 443/tcp ports.
  • Supports Nessus target format output.
  • Improve output (IPs, HostNames, FQDNs)
  • Actively pull SSL certificates from other TCP ports
  • Select with SSL ports to target
  • Verify discovered hostnames against target IPs
  • Support for IPv6

Coming Next

  • Pause and Resume Execution
  • Support for a Premium HackerTarget API key
  • Gather information from additional APIs

Notes

  • Free APIs throttle the amount of requests per day per source IP address.

License

This project is licensed under the MIT License.

Authors

  • Andreas Georgiou - follow me on twitter - @superhedgy

Contribute

Feel free to create a Pull Request if you have any ideas or features you would like to add. Otherwise reach me out on twitter @superhedgy.

StarGazers

Thank you for all the support & feedback! Stargazers over time

hosthunter's People

Contributors

0xflotus avatar dependabot[bot] avatar fintzd avatar infinityhacked avatar s0md3v avatar superhedgy avatar tg12 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

clicknull secureplanet07 mlynchcogent ro9ueadmin mmg1 rajivraj bbhunter killix06 flatl1neapt juanvdw marciopocebon 3453-315h kjigs sasqwatch w00t3k superuser5 seabreg serguk89 heikipikker superf0sh kimocoder ilovecode2018 raystyle sohambakore sukelluskello c0dak minkione evil5hadow modulexcite open-sec freeguy1 bartzjegr gplay1 triplekill rahimbangla qman69 zikoamz enumeration-tools masterscott limkokholefork aconstantinou-cmd johndoehack 3v1lw1th1n z4ck404 kakuye kp-forks samjaninf qing-q shreegowtham27 adornetejr powerexploit 5l1v3r1 red-infosec bit212-2019 g0pherzilla attacker34 crypto-breaker m-i-6 404-not-find mcdxn rswingle simhaonline polling-repo-continua cybernewbies wardtec hollow667 weldingwit 7rust shahid1996 arzikamubarak 0xflotus mdheller ktzgraph hariyopmail uchihasr lillox silentsoul04 sinsixx digitalarche stevenlol ktm2590 gh0st0ne rahul-thakur7 jonny8133 dk47os3r tor-0 chouaibhm hartl3y94 exengineer1 la3b0z karmaz95 stayyule gsatyadev inc775 tommalvoriddle 4revalo trickest-community asdlei99 sweetsoftware sitedata

hosthunter's Issues

No argument, produces error

Upon doing a fresh clone, if you run the script, without any arguments, it gives an error. This may be confusing to people who are new to the program.
A suggestion would be, if there isn't any arguments, could it say please check "$0 -h" instead?

kali@kali:~$ git clone https://github.com/SpiderLabs/HostHunter.git
Cloning into 'HostHunter'...
remote: Enumerating objects: 334, done.
remote: Counting objects: 100% (69/69), done.
remote: Compressing objects: 100% (61/61), done.
remote: Total 334 (delta 35), reused 17 (delta 8), pack-reused 265
Receiving objects: 100% (334/334), 74.07 KiB | 972.00 KiB/s, done.
Resolving deltas: 100% (135/135), done.
kali@kali:~$
kali@kali:~$ cd HostHunter/ 
kali@kali:~/HostHunter$
kali@kali:~/HostHunter$ ./hosthunter.py 
Traceback (most recent call last):
  File "/home/kali/HostHunter/./hosthunter.py", line 151, in <module>
    targets = open(args.targets, "rt")  # Read File
FileNotFoundError: [Errno 2] No such file or directory: ''
kali@kali:~/HostHunter$ 
kali@kali:~/HostHunter$ ./hosthunter.py -h
usage: hosthunter.py [-h] [-b] [-f FORMAT] [-o OUTPUT] [-sc] [-t TARGET] [-V] [targets]

|<--- HostHunter v1.5 - Help Page --->|

positional arguments:
  targets               Sets the path of the target IPs file.

optional arguments:
  -h, --help            show this help message and exit
  -b, --bing            Use Bing.com search engine to discover more hostnames associated with the target IP addresses.
  -f FORMAT, --format FORMAT
                        Choose between CSV and TXT output file formats.
  -o OUTPUT, --output OUTPUT
                        Sets the path of the output file.
  -sc, --screen-capture
                        Capture a screen shot of any associated Web Applications.
  -t TARGET, --target TARGET
                        Scan a Single IP.
  -V, --version         Displays the current version.

Author: Andreas Georgiou (superhedgy)
kali@kali:~/HostHunter$

ASCII banner formatting broken

It looks like there is issue with \n not being rendered as a new line, thus merging two lines onto one - which I don't think is the desired output.

kali@kali:~/HostHunter$ host kali.org | awk '/address/ {print $4}' > /tmp/test
kali@kali:~/HostHunter$ 
kali@kali:~/HostHunter$ ./hosthunter.py /tmp/test | head                      
                                                                             
 | $$  | $$                      | $$    | $$  | $$                      | $$
 | $$  | $$  /$$$$$$   /$$$$$$$ /$$$$$$  | $$  | $$ /$$   /$$ /$$$$$$$  /$$$$$$    /$$$$$$   /$$$$$$
 | $$$$$$$$ /$$__  $$ /$$_____/|_  $$_/  | $$$$$$$$| $$  | $$| $$__  $$|_  $$_/   /$$__  $$ /$$__  $$
 | $$__  $$| $$  \ $$|  $$$$$$   | $$    | $$__  $$| $$  | $$| $$  \ $$  | $$    | $$$$$$$$| $$  \__/\n | $$  | $$| $$__| $$ \____  $$  | $$ /$$| $$  | $$| $$__| $$| $$  | $$  | $$ /$$| $$_____/| $$\n | $$  | $$|  $$$$$$/ /$$$$$$$/  |  $$$$/| $$  | $$|  $$$$$$/| $$  | $$  |  $$$$/|  $$$$$$$| $$
 |__/  |__/ \______/ |_______/    \___/  |__/  |__/ \______/ |__/  |__/   \___/   \_______/|__/  v1.5


 HostHunter:  v1.5
 Author :  Andreas Georgiou (superhedgy)
Exception ignored in: <_io.TextIOWrapper name='<stdout>' mode='w' encoding='utf-8'>
BrokenPipeError: [Errno 32] Broken pipe
                                                                                                                                                                                 
kali@kali:~/HostHunter$

selenium.common.exceptions.WebDriverException: Message: unknown error: Chrome failed to start: exited abnormally.

I've followed the instructions. Hosthunter works until I try to enable de screen capture and bing options.
I get this error:

Traceback (most recent call last):
File "/home/kali/HostHunter/hosthunter.py", line 467, in
driver = webdriver.Chrome(executable_path=DRIVER, options=chrome_opt)
File "/usr/lib/python3/dist-packages/selenium/webdriver/chrome/webdriver.py", line 95, in init
RemoteWebDriver.init(
File "/usr/lib/python3/dist-packages/selenium/webdriver/remote/webdriver.py", line 152, in init
self.start_session(capabilities, browser_profile)
File "/usr/lib/python3/dist-packages/selenium/webdriver/remote/webdriver.py", line 249, in start_session
response = self.execute(Command.NEW_SESSION, parameters)
File "/usr/lib/python3/dist-packages/selenium/webdriver/remote/webdriver.py", line 318, in execute
self.error_handler.check_response(response)
File "/usr/lib/python3/dist-packages/selenium/webdriver/remote/errorhandler.py", line 242, in check_response
raise exception_class(message, screen, stacktrace)
selenium.common.exceptions.WebDriverException: Message: unknown error: Chrome failed to start: exited abnormally.
(unknown error: DevToolsActivePort file doesn't exist)
(The process started from chrome location /usr/bin/google-chrome is no longer running, so ChromeDriver is assuming that Chrome has crashed.)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.