{"id":13538380,"url":"https://github.com/fportantier/habu","last_synced_at":"2025-12-30T08:05:42.291Z","repository":{"id":54751295,"uuid":"100660001","full_name":"fportantier/habu","owner":"fportantier","description":"Hacking Toolkit","archived":false,"fork":false,"pushed_at":"2023-11-22T09:41:22.000Z","size":1797,"stargazers_count":859,"open_issues_count":2,"forks_count":154,"subscribers_count":42,"default_branch":"master","last_synced_at":"2024-05-20T11:03:52.239Z","etag":null,"topics":["hacking","linux","network-analysis","networking","penetration-testing","pentest","pentest-tool","pentesting","pentesting-networks","python3","scapy","security-audit","security-testing","security-tools","windows"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fportantier.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2017-08-18T01:27:38.000Z","updated_at":"2024-05-18T13:54:59.000Z","dependencies_parsed_at":"2024-04-19T11:47:44.787Z","dependency_job_id":null,"html_url":"https://github.com/fportantier/habu","commit_stats":{"total_commits":338,"total_committers":6,"mean_commits":"56.333333333333336","dds":"0.44378698224852076","last_synced_commit":"8326936afdff9a3b900a6045c84079d7d782c807"},"previous_names":["portantier/habu"],"tags_count":33,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fportantier%2Fhabu","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fportantier%2Fhabu/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fportantier%2Fhabu/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fportantier%2Fhabu/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fportantier","download_url":"https://codeload.github.com/fportantier/habu/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246763805,"owners_count":20829795,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacking","linux","network-analysis","networking","penetration-testing","pentest","pentest-tool","pentesting","pentesting-networks","python3","scapy","security-audit","security-testing","security-tools","windows"],"created_at":"2024-08-01T09:01:11.173Z","updated_at":"2025-12-14T13:34:15.949Z","avatar_url":"https://github.com/fportantier.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e工具","Python","Tools"],"sub_categories":["\u003ca id=\"31185b925d5152c7469b963809ceb22d\"\u003e\u003c/a\u003e新添加的"],"readme":"Habu Hacking Toolkit\n====================\n\nI'm developing Habu to teach (and learn) some concepts about Python and\nNetwork Hacking.\n\nSome techniques implemented in the current version are:\n\n* ARP Poisoning and Sniffing\n* DHCP Discover and Starvation\n* Subdomains Identification\n* Certificate Cloning\n* TCP Analysis (ISN, Flags)\n* Username check on social networks\n* Web Techonologies Identification\n* and a lot more!\n\nThe development of this software is supported by Securetia SRL (https://www.securetia.com/)\n\n\nHacking with Habu\n-----------------\n\nVarious useful usage scenarios are detailed in https://fportantier.github.io/hacking-with-habu/\n\n\nUsage Videos\n------------\n\nThe following Youtube Playlist has videos that shows the installation\nand usage:\n\nhttps://www.youtube.com/watch?v=rgp9seLLyqE\u0026list=PL4HZnX8VnFXqSvNw7x-bXOn0dgxNdfnVD\n\n\nTelegram Group\n--------------\n\nIf you want to discuss some Habu features, possible improvements, etc,\nyou can use the Habu Telegram Group: https://t.me/python_habu\n\n\nContributing\n------------\n\nIssues and pull requests must be sent to github repo:\nhttps://github.com/fportantier/habu\n\n\nInstallation\n------------\n\nRecommended way to install:\n\n::\n\n $ python3 -m pip install --upgrade git+https://github.com/fportantier/habu.git\n\n\nThis must works on any system that has Python 3 installed. \n\n**Note:** On some systems (like Microsoft Windows) you must adjust the command to\npoint to the correct path of the Python executable.\n\n\nUpgrade\n-------\n\nNow we have a command to upgrade directly from the Git repo and clean any old\ncommand that not longer exists or that has been renamed.\n\n::\n\n $ habu.upgrade\n\n\nGet Help\n--------\n\nAll the commands implement the option '--help', that shows the help,\narguments, options, and default values.\n\n\nVerbose Mode\n------------\n\nAlmost all commands implement the verbose mode with the '-v' option.\nThis can give you some extra info about what habu is doing.