Internet

Extract all domains from one or more public IP addresses

HostHunter main features

HostHunter is a python3-based tool that is specifically designed to discover the domains or hostnames that belong to one or more public IP addresses. We can pass this tool a TXT file with all the IP addresses that we want to investigate, the tool will automatically indicate all the domains found in a certain public IP address, in addition, it could also indicate if there is any web app running in that IP address in concrete. This recognition is done through simple OSINT techniques, so it does not really carry out any type of active attack.

Other very important characteristics of HostHunter, is that it will allow us to export to a TXT text file or to an Excel file of type CSV all the information that has been collected from the different objectives or “targets”, thanks to this, we will be able to save this information for its subsequent treatment and investigation, without the need to run the tool again whenever we want to obtain that information.

A very important detail of this small program is that it will allow us to put in the text file as many target IP addresses as we want, it is not necessary to go one by one to do it, directly in a text file we will write the IP addresses in each line that we want to investigate. Other characteristics of this program is that it allows us to extract information from the SSL / TLS certificates that different websites have associated with a corresponding IP address, it is also capable of taking screenshots, validating the added IPv4 addresses and even obtaining information from the HTTP headers. Lastly, it is also able to get the hostname values ​​of the FTP, SMTP, HTTP and HTTPS services with their default ports.

Installation and commissioning

This program is really a Python3 script that performs all the processes automatically, however, it is necessary to install both python3 in our operating system, as well as some additional requirements that we can download directly from the HostHunter official project on GitHub. We have used a Debian 11 operating system, updated to the latest version, to carry out tests with this program.

The first thing we have to do is have python3 and python-pip and all their necessary dependencies installed in our operating system:

sudo apt install python3 python3-pip

Below, you can see a capture of all the necessary dependencies for a Debian operating system, if we install “python-pip” it will only install the pip2 version, if we put “python3-pip” to install it, it will install version 3:

Once we have indicated “Y”, all the packages necessary for the operation of this interesting tool are automatically downloaded and installed.

Now we have to clone the HostHunter GitHub repository, for this, we must have “git” installed on our operating system, with all its corresponding dependencies:

sudo apt install git

Once installed, we go to a directory where we can download this program, for example, in / home / user /, and we will have to execute the following command, to clone the GitHub repository:

git clone https://github.com/SpiderLabs/HostHunter/

Once the entire repository has been cloned, we must enter it by placing the command:

cd HostHunter

Now we are going to install all the necessary packages to be able to use HostHunter correctly, for this, we must install certain additional packages with apt and with pip3. We must make sure that we have the python3-pip (pip3) version, otherwise it will give us an error.

We install the Curl program to later use it.

sudo apt install curl

We download and install Rust to be able to use the necessary packages in the program.

curl https://sh.rustup.rs -sSf | sh
pip3 install rust
pip3 install cryptography

Now we download and install all the necessary requirements to function properly.

pip3 install -r requirements.txt

By installing all of these packages above, you should now be able to successfully run the HostHunter tool, but before you can fully do so, you need to install something else to have the screenshot feature. To have this functionality we need to download the latest version of Google Chrome and install it.

wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb

dpkg -i ./google-chrome-stable_current_amd64.deb

And download the latest version of ChromeDriver for our operating system:

wget -O /tmp/chromedriver.zip https://chromedriver.storage.googleapis.com/74.0.3729.6/chromedriver_linux64.zip && sudo unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/;

Functioning

Once we have installed everything, we can restart to make sure that everything is correctly installed and does not return any type of error. The syntax that we must use to execute this program is very simple, we simply have to do the following:

python3 hosthunter.py targets.txt -h

In the text file targets.txt we should have the list of all the IP addresses that we want to check. We have put a public IP address that belongs to our websites, therefore, we should see a domain, we have also put a Google IP address, to show us the hostname or if there is a web application that uses this added public IP.

If when executing the previous command, we get this error in the fake_useragent module:

python3 hosthunter.py targets.txt -h
Traceback (most recent call last):
File "hosthunter.py", line 48, in <module>
ua = UserAgent(use_cache_server=False)
File "/usr/local/lib/python3.7/dist-packages/fake_useragent/fake.py", line 69, in __init__
self.load()
File "/usr/local/lib/python3.7/dist-packages/fake_useragent/fake.py", line 78, in load
verify_ssl=self.verify_ssl,
File "/usr/local/lib/python3.7/dist-packages/fake_useragent/utils.py", line 250, in load_cached
update(path, use_cache_server=use_cache_server, verify_ssl=verify_ssl)
File "/usr/local/lib/python3.7/dist-packages/fake_useragent/utils.py", line 245, in update
write(path, load(use_cache_server=use_cache_server, verify_ssl=verify_ssl))
File "/usr/local/lib/python3.7/dist-packages/fake_useragent/utils.py", line 178, in load
raise exc
File "/usr/local/lib/python3.7/dist-packages/fake_useragent/utils.py", line 154, in load
for item in get_browsers(verify_ssl=verify_ssl):
File "/usr/local/lib/python3.7/dist-packages/fake_useragent/utils.py", line 99, in get_browsers
html = html.split('<table class="w3-table-all notranslate">')[1]
IndexError: list index out of range

In the following screenshot you can see it:

We have to edit the file /usr/local/lib/python3.7/dist-packages/fake_useragent/utils.py with nano or Vim, go to line 99 and change the “w3” to “ws” right here:

Once done, we save changes and we can run the HostHunter command again and it will work perfectly.

python3 hosthunter.py targets.txt -h

If we want to export the information to a text or CSV file, we must put the following commands respectively:

python3 hosthunter.py targets.txt -f txt -o hosts.txt
python3 hosthunter.py targets.txt -f csv -o hosts.csv

In the following image you can see part of the information that it is capable of obtaining for each IP address that we have passed to it:

We recommend you access the HostHunter official project on GitHub where you will find all the details about this interesting tool.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *