HEDnsExtractor: A suite for hunting suspicious targets, expose domains and phishing discovery
HEDnsExtractor
A suite for hunting suspicious targets, exposing domains, and phishing discovery
Features
- Implementing workflows with yaml ?
- Adds support to work with multiple domains as target ?
- Regex support
- VirusTotal Integration
- Adds support to work with IPv6 filters ?
- Extract networks based on IP/Domain
- Extract domains from networks.
Install
go install -v github.com/HuntDownProject/hednsextractor/cmd/hednsextractor@latest
Use
[pastacode lang=”markup” manual=”HEDnsExtractor%20-%20Raw%20html%20extractor%20from%20Hurricane%20Electric%20portal!%0A%0AUsage%3A%0A%20%20hednsextractor%20%5Bflags%5D%0A%0AFlags%3A%0ACONFIGURATION%3A%0A%20%20%20-config%20string%20%20flag%20config%20file%20(default%20%22%2Fhome%2Fhunter%2F.config%2Fhednsextractor%2Fconfig.yaml%22)%0A%0AVIRUSTOTAL%3A%0A%20%20%20-vt%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20show%20Virustotal%20score%0A%20%20%20-vt-api-key%20string%20%20Virustotal%20API%20Key%0A%20%20%20-vt-score%20string%20%20%20%20Minimum%20Virustotal%20score%20to%20show%20(default%20%220%22)%0A%0AOTHER%20OPTIONS%3A%0A%20%20%20-only-domains%20%20%20%20%20show%20only%20domains%0A%20%20%20-only-networks%20%20%20%20show%20only%20networks%0A%20%20%20-workflow%20string%20%20Workflow%20config%0A%20%20%20-target%20string%20%20%20%20IP%20Address%20or%20Network%20to%20query%0A%20%20%20-silent%20%20%20%20%20%20%20%20%20%20%20show%20silent%20output%0A%20%20%20-verbose%20%20%20%20%20%20%20%20%20%20show%20verbose%20output” message=”” highlight=”” provider=”manual”/]
Running
Getting the IP Addresses used for hackerone.com, and enumerating only the networks.
[pastacode lang=”markup” manual=”nslookup%20hackerone.com%20%7C%20awk%20’%2FAddress%3A%20%2F%20%7Bprint%20%242%7D’%20%7C%20hednsextractor%20-silent%20-only-networks%0A%0A%5BINF%5D%20%5B104.16.99.52%5D%20104.16.0.0%2F12%0A%5BINF%5D%20%5B104.16.99.52%5D%20104.16.96.0%2F20″ message=”” highlight=”” provider=”manual”/]
Getting the IP Addresses used for hackerone.com, and enumerating only the domains (using tail to show the first 10 results).
[pastacode lang=”markup” manual=”nslookup%20hackerone.com%20%7C%20awk%20’%2FAddress%3A%20%2F%20%7Bprint%20%242%7D’%20%7C%20hednsextractor%20-silent%20-only-domains%20%7C%20tail%20-n%2010%0A%0Aherllus.com%0Ahezzy.store%0Ahilariostore.com%0Ahiperdrop.com%0Ahippratas.online%0Ahitsstory.com%0Ahobbyshop.site%0Aholyangelstore.com%0Aholzfallerstore.fun%0Ahomedescontoo.com” message=”” highlight=”” provider=”manual”/]
Running with Virustotal
Edit the config file and add the Virustotal API Key
cat $HOME/.config/hednsextractor/config.yaml
[pastacode lang=”markup” manual=”%23%20hednsextractor%20config%20file%0A%23%20generated%20by%20https%3A%2F%2Fgithub.com%2Fprojectdiscovery%2Fgoflags%0A%0A%23%20show%20only%20domains%0A%23only-domains%3A%20false%0A%0A%23%20show%20only%20networks%0A%23only-networks%3A%20false%0A%0A%23%20show%20virustotal%20score%0A%23vt%3A%20false%0A%0A%23%20minimum%20virustotal%20score%20to%20show%0A%23vt-score%3A%200%0A%0A%23%20ip%20address%20or%20network%20to%20query%0A%23target%3A%20%0A%0A%23%20show%20silent%20output%0A%23silent%3A%20false%0A%0A%23%20show%20verbose%20output%0A%23verbose%3A%20false%0A%0A%23%20virustotal%20api%20key%0Avt-api-key%3A%20Your%20API%20Key%20goes%20here” message=”” highlight=”” provider=”manual”/]
So, run the hednsextractor with -vt parameter.
And the output will be as below
[pastacode lang=”markup” manual=”%E2%95%AD%E2%95%AE%E2%95%B1%E2%95%AD%E2%94%B3%E2%94%81%E2%94%81%E2%94%81%E2%94%B3%E2%94%81%E2%94%81%E2%94%81%E2%95%AE%E2%95%B1%E2%95%B1%E2%95%B1%E2%95%B1%E2%95%B1%E2%95%AD%E2%94%81%E2%94%81%E2%94%81%E2%95%AE%E2%95%B1%E2%95%B1%E2%95%AD%E2%95%AE%E2%95%B1%E2%95%B1%E2%95%B1%E2%95%B1%E2%95%B1%E2%95%B1%E2%95%B1%E2%95%B1%E2%95%AD%E2%95%AE%0A%E2%94%83%E2%94%83%E2%95%B1%E2%94%83%E2%94%83%E2%95%AD%E2%94%81%E2%94%81%E2%94%BB%E2%95%AE%E2%95%AD%E2%95%AE%E2%94%83%E2%95%B1%E2%95%B1%E2%95%B1%E2%95%B1%E2%95%B1%E2%94%83%E2%95%AD%E2%94%81%E2%94%81%E2%95%AF%E2%95%B1%E2%95%AD%E2%95%AF%E2%95%B0%E2%95%AE%E2%95%B1%E2%95%B1%E2%95%B1%E2%95%B1%E2%95%B1%E2%95%B1%E2%95%AD%E2%95%AF%E2%95%B0%E2%95%AE%0A%E2%94%83%E2%95%B0%E2%94%81%E2%95%AF%E2%94%83%E2%95%B0%E2%94%81%E2%94%81%E2%95%AE%E2%94%83%E2%94%83%E2%94%83%E2%94%A3%E2%94%81%E2%95%AE%E2%95%AD%E2%94%81%E2%94%81%E2%94%AB%E2%95%B0%E2%94%81%E2%94%81%E2%94%B3%E2%95%AE%E2%94%A3%E2%95%AE%E2%95%AD%E2%95%8B%E2%94%81%E2%94%B3%E2%94%81%E2%94%81%E2%94%B3%E2%94%81%E2%94%BB%E2%95%AE%E2%95%AD%E2%95%8B%E2%94%81%E2%94%81%E2%94%B3%E2%94%81%E2%95%AE%0A%E2%94%83%E2%95%AD%E2%94%81%E2%95%AE%E2%94%83%E2%95%AD%E2%94%81%E2%94%81%E2%95%AF%E2%94%83%E2%94%83%E2%94%83%E2%94%83%E2%95%AD%E2%95%AE%E2%94%AB%E2%94%81%E2%94%81%E2%94%AB%E2%95%AD%E2%94%81%E2%94%81%E2%94%BB%E2%95%8B%E2%95%8B%E2%94%AB%E2%94%83%E2%94%83%E2%95%AD%E2%94%AB%E2%95%AD%E2%95%AE%E2%94%83%E2%95%AD%E2%94%81%E2%94%AB%E2%94%83%E2%94%83%E2%95%AD%E2%95%AE%E2%94%83%E2%95%AD%E2%95%AF%0A%E2%94%83%E2%94%83%E2%95%B1%E2%94%83%E2%94%83%E2%95%B0%E2%94%81%E2%94%81%E2%94%B3%E2%95%AF%E2%95%B0%E2%95%AF%E2%94%83%E2%94%83%E2%94%83%E2%94%A3%E2%94%81%E2%94%81%E2%94%83%E2%95%B0%E2%94%81%E2%94%81%E2%94%B3%E2%95%8B%E2%95%8B%E2%94%AB%E2%95%B0%E2%94%AB%E2%94%83%E2%94%83%E2%95%AD%E2%95%AE%E2%94%83%E2%95%B0%E2%94%81%E2%94%AB%E2%95%B0%E2%94%AB%E2%95%B0%E2%95%AF%E2%94%83%E2%94%83%0A%E2%95%B0%E2%95%AF%E2%95%B1%E2%95%B0%E2%94%BB%E2%94%81%E2%94%81%E2%94%81%E2%94%BB%E2%94%81%E2%94%81%E2%94%81%E2%94%BB%E2%95%AF%E2%95%B0%E2%94%BB%E2%94%81%E2%94%81%E2%94%BB%E2%94%81%E2%94%81%E2%94%81%E2%94%BB%E2%95%AF%E2%95%B0%E2%94%BB%E2%94%81%E2%94%BB%E2%95%AF%E2%95%B0%E2%95%AF%E2%95%B0%E2%94%BB%E2%94%81%E2%94%81%E2%94%BB%E2%94%81%E2%94%BB%E2%94%81%E2%94%81%E2%94%BB%E2%95%AF%0A%0A%5BINF%5D%20Current%20hednsextractor%20version%20v1.0.0%0A%5BINF%5D%20%5B104.16.0.0%2F12%5D%20domain%3A%20ohst.ltd%20VT%20Score%3A%200%0A%5BINF%5D%20%5B104.16.0.0%2F12%5D%20domain%3A%20jxcraft.net%20VT%20Score%3A%200%0A%5BINF%5D%20%5B104.16.0.0%2F12%5D%20domain%3A%20teatimegm.com%20VT%20Score%3A%202%0A%5BINF%5D%20%5B104.16.0.0%2F12%5D%20domain%3A%20debugcheat.com%20VT%20Score%3A%200″ message=”” highlight=”” provider=”manual”/]
Copyright (C) 2024 HuntDownProject
Source: https://github.com/HuntDownProject/
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
