HostHunter main features
HostHunter is a python3-based tool that is specifically designed to discover the domains or hostnames that belong to one or more public IP addresses. We can pass this tool a TXT file with all the IP addresses that we want to investigate, the tool will automatically indicate all the domains found in a certain public IP address, in addition, it could also indicate if there is any web app running in that IP address in concrete. This recognition is done through simple OSINT techniques, so it does not really carry out any type of active attack.
Other very important characteristics of HostHunter, is that it will allow us to export to a TXT text file or to an Excel file of type CSV all the information that has been collected from the different objectives or “targets”, thanks to this, we will be able to save this information for its subsequent treatment and investigation, without the need to run the tool again whenever we want to obtain that information.
A very important detail of this small program is that it will allow us to put in the text file as many target IP addresses as we want, it is not necessary to go one by one to do it, directly in a text file we will write the IP addresses in each line that we want to investigate. Other characteristics of this program is that it allows us to extract information from the SSL / TLS certificates that different websites have associated with a corresponding IP address, it is also capable of taking screenshots, validating the added IPv4 addresses and even obtaining information from the HTTP headers. Lastly, it is also able to get the hostname values of the FTP, SMTP, HTTP and HTTPS services with their default ports.
Installation and commissioning
This program is really a Python3 script that performs all the processes automatically, however, it is necessary to install both python3 in our operating system, as well as some additional requirements that we can download directly from the HostHunter official project on GitHub. We have used a Debian 11 operating system, updated to the latest version, to carry out tests with this program.
The first thing we have to do is have python3 and python-pip and all their necessary dependencies installed in our operating system:
sudo apt install python3 python3-pip
Below, you can see a capture of all the necessary dependencies for a Debian operating system, if we install “python-pip” it will only install the pip2 version, if we put “python3-pip” to install it, it will install version 3:
Once we have indicated “Y”, all the packages necessary for the operation of this interesting tool are automatically downloaded and installed.
Now we have to clone the HostHunter GitHub repository, for this, we must have “git” installed on our operating system, with all its corresponding dependencies:
sudo apt install git
Once installed, we go to a directory where we can download this program, for example, in / home / user /, and we will have to execute the following command, to clone the GitHub repository:
git clone https://github.com/SpiderLabs/HostHunter/
Once the entire repository has been cloned, we must enter it by placing the command:
Now we are going to install all the necessary packages to be able to use HostHunter correctly, for this, we must install certain additional packages with apt and with pip3. We must make sure that we have the python3-pip (pip3) version, otherwise it will give us an error.
We install the Curl program to later use it.
sudo apt install curl
We download and install Rust to be able to use the necessary packages in the program.
curl https://sh.rustup.rs -sSf | sh
pip3 install rust
pip3 install cryptography
Now we download and install all the necessary requirements to function properly.
pip3 install -r requirements.txt
By installing all of these packages above, you should now be able to successfully run the HostHunter tool, but before you can fully do so, you need to install something else to have the screenshot feature. To have this functionality we need to download the latest version of Google Chrome and install it.
dpkg -i ./google-chrome-stable_current_amd64.deb
And download the latest version of ChromeDriver for our operating system:
wget -O /tmp/chromedriver.zip https://chromedriver.storage.googleapis.com/74.0.3729.6/chromedriver_linux64.zip && sudo unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/;
Once we have installed everything, we can restart to make sure that everything is correctly installed and does not return any type of error. The syntax that we must use to execute this program is very simple, we simply have to do the following:
python3 hosthunter.py targets.txt -h
In the text file targets.txt we should have the list of all the IP addresses that we want to check. We have put a public IP address that belongs to our websites, therefore, we should see a domain, we have also put a Google IP address, to show us the hostname or if there is a web application that uses this added public IP.
If when executing the previous command, we get this error in the fake_useragent module:
python3 hosthunter.py targets.txt -h
Traceback (most recent call last):
File "hosthunter.py", line 48, in <module>
ua = UserAgent(use_cache_server=False)
File "/usr/local/lib/python3.7/dist-packages/fake_useragent/fake.py", line 69, in __init__
File "/usr/local/lib/python3.7/dist-packages/fake_useragent/fake.py", line 78, in load
File "/usr/local/lib/python3.7/dist-packages/fake_useragent/utils.py", line 250, in load_cached
update(path, use_cache_server=use_cache_server, verify_ssl=verify_ssl)
File "/usr/local/lib/python3.7/dist-packages/fake_useragent/utils.py", line 245, in update
write(path, load(use_cache_server=use_cache_server, verify_ssl=verify_ssl))
File "/usr/local/lib/python3.7/dist-packages/fake_useragent/utils.py", line 178, in load
File "/usr/local/lib/python3.7/dist-packages/fake_useragent/utils.py", line 154, in load
for item in get_browsers(verify_ssl=verify_ssl):
File "/usr/local/lib/python3.7/dist-packages/fake_useragent/utils.py", line 99, in get_browsers
html = html.split('<table class="w3-table-all notranslate">')
IndexError: list index out of range
In the following screenshot you can see it:
We have to edit the file /usr/local/lib/python3.7/dist-packages/fake_useragent/utils.py with nano or Vim, go to line 99 and change the “w3” to “ws” right here: