HostHunter v1.6

A tool to efficiently discover and extract hostnames providing a large set of target IP addresses. HostHunter utilises simple OSINT techniques to map IP addresses with virtual hostnames. It generates a CSV or TXT file containing the results of the reconnaissance.

Latest version of HostHunter also takes screenshots of the target web applicatiinos. This functionality is currently in beta.

Demo

Click on the thumbnail above to view the demo.

Installation

• Tested with Python 3.7.2.

Linux / Mac OS

• Install python dependencies.

$ pip3 install -r requirements.txt

The next few steps are only required if you would like to use the Screen Capture feature.

• Download and install the latest version of Google Chrome.

Mac OS:

$ brew cask install google-chrome

Linux:

$ wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb

$ dpkg -i ./google-chrome-stable_current_amd64.deb

$ sudo apt-get install -f

• Download and install the latest ChromeDriver.

Mac OS:

wget -O /tmp/chromedriver.zip https://chromedriver.storage.googleapis.com/74.0.3729.6/chromedriver_mac64.zip && sudo unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/;

Linux:

wget -O /tmp/chromedriver.zip https://chromedriver.storage.googleapis.com/74.0.3729.6/chromedriver_linux64.zip && sudo unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/;

Simple Usage Example

$ python3 hosthunter.py <targets.txt>

$ cat vhosts.csv

More Examples

HostHunter Help Page

$ python3 ./hosthunter.py targets.txt -h
usage: hosthunter.py [-h] [-f FORMAT] [-o OUTPUT] [-sc] [-t TARGET] [-V] [targets]

[?] HostHunter v1.6 - Help Page

positional arguments:
  targets               Sets the path of the target IPs file.

optional arguments:
  -h, --help            show this help message and exit
  -f FORMAT, --format FORMAT
                        Choose between CSV and TXT output file formats.
  -o OUTPUT, --output OUTPUT
                        Sets the path of the output file.
  -sc, --screen-capture
                        Capture a screenshot of any associated Web Applications.
  -t TARGET, --target TARGET
                        Scan a Single IP.
  -V, --version         Displays the current version.

Author: Andreas Georgiou (@superhedgy)

Run HostHunter Screen Capture module and output a Nessus file:

$ python3 hosthunter.py <targets.txt> -sc -f csv -o hosts.csv

Display Results

$ cat hosts.csv

View Screenshots

$ open ./screen_captures/

Features

• Works with Python3
• Extracts information from SSL/TLS certificates.
• Supports Free HackerTarget API requests.
• Takes Screenshots of the target applications.
• Validates the targets IPv4 address.
• Supports .txt and .csv output file formats
• Gathers information from HTTP headers.
• Verifies Internet access.
• Retrieves hostname values from services at 21/tcp, 25/tcp, 80/tcp and 443/tcp ports.
• Supports Nessus target format output.

Coming Next

• Improve output (IPs, HostNames, FQDNs)
• Pause and Resume Execution
• Support for a Premium HackerTarget API key
• Support for IPv6
• Gather information from additional APIs
• Actively pull SSL certificates from other TCP ports

Notes

• Free APIs throttle the amount of requests per day per source IP address.

License

This project is licensed under the MIT License.

Authors

• Andreas Georgiou - follow me on twitter - @superhedgy

StarGazers

Thank you for all the support & feedback!