\n\n\nCommands Index\n--------------\n\n* `arp.ping \u003c#habuarpping\u003e`_\n* `arp.poison \u003c#habuarppoison\u003e`_\n* `arp.sniff \u003c#habuarpsniff\u003e`_\n* `asydns \u003c#habuasydns\u003e`_\n* `b64 \u003c#habub64\u003e`_\n* `cert.clone \u003c#habucertclone\u003e`_\n* `cert.crtsh \u003c#habucertcrtsh\u003e`_\n* `cert.names \u003c#habucertnames\u003e`_\n* `config.del \u003c#habuconfigdel\u003e`_\n* `config.set \u003c#habuconfigset\u003e`_\n* `config.show \u003c#habuconfigshow\u003e`_\n* `crack.luhn \u003c#habucrackluhn\u003e`_\n* `crack.snmp \u003c#habucracksnmp\u003e`_\n* `crypto.fernet \u003c#habucryptofernet\u003e`_\n* `crypto.fernet.genkey \u003c#habucryptofernetgenkey\u003e`_\n* `crypto.gppref \u003c#habucryptogppref\u003e`_\n* `crypto.hasher \u003c#habucryptohasher\u003e`_\n* `crypto.xor \u003c#habucryptoxor\u003e`_\n* `data.enrich \u003c#habudataenrich\u003e`_\n* `data.extract.domain \u003c#habudataextractdomain\u003e`_\n* `data.extract.email \u003c#habudataextractemail\u003e`_\n* `data.extract.fqdn \u003c#habudataextractfqdn\u003e`_\n* `data.extract.ipv4 \u003c#habudataextractipv4\u003e`_\n* `data.filter \u003c#habudatafilter\u003e`_\n* `data.select \u003c#habudataselect\u003e`_\n* `dhcp.discover \u003c#habudhcpdiscover\u003e`_\n* `dhcp.starvation \u003c#habudhcpstarvation\u003e`_\n* `dns.lookup.forward \u003c#habudnslookupforward\u003e`_\n* `dns.lookup.reverse \u003c#habudnslookupreverse\u003e`_\n* `eicar \u003c#habueicar\u003e`_\n* `forkbomb \u003c#habuforkbomb\u003e`_\n* `fqdn.finder \u003c#habufqdnfinder\u003e`_\n* `gateway.find \u003c#habugatewayfind\u003e`_\n* `host \u003c#habuhost\u003e`_\n* `http.headers \u003c#habuhttpheaders\u003e`_\n* `http.options \u003c#habuhttpoptions\u003e`_\n* `http.tech \u003c#habuhttptech\u003e`_\n* `icmp.ping \u003c#habuicmpping\u003e`_\n* `ip.asn \u003c#habuipasn\u003e`_\n* `ip.geolocation \u003c#habuipgeolocation\u003e`_\n* `ip.internal \u003c#habuipinternal\u003e`_\n* `ip.public \u003c#habuippublic\u003e`_\n* `karma \u003c#habukarma\u003e`_\n* `karma.bulk \u003c#habukarmabulk\u003e`_\n* `land \u003c#habuland\u003e`_\n* `nc \u003c#habunc\u003e`_\n* `net.contest \u003c#habunetcontest\u003e`_\n* `net.interfaces \u003c#habunetinterfaces\u003e`_\n* `nmap.excluded \u003c#habunmapexcluded\u003e`_\n* `nmap.open \u003c#habunmapopen\u003e`_\n* `nmap.ports \u003c#habunmapports\u003e`_\n* `protoscan \u003c#habuprotoscan\u003e`_\n* `server.ftp \u003c#habuserverftp\u003e`_\n* `shodan \u003c#habushodan\u003e`_\n* `shodan.query \u003c#habushodanquery\u003e`_\n* `tcp.flags \u003c#habutcpflags\u003e`_\n* `tcp.isn \u003c#habutcpisn\u003e`_\n* `tcp.scan \u003c#habutcpscan\u003e`_\n* `tcp.synflood \u003c#habutcpsynflood\u003e`_\n* `traceroute \u003c#habutraceroute\u003e`_\n* `upgrade \u003c#habuupgrade\u003e`_\n* `usercheck \u003c#habuusercheck\u003e`_\n* `version \u003c#habuversion\u003e`_\n* `vhosts \u003c#habuvhosts\u003e`_\n* `virustotal \u003c#habuvirustotal\u003e`_\n* `web.report \u003c#habuwebreport\u003e`_\n* `web.screenshot \u003c#habuwebscreenshot\u003e`_\n* `whois.domain \u003c#habuwhoisdomain\u003e`_\n* `whois.ip \u003c#habuwhoisip\u003e`_\n\nhabu.arp.ping\n-------------\n\n.. code-block::\n\n Usage: habu.arp.ping [OPTIONS] IP\n \n Send ARP packets to check if a host it's alive in the local network.\n \n Example:\n \n # habu.arp.ping 192.168.0.1\n Ether / ARP is at a4:08:f5:19:17:a4 says 192.168.0.1 / Padding\n \n Options:\n -i TEXT Interface to use\n -v Verbose output\n --help Show this message and exit.\n \n\nhabu.arp.poison\n---------------\n\n.. code-block::\n\n Usage: habu.arp.poison [OPTIONS] VICTIM1 VICTIM2\n \n Send ARP 'is-at' packets to each victim, poisoning their ARP tables for\n send the traffic to your system.\n \n Note: If you want a full working Man In The Middle attack, you need to\n enable the packet forwarding on your operating system to act like a\n router. You can do that using:\n \n # echo 1 \u003e /proc/sys/net/ipv4/ip_forward\n \n Example:\n \n # habu.arpoison 192.168.0.1 192.168.0.77\n Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.77\n Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.70\n Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.77\n ...\n \n Options:\n -i TEXT Interface to use\n -v Verbose\n --help Show this message and exit.\n \n\nhabu.arp.sniff\n--------------\n\n.. code-block::\n\n Usage: habu.arp.sniff [OPTIONS]\n \n Listen for ARP packets and show information for each device.\n \n Columns: Seconds from last packet | IP | MAC | Vendor\n \n Example:\n \n 1 192.168.0.1 a4:08:f5:19:17:a4 Sagemcom Broadband SAS\n 7 192.168.0.2 64:bc:0c:33:e5:57 LG Electronics (Mobile Communications)\n 2 192.168.0.5 00:c2:c6:30:2c:58 Intel Corporate\n 6 192.168.0.7 54:f2:01:db:35:58 Samsung Electronics Co.,Ltd\n \n Options:\n -i TEXT Interface to use\n --help Show this message and exit.\n \n\nhabu.asydns\n-----------\n\n.. code-block::\n\n Usage: habu.asydns [OPTIONS]\n \n Requests a DNS domain name based on public and private RSA keys using the\n AsyDNS protocol https://github.com/portantier/asydns\n \n Example:\n \n $ habu.asydns -v\n Generating RSA key ...\n Loading RSA key ...\n {\n \"ip\": \"181.31.41.231\",\n \"name\": \"07286e90fd6e7e6be61d6a7919967c7cf3bbfb23a36edbc72b6d7c53.a.asydns.org\"\n }\n \n $ dig +short 07286e90fd6e7e6be61d6a7919967c7cf3bbfb23a36edbc72b6d7c53.a.asydns.org\n 181.31.41.231\n \n Options:\n -u TEXT API URL\n -g Force the generation of a new key pair\n -r Revoke the public key\n -v Verbose output\n --help Show this message and exit.\n \n\nhabu.b64\n--------\n\n.. code-block::\n\n Usage: habu.b64 [OPTIONS] [F]\n \n Encodes or decode data in base64, just like the command base64.\n \n $ echo awesome | habu.b64\n YXdlc29tZQo=\n \n $ echo YXdlc29tZQo= | habu.b64 -d\n awesome\n \n Options:\n -d decode instead of encode\n --help Show this message and exit.\n \n\nhabu.cert.clone\n---------------\n\n.. code-block::\n\n Usage: habu.cert.clone [OPTIONS] HOSTNAME PORT KEYFILE CERTFILE\n \n Connect to an SSL/TLS server, get the certificate and generate a\n certificate with the same options and field values.\n \n Note: The generated certificate is invalid, but can be used for social\n engineering attacks\n \n Example:\n \n $ habu.certclone www.google.com 443 /tmp/key.pem /tmp/cert.pem\n \n Options:\n --copy-extensions Copy certificate extensions (default: False)\n --expired Generate an expired certificate (default: False)\n -v Verbose\n --help Show this message and exit.\n \n\nhabu.cert.crtsh\n---------------\n\n.. code-block::\n\n Usage: habu.cert.crtsh [OPTIONS] DOMAIN\n \n Downloads the certificate transparency logs for a domain and check with\n DNS queries if each subdomain exists.\n \n Uses multithreading to improve the performance of the DNS queries.\n \n Example:\n \n $ habu.crtsh securetia.com\n alt.securetia.com\n other.securetia.com\n www.securetia.com\n \n Options:\n -c Disable cache\n -n Disable DNS subdomain validation\n -v Verbose output\n --json Print the output in JSON format\n --help Show this message and exit.\n \n\nhabu.cert.names\n---------------\n\n.. code-block::\n\n Usage: habu.cert.names [OPTIONS] [NETWORK]\n \n Connects to each host/port and shows a summary of the certificate names.\n \n The hosts to connect to are taken from two possible options:\n \n 1. -i option (default: stdin). A file where each line is a host or network\n \n 2. An argument that can be a host or network\n \n If you use both methods, the hosts and networks are merged into one list.\n \n Example:\n \n $ habu.cert.names 2.18.60.240/29\n 2.18.60.241 443 i.s-microsoft.com microsoft.com privacy.microsoft.com\n 2.18.60.242 443 aod-ssl.itunes.apple.com aod.itunes.apple.com aodp-ssl.itunes.apple.com\n 2.18.60.243 443 *.mlb.com mlb.com\n 2.18.60.244 443 [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:1056)\n 2.18.60.245 443 cert2-cn-public-ubiservices.ubi.com cert2-cn-public-ws-ubiservices.ubi.com\n 2.18.60.246 443 *.blog.sina.com.cn *.dmp.sina.cn\n \n aod.itunes.apple.com\n aodp-ssl.itunes.apple.com\n aod-ssl.itunes.apple.com\n *.blog.sina.com.cn\n cert2-cn-public-ubiservices.ubi.com\n cert2-cn-public-ws-ubiservices.ubi.com\n *.dmp.sina.cn\n i.s-microsoft.com microsoft.com\n *.mlb.com mlb.com\n privacy.microsoft.com\n \n Options:\n -p TEXT Ports to connect to (comma separated list)\n -i FILENAME Input file (Default: stdin)\n -t FLOAT Time to wait for each connection\n -v Verbose output\n --json Print the output in JSON format\n --help Show this message and exit.\n \n\nhabu.config.del\n---------------\n\n.. code-block::\n\n Usage: habu.config.del [OPTIONS] KEY\n \n Delete a KEY from the configuration.\n \n Note: By default, KEY is converted to uppercase.\n \n Example:\n \n $ habu.config.del DNS_SERVER\n \n Options:\n --help Show this message and exit.\n \n\nhabu.config.set\n---------------\n\n.. code-block::\n\n Usage: habu.config.set [OPTIONS] KEY VALUE\n \n Set VALUE to the config KEY.\n \n Note: By default, KEY is converted to uppercase.\n \n Example:\n \n $ habu.config.set DNS_SERVER 8.8.8.8\n \n Options:\n --help Show this message and exit.\n \n\nhabu.config.show\n----------------\n\n.. code-block::\n\n Usage: habu.config.show [OPTIONS]\n \n Show the current config.\n \n Note: By default, the options with 'KEY' in their name are shadowed.\n \n Example:\n \n $ habu.config.show\n {\n \"DNS_SERVER\": \"8.8.8.8\",\n \"FERNET_KEY\": \"*************\"\n }\n \n Options:\n -k, --show-keys Show also the key values\n --option TEXT... Write to the config(KEY VALUE)\n --help Show this message and exit.\n \n\nhabu.crack.luhn\n---------------\n\n.. code-block::\n\n Usage: habu.crack.luhn [OPTIONS] NUMBER\n \n Having known values for a Luhn validated number, obtain the possible\n unknown numbers.\n \n Numbers that use the Luhn algorithm for validation are Credit Cards, IMEI,\n National Provider Identifier in the United States, Canadian Social\n Insurance Numbers, Israel ID Numbers and Greek Social Security Numbers\n (ΑΜΚΑ).\n \n The '-' characters are ignored.\n \n Define the missing numbers with the 'x' character.\n \n Reference: https://en.wikipedia.org/wiki/Luhn_algorithm\n \n Example:\n \n $ habu.crack.luhn 4509-xx08-3160-6445\n 4509000831606445\n 4509180831606445\n 4509260831606445\n 4509340831606445\n 4509420831606445\n 4509590831606445\n 4509670831606445\n 4509750831606445\n 4509830831606445\n 4509910831606445\n \n Options:\n --help Show this message and exit.\n \n\nhabu.crack.snmp\n---------------\n\n.. code-block::\n\n Usage: habu.crack.snmp [OPTIONS] IP\n \n Launches snmp-get queries against an IP, and tells you when finds a valid\n community string (is a simple SNMP cracker).\n \n The dictionary used is the distributed with the onesixtyone tool\n https://github.com/trailofbits/onesixtyone\n \n Example:\n \n # habu.crack.snmp 179.125.234.210\n Community found: private\n Community found: public\n \n Note: You can also receive messages like \\\u003cUNIVERSAL\\\u003e \\\u003cclass\n 'scapy.asn1.asn1.ASN1\\_Class\\_metaclass'\\\u003e, I don't know how to supress\n them for now.\n \n Options:\n -p INTEGER Port to use\n -c TEXT Community (default: list of most used)\n -s Stop after first match\n -v Verbose\n --help Show this message and exit.\n \n\nhabu.crypto.fernet\n------------------\n\n.. code-block::\n\n Usage: habu.crypto.fernet [OPTIONS]\n \n Fernet cipher.\n \n Uses AES-128-CBC with HMAC\n \n Note: You must use a key to cipher with Fernet.\n \n Use the -k paramenter or set the FERNET_KEY configuration value.\n \n The keys can be generated with the command habu.crypto.fernet.genkey\n \n Reference: https://github.com/fernet/spec/blob/master/Spec.md\n \n Example:\n \n $ \"I want to protect this string\" | habu.crypto.fernet\n gAAAAABbXnCGoCULLuVNRElYTbEcwnek9iq5jBKq9JAN3wiiBUzPqpUgV5oWvnC6xfIA...\n \n $ echo gAAAAABbXnCGoCULLuVNRElYTbEcwnek9iq5jBKq9JAN3wiiBUzPqpUgV5oWvnC6xfIA... | habu.crypto.fernet -d\n I want to protect this string\n \n Options:\n -k TEXT Key\n -d Decrypt instead of encrypt\n --ttl INTEGER Time To Live for timestamp verification\n -i FILENAME Input file (default: stdin)\n -o FILENAME Output file (default: stdout)\n --help Show this message and exit.\n \n\nhabu.crypto.fernet.genkey\n-------------------------\n\n.. code-block::\n\n Usage: habu.crypto.fernet.genkey [OPTIONS]\n \n Generate a new Fernet Key, optionally write it to ~/.habu.json\n \n Example:\n \n $ habu.crypto.fernet.genkey\n xgvWCIvjwe9Uq7NBvwO796iI4dsGD623QOT9GWqnuhg=\n \n Options:\n -w Write this key to ~/.habu.json\n --help Show this message and exit.\n \n\nhabu.crypto.gppref\n------------------\n\n.. code-block::\n\n Usage: habu.crypto.gppref [OPTIONS] PASSWORD\n \n Decrypt the password of local users added via Windows 2008 Group Policy\n Preferences.\n \n This value is the 'cpassword' attribute embedded in the Groups.xml file,\n stored in the domain controller's Sysvol share.\n \n Example:\n \n # habu.crypto.gppref AzVJmXh/J9KrU5n0czX1uBPLSUjzFE8j7dOltPD8tLk\n testpassword\n \n Options:\n --help Show this message and exit.\n \n\nhabu.crypto.hasher\n------------------\n\n.. code-block::\n\n Usage: habu.crypto.hasher [OPTIONS] [F]\n \n Compute various hashes for the input data, that can be a file or a stream.\n \n Example:\n \n $ habu.crypto.hasher README.rst\n md5 992a833cd162047daaa6a236b8ac15ae README.rst\n ripemd160 0566f9141e65e57cae93e0e3b70d1d8c2ccb0623 README.rst\n sha1 d7dbfd2c5e2828eb22f776550c826e4166526253 README.rst\n sha256 6bb22d927e1b6307ced616821a1877b6cc35e... README.rst\n sha512 8743f3eb12a11cf3edcc16e400fb14d599b4a... README.rst\n whirlpool 96bcc083242e796992c0f3462f330811f9e8c... README.rst\n \n You can also specify which algorithm to use. In such case, the output is\n only the value of the calculated hash:\n \n $ habu.hasher -a md5 README.rst\n 992a833cd162047daaa6a236b8ac15ae README.rst\n \n Options:\n -a [md5|sha1|sha256|sha512|ripemd160|whirlpool]\n Only this algorithm (Default: all)\n --help Show this message and exit.\n \n\nhabu.crypto.xor\n---------------\n\n.. code-block::\n\n Usage: habu.crypto.xor [OPTIONS]\n \n XOR cipher.\n \n Note: XOR is not a 'secure cipher'. If you need strong crypto you must use\n algorithms like AES. You can use habu.fernet for that.\n \n Example:\n \n $ habu.xor -k mysecretkey -i /bin/ls \u003e xored\n $ habu.xor -k mysecretkey -i xored \u003e uxored\n $ sha1sum /bin/ls uxored\n $ 6fcf930fcee1395a1c95f87dd38413e02deff4bb /bin/ls\n $ 6fcf930fcee1395a1c95f87dd38413e02deff4bb uxored\n \n Options:\n -k TEXT Encryption key\n -i FILENAME Input file (default: stdin)\n -o FILENAME Output file (default: stdout)\n --help Show this message and exit.\n \n\nhabu.data.enrich\n----------------\n\n.. code-block::\n\n Usage: habu.data.enrich [OPTIONS]\n \n Enrich data adding interesting information.\n \n Example:\n \n $ cat /var/log/auth.log | habu.data.extract.ipv4 | habu.data.enrich\n [\n {\n \"asset\": \"8.8.8.8\",\n \"family\": \"IPAddress\",\n \"asn\": \"15169\",\n \"net\": \"8.8.8.0/24\",\n \"cc\": \"US\",\n \"rir\": \"ARIN\",\n \"asname\": \"GOOGLE - Google LLC, US\"\n },\n {\n \"asset\": \"8.8.4.4\",\n \"family\": \"IPAddress\",\n \"asn\": \"15169\",\n \"net\": \"8.8.4.0/24\",\n \"cc\": \"US\",\n \"rir\": \"ARIN\",\n \"asname\": \"GOOGLE - Google LLC, US\"\n }\n ]\n \n Options:\n -i FILENAME Input file (Default: stdin)\n -v Verbose output\n --help Show this message and exit.\n \n\nhabu.data.extract.domain\n------------------------\n\n.. code-block::\n\n Usage: habu.data.extract.domain [OPTIONS] [INFILE]\n \n Extract valid domains from a file or stdin.\n \n Optionally, check each domain for the presence of NS registers.\n \n Example:\n \n $ cat /var/log/some.log | habu.data.extract.domain -c\n google.com\n ibm.com\n redhat.com\n \n Options:\n -c Check if domain has NS servers defined\n -v Verbose output\n -j JSON output\n --help Show this message and exit.\n \n\nhabu.data.extract.email\n-----------------------\n\n.. code-block::\n\n Usage: habu.data.extract.email [OPTIONS] [INFILE]\n \n Extract email addresses from a file or stdin.\n \n Example:\n \n $ cat /var/log/auth.log | habu.data.extract.email\n john@securetia.com\n raven@acmecorp.net\n nmarks@fimax.com\n \n Options:\n -v Verbose output\n -j JSON output\n --help Show this message and exit.\n \n\nhabu.data.extract.fqdn\n----------------------\n\n.. code-block::\n\n Usage: habu.data.extract.fqdn [OPTIONS] [INFILE]\n \n Extract FQDNs (Fully Qualified Domain Names) from a file or stdin.\n \n Example:\n \n $ cat /var/log/some.log | habu.data.extract.fqdn\n www.google.com\n ibm.com\n fileserver.redhat.com\n \n Options:\n -c Check if hostname resolves\n -v Verbose output\n -j JSON output\n --help Show this message and exit.\n \n\nhabu.data.extract.ipv4\n----------------------\n\n.. code-block::\n\n Usage: habu.data.extract.ipv4 [OPTIONS] [INFILE]\n \n Extract IPv4 addresses from a file or stdin.\n \n Example:\n \n $ cat /var/log/auth.log | habu.data.extract.ipv4\n 172.217.162.4\n 23.52.213.96\n 190.210.43.70\n \n Options:\n -j, --json JSON output\n -u, --unique Remove duplicates\n -v Verbose output\n --help Show this message and exit.\n \n\nhabu.data.filter\n----------------\n\n.. code-block::\n\n Usage: habu.data.filter [OPTIONS] FIELD [gt|lt|eq|ne|ge|le|in|contains|defin\n ed|undefined|true|false] [VALUE]\n \n Filter data based on operators.\n \n Operator Reference:\n \n gt: Greater than\n lt: Lesser than\n eq: Equal to\n ne: Not equal to\n ge: Greather or equal than\n le: Lesser or equal than\n in: Inside the list of values (or inside the network)\n contains: Contains the value (or the network address)\n defined: The value is defined\n undefined: The value is not defined\n true: The value is True\n false: The value is False\n \n Example:\n \n $ cat /var/log/auth.log | habu.data.extract.ipv4 | habu.data.enrich | habu.data.filter cc eq US\n [\n {\n \"item\": \"8.8.8.8\",\n \"family\": \"ipv4_address\",\n \"asn\": \"15169\",\n \"net\": \"8.8.8.0/24\",\n \"cc\": \"US\",\n \"rir\": \"ARIN\",\n \"asname\": \"GOOGLE - Google LLC, US\"\n }\n ]\n \n Docs: https://fportantier.github.io/hacking-with-habu/user/data-manipulation.html#data-enrichment\n \n Options:\n -i FILENAME Input file (Default: stdin)\n -v Verbose output\n --not Negate the comparison\n --help Show this message and exit.\n \n\nhabu.data.select\n----------------\n\n.. code-block::\n\n Usage: habu.data.select [OPTIONS] FIELD\n \n Select a field from a JSON input.\n \n Example:\n \n $ cat /var/log/auth.log | habu.data.extract.ipv4 | habu.data.enrich | habu.data.filter cc eq US | habu.data.select asset\n 8.8.8.7\n 8.8.8.8\n 8.8.8.9\n \n Options:\n -i FILENAME Input file (Default: stdin)\n -v Verbose output\n --json JSON output\n --help Show this message and exit.\n \n\nhabu.dhcp.discover\n------------------\n\n.. code-block::\n\n Usage: habu.dhcp.discover [OPTIONS]\n \n Send a DHCP request and show what devices has replied.\n \n Note: Using '-v' you can see all the options (like DNS servers) included\n on the responses.\n \n # habu.dhcp_discover\n Ether / IP / UDP 192.168.0.1:bootps \u003e 192.168.0.5:bootpc / BOOTP / DHCP\n \n Options:\n -i TEXT Interface to use\n -t INTEGER Time (seconds) to wait for responses\n -v Verbose output\n --help Show this message and exit.\n \n\nhabu.dhcp.starvation\n--------------------\n\n.. code-block::\n\n Usage: habu.dhcp.starvation [OPTIONS]\n \n Send multiple DHCP requests from forged MAC addresses to fill the DHCP\n server leases.\n \n When all the available network addresses are assigned, the DHCP server\n don't send responses.\n \n So, some attacks, like DHCP spoofing, can be made.\n \n # habu.dhcp_starvation\n Ether / IP / UDP 192.168.0.1:bootps \u003e 192.168.0.6:bootpc / BOOTP / DHCP\n Ether / IP / UDP 192.168.0.1:bootps \u003e 192.168.0.7:bootpc / BOOTP / DHCP\n Ether / IP / UDP 192.168.0.1:bootps \u003e 192.168.0.8:bootpc / BOOTP / DHCP\n \n Options:\n -i TEXT Interface to use\n -t INTEGER Time (seconds) to wait for responses\n -s INTEGER Time (seconds) between requests\n -v Verbose output\n --help Show this message and exit.\n \n\nhabu.dns.lookup.forward\n-----------------------\n\n.. code-block::\n\n Usage: habu.dns.lookup.forward [OPTIONS] HOSTNAME\n \n Perform a forward lookup of a given hostname.\n \n Example:\n \n $ habu.dns.lookup.forward google.com\n {\n \"ipv4\": \"172.217.168.46\",\n \"ipv6\": \"2a00:1450:400a:802::200e\"\n }\n \n Options:\n -v Verbose output\n --help Show this message and exit.\n \n\nhabu.dns.lookup.reverse\n-----------------------\n\n.. code-block::\n\n Usage: habu.dns.lookup.reverse [OPTIONS] IP_ADDRESS\n \n Perform a reverse lookup of a given IP address.\n \n Example:\n \n $ $ habu.dns.lookup.reverse 8.8.8.8\n {\n \"hostname\": \"google-public-dns-a.google.com\"\n }\n \n Options:\n -v Verbose output\n --help Show this message and exit.\n \n\nhabu.eicar\n----------\n\n.. code-block::\n\n Usage: habu.eicar [OPTIONS]\n \n Print the EICAR test string that can be used to test antimalware engines.\n \n More info: http://www.eicar.org/86-0-Intended-use.html\n \n Example:\n \n $ habu.eicar\n X5O!P%@AP[4\\XZP54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*\n \n Options:\n --help Show this message and exit.\n \n\nhabu.forkbomb\n-------------\n\n.. code-block::\n\n Usage: habu.forkbomb [OPTIONS] [bash|batch|c|haskell|perl|php|python|ruby]\n \n A shortcut to remember how to use fork bombs in different languages.\n \n Currently supported: bash, batch, c, haskell, perl, php, python, ruby.\n \n Example:\n \n $ habu.forkbomb c\n #include \u003cunistd.h\u003e\n int main()\n {\n while(1)\n {\n fork();\n }\n return 0;\n }\n \n Options:\n --help Show this message and exit.\n \n\nhabu.fqdn.finder\n----------------\n\n.. code-block::\n\n Usage: habu.fqdn.finder [OPTIONS] [DOMAINS]...\n \n Uses various techniques to obtain valid FQDNs for the specified domains.\n \n 1. Try to all FQDNs with DNS zone transfers\n 2. Check for Certificate Transparency Logs\n 3. Connect to specified ports, obtain SSL certificates and get FQDNs from them\n 4. Connect to websites and get FQDNs based on the website links\n 5. DNS Brute Force for common names\n \n The results are cleaned to remove FQDNs that does not resolve by DNS\n \n Example:\n \n $ habu.fqdn.finder educacionit.com\n barometrosalarial.educacionit.com\n blog.educacionit.com\n ci.educacionit.com\n educacionit.com\n intranet.educacionit.com\n lecdev.educacionit.com\n lecweb.educacionit.com\n mail.educacionit.com\n plantillas.educacionit.com\n www.educacionit.com\n \n Options:\n -t FLOAT Time to wait for each connection\n -v Verbose output\n --debug Debug output\n --connect / --no-connect Get from known FQDNs open ports SSL certificates\n --brute / --no-brute Run DNS brute force against domains\n --links / --no-links Extract FQDNs from web site links\n --xfr / --no-xfr Try to do a DNS zone transfer against domains\n --ctlog / --no-ctlog Try to get FQDNs from Certificate Transparency\n Logs\n \n --json Print the output in JSON format\n --help Show this message and exit.\n \n\nhabu.gateway.find\n-----------------\n\n.. code-block::\n\n Usage: habu.gateway.find [OPTIONS] NETWORK\n \n Try to reach an external IP using any host has a router.\n \n Useful to find routers in your network.\n \n First, uses arping to detect alive hosts and obtain MAC addresses.\n \n Later, create a network packet and put each MAC address as destination.\n \n Last, print the devices that forwarded correctly the packets.\n \n Example:\n \n # habu.find.gateway 192.168.0.0/24\n 192.168.0.1 a4:08:f5:19:17:a4 Sagemcom\n 192.168.0.7 b0:98:2b:5d:22:70 Sagemcom\n 192.168.0.8 b0:98:2b:5d:1f:e8 Sagemcom\n \n Options:\n -i TEXT Interface to use\n --host TEXT Host to reach (default: 8.8.8.8)\n --tcp Use TCP instead of ICMP\n --dport INTEGER RANGE Destination port for TCP (default: 80)\n --timeout INTEGER Timeout in seconds (default: 5)\n -v Verbose output\n --help Show this message and exit.\n \n\nhabu.host\n---------\n\n.. code-block::\n\n Usage: habu.host [OPTIONS]\n \n Collect information about the host where habu is running.\n \n Example:\n \n $ habu.host\n {\n \"kernel\": [\n \"Linux\",\n \"demo123\",\n \"5.0.6-200.fc29.x86_64\",\n \"#1 SMP Wed Apr 3 15:09:51 UTC 2019\",\n \"x86_64\",\n \"x86_64\"\n ],\n \"distribution\": [\n \"Fedora\",\n \"29\",\n \"Twenty Nine\"\n ],\n \"libc\": [\n \"glibc\",\n \"2.2.5\"\n ],\n \"arch\": \"x86_64\",\n \"python_version\": \"3.7.3\",\n \"os_name\": \"Linux\",\n \"cpu\": \"x86_64\",\n \"static_hostname\": \"demo123\",\n \"fqdn\": \"demo123.lab.sierra\"\n }\n \n Options:\n -v Verbose output.\n --help Show this message and exit.\n \n\nhabu.http.headers\n-----------------\n\n.. code-block::\n\n Usage: habu.http.headers [OPTIONS] SERVER\n \n Retrieve the HTTP headers of a web server.\n \n Example:\n \n $ habu.http.headers http://duckduckgo.com\n {\n \"Server\": \"nginx\",\n \"Date\": \"Sun, 14 Apr 2019 00:00:55 GMT\",\n \"Content-Type\": \"text/html\",\n \"Content-Length\": \"178\",\n \"Connection\": \"keep-alive\",\n \"Location\": \"https://duckduckgo.com/\",\n \"X-Frame-Options\": \"SAMEORIGIN\",\n \"Content-Security-Policy\": \"default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'\",\n \"X-XSS-Protection\": \"1;mode=block\",\n \"X-Content-Type-Options\": \"nosniff\",\n \"Referrer-Policy\": \"origin\",\n \"Expect-CT\": \"max-age=0\",\n \"Expires\": \"Mon, 13 Apr 2020 00:00:55 GMT\",\n \"Cache-Control\": \"max-age=31536000\"\n }\n \n Options:\n -v Verbose output\n --help Show this message and exit.\n \n\nhabu.http.options\n-----------------\n\n.. code-block::\n\n Usage: habu.http.options [OPTIONS] SERVER\n \n Retrieve the available HTTP methods of a web server.\n \n Example:\n \n $ habu.http.options -v http://google.com\n {\n \"allowed\": \"GET, HEAD\"\n }\n \n Options:\n -v Verbose output\n --help Show this message and exit.\n \n\nhabu.http.tech\n--------------\n\n.. code-block::\n\n Usage: habu.http.tech [OPTIONS] URL\n \n Uses Wappalyzer apps.json database to identify technologies used on a web\n application.\n \n Reference: https://github.com/AliasIO/Wappalyzer\n \n Note: This tool only sends one request. So, it's stealth and not\n suspicious.\n \n $ habu.web.tech https://woocomerce.com\n Google Tag Manager unknown\n MySQL unknown\n Nginx unknown\n PHP unknown\n Prototype unknown\n RequireJS unknown\n WooCommerce 3.8.0\n WordPress 5.2.4\n Yoast SEO 10.0.1\n \n Options:\n --cache / --no-cache\n --format [txt|csv|json] Output format\n -v Verbose output\n --help Show this message and exit.\n \n\nhabu.icmp.ping\n--------------\n\n.. code-block::\n\n Usage: habu.icmp.ping [OPTIONS] IP\n \n The classic ping tool that send ICMP echo requests.\n \n # habu.icmp.ping 8.8.8.8\n IP / ICMP 8.8.8.8 \u003e 192.168.0.5 echo-reply 0 / Padding\n IP / ICMP 8.8.8.8 \u003e 192.168.0.5 echo-reply 0 / Padding\n IP / ICMP 8.8.8.8 \u003e 192.168.0.5 echo-reply 0 / Padding\n IP / ICMP 8.8.8.8 \u003e 192.168.0.5 echo-reply 0 / Padding\n \n Options:\n -i TEXT Wich interface to use (default: auto)\n -c INTEGER How many packets send (default: infinit)\n -t INTEGER Timeout in seconds (default: 2)\n -w INTEGER How many seconds between packets (default: 1)\n -v Verbose\n --help Show this message and exit.\n \n\nhabu.ip.asn\n-----------\n\n.. code-block::\n\n Usage: habu.ip.asn [OPTIONS] IP\n \n Use Team Cymru ip2asn service to get information about a public IPv4/IPv6.\n \n Reference: https://www.team-cymru.com/IP-ASN-mapping.html\n \n $ habu.ip.asn 8.8.8.8\n {\n \"asn\": \"15169\",\n \"net\": \"8.8.8.0/24\",\n \"cc\": \"US\",\n \"rir\": \"ARIN\",\n \"asname\": \"GOOGLE - Google LLC, US\",\n \"country\": \"United States\"\n }\n \n Options:\n --help Show this message and exit.\n \n\nhabu.ip.geolocation\n-------------------\n\n.. code-block::\n\n Usage: habu.ip.geolocation [OPTIONS] IP_ADDRESS\n \n Get the geolocation of an IP adddress from https://ipapi.co/.\n \n Example:\n \n $ habu.ip.geolocation 8.8.8.8\n {\n \"ip\": \"8.8.8.8\",\n \"city\": \"Mountain View\",\n ...\n \"asn\": \"AS15169\",\n \"org\": \"Google LLC\"\n }\n \n Options:\n -v Verbose output.\n --help Show this message and exit.\n \n\nhabu.ip.internal\n----------------\n\n.. code-block::\n\n Usage: habu.ip.internal [OPTIONS]\n \n Get the local IP address(es) of the local interfaces.\n \n Example:\n \n $ habu.ip.internal\n {\n \"lo\": {\n \"ipv4\": [\n {\n \"addr\": \"127.0.0.1\",\n \"netmask\": \"255.0.0.0\",\n \"peer\": \"127.0.0.1\"\n }\n ],\n \"link_layer\": [\n {\n \"addr\": \"00:00:00:00:00:00\",\n \"peer\": \"00:00:00:00:00:00\"\n }\n ],\n \"ipv6\": [\n {\n \"addr\": \"::1\",\n \"netmask\": \"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128\"\n }\n ]\n },\n ...\n \n Options:\n -v Verbose output.\n --help Show this message and exit.\n \n\nhabu.ip.public\n--------------\n\n.. code-block::\n\n Usage: habu.ip.public [OPTIONS]\n \n Get the public IP address of the connection from https://api.ipify.org.\n \n Example:\n \n $ habu.ip.public\n 80.219.53.185\n \n Options:\n -4, --ipv4 Print your public IPv4 address (default)\n -6, --ipv6 Print your public IPv6 address\n -j, --json Print the output in JSON format\n --help Show this message and exit.\n \n\nhabu.karma\n----------\n\n.. code-block::\n\n Usage: habu.karma [OPTIONS] HOST\n \n Use the Karma service https://karma.securetia.com to check an IP against\n various Threat Intelligence / Reputation lists.\n \n $ habu.karma www.google.com\n www.google.com -\u003e 64.233.190.99\n [\n \"hphosts_fsa\",\n \"hphosts_psh\",\n \"hphosts_emd\"\n ]\n \n Note: You can use the hostname or the IP of the host to query.\n \n Options:\n --help Show this message and exit.\n \n\nhabu.karma.bulk\n---------------\n\n.. code-block::\n\n Usage: habu.karma.bulk [OPTIONS] [INFILE]\n \n Show which IP addresses are inside blacklists using the Karma online\n service.\n \n Example:\n \n $ cat /var/log/auth.log | habu.extract.ipv4 | habu.karma.bulk\n 172.217.162.4 spamhaus_drop,alienvault_spamming\n 23.52.213.96 CLEAN\n 190.210.43.70 alienvault_malicious\n \n Options:\n --json JSON output\n --bad Show only entries in blacklists\n -v Verbose output\n --help Show this message and exit.