Hunt domain names using DNSDumpster, WHOIS, Reverse WHOIS, Shodan, Crimeflare
Branch: master
Clone or download
binkybear Add virustotal, ping option
Add virustotal and ping option. Fix dnsdumpster hostname.

Signed-off-by: binkybear <>
Latest commit 97b7bed Feb 6, 2019



Punter (passive hunter) helps with the first step in footprinting a domain. The idea is not to touch the target domain but passively find a good initial amount of information and put it into an easy to view report. It uses:

  • DNS Dumpster
  • Whois
  • Reverse whois on email
  • Haveibeenpwned lookup on emails found
  • to find subdomains
  • Crimeflare to uncover true IP's behind Cloudflare

Whois and DNS lookups are still done on the host, not through an API, so if you are worried about that take precautions. Otherwise, all other lookups are down using other services.

After the scan an HTML report is generated with results, just double click and open it.


git clone
cd punter
pip install -r requirements.txt

Setup - Arch Linux

git clone
cd punter
pip2 install -r requirements.txt
pip2 install ipaddr

python2 -t


If you want to enable Shodan when searching then you need to edit config.cfg. Change enable to True then add your API key.

Change the target to domain you are interested in:

python -t


  • Everyone who built apis/websites this script scrapes form
  • @jmingov for html fixes/putting up with my terrible scripts


  • Grab html of site/headers using another service
  • Net range from Whois
  • Better unicode fixes
  • Try/except for all types of errors


This software is mainly tested under Kali Linux, we recommend use this distribution.

  • Kali Linux, Python 2.7.13 - OK
  • Arch Linux, Python 2.7.13 - OK Currently Punter is not supported under