\n \n\nhabu.land\n---------\n\n.. code-block::\n\n Usage: habu.land [OPTIONS] IP\n \n This command implements the LAND attack, that sends packets forging the\n source IP address to be the same that the destination IP. Also uses the\n same source and destination port.\n \n The attack is very old, and can be used to make a Denial of Service on old\n systems, like Windows NT 4.0. More information here:\n https://en.wikipedia.org/wiki/LAND\n \n # sudo habu.land 172.16.0.10\n ............\n \n Note: Each dot (.) is a sent packet. You can specify how many packets send\n with the '-c' option. The default is never stop. Also, you can specify the\n destination port, with the '-p' option.\n \n Options:\n -c INTEGER How many packets send (default: infinit)\n -p INTEGER Port to use (default: 135)\n -i TEXT Interface to use\n -v Verbose\n --help Show this message and exit.\n \n\nhabu.nc\n-------\n\n.. code-block::\n\n Usage: habu.nc [OPTIONS] HOST PORT\n \n Some kind of netcat/ncat replacement.\n \n The execution emulates the feeling of this popular tools.\n \n Example:\n \n $ habu.nc --crlf www.portantier.com 80\n Connected to 45.77.113.133 80\n HEAD / HTTP/1.0\n \n HTTP/1.0 301 Moved Permanently\n Date: Thu, 26 Jul 2018 21:10:51 GMT\n Server: OpenBSD httpd\n Connection: close\n Content-Type: text/html\n Content-Length: 443\n Location: https://www.portantier.com/\n \n Options:\n --family [4|6|46] IP Address Family\n --ssl Enable SSL\n --crlf Use CRLF for EOL sequence\n --protocol [tcp|udp] Layer 4 protocol to use\n --source-ip TEXT Source IP to use\n --source-port INTEGER RANGE Source port to use\n --help Show this message and exit.\n \n\nhabu.net.contest\n----------------\n\n.. code-block::\n\n Usage: habu.net.contest [OPTIONS]\n \n Try to connect to various services and check if can reach them using your\n internet connection.\n \n Example:\n \n $ habu.net.contest\n DNS: True\n FTP: True\n SSH: True\n HTTP: True\n HTTPS: True\n \n Options:\n --help Show this message and exit.\n \n\nhabu.net.interfaces\n-------------------\n\n.. code-block::\n\n Usage: habu.net.interfaces [OPTIONS]\n \n Show the network interfaces available on the system.\n \n Example:\n \n # habu.interfaces\n # NAME MAC INET INET6\n 0 eth0 80:fa:5b:4b:f9:18 None None\n 1 lo 00:00:00:00:00:00 127.0.0.1 ::1\n 2 wlan0 f4:96:34:e5:ae:1b 192.168.0.6 None\n 3 vboxnet0 0a:00:27:00:00:00 192.168.56.1 fe80::800:27ff:fe00:0\n \n Options:\n -j Output in JSON format\n --help Show this message and exit.\n \n\nhabu.nmap.excluded\n------------------\n\n.. code-block::\n\n Usage: habu.nmap.excluded [OPTIONS]\n \n Prints a random port that is not present on nmap-services file so is not\n scanned automatically by nmap.\n \n Useful for services like SSH or RDP, that are continuously scanned on\n their default ports.\n \n Example:\n \n # habu.nmap.excluded\n 58567\n \n Options:\n -l INTEGER RANGE Lowest port to consider\n -h INTEGER RANGE Highest port to consider\n --help Show this message and exit.\n \n\nhabu.nmap.open\n--------------\n\n.. code-block::\n\n Usage: habu.nmap.open [OPTIONS] SCANFILE\n \n Read an nmap report and print the open ports.\n \n Print the ports that has been resulted open reading the generated nmap\n output.\n \n You can use it to rapidly reutilize the port list for the input of other\n tools.\n \n Supports and detects the 3 output formats (nmap, gnmap and xml)\n \n Example:\n \n # habu.nmap.open portantier.nmap\n 22,80,443\n \n Options:\n -p [tcp|udp|sctp] The protocol (default=tcp)\n --help Show this message and exit.\n \n\nhabu.nmap.ports\n---------------\n\n.. code-block::\n\n Usage: habu.nmap.ports [OPTIONS] SCANFILE\n \n Read an nmap report and print the tested ports.\n \n Print the ports that has been tested reading the generated nmap output.\n \n You can use it to rapidly reutilize the port list for the input of other\n tools.\n \n Supports and detects the 3 output formats (nmap, gnmap and xml)\n \n Example:\n \n # habu.nmap.ports portantier.nmap\n 21,22,23,80,443\n \n Options:\n -p [tcp|udp|sctp] The protocol (default=tcp)\n --help Show this message and exit.\n \n\nhabu.protoscan\n--------------\n\n.. code-block::\n\n Usage: habu.protoscan [OPTIONS] IP\n \n Send IP packets with different protocol field content to guess what layer\n 4 protocols are available.\n \n The output shows which protocols doesn't generate a 'protocol-unreachable'\n ICMP response.\n \n Example:\n \n $ sudo python cmd_ipscan.py 45.77.113.133\n 1 icmp\n 2 igmp\n 4 ipencap\n 6 tcp\n 17 udp\n 41 ipv6\n 47 gre\n 50 esp\n 51 ah\n 58 ipv6_icmp\n 97 etherip\n 112 vrrp\n 115 l2tp\n 132 sctp\n 137 mpls_in_ip\n \n Options:\n -i TEXT Interface to use\n -t INTEGER Timeout for each probe (default: 2 seconds)\n --all Probe all protocols (default: Defined in /etc/protocols)\n -v Verbose output\n --help Show this message and exit.\n \n\nhabu.server.ftp\n---------------\n\n.. code-block::\n\n Usage: habu.server.ftp [OPTIONS]\n \n Basic fake FTP server, whith the only purpose to steal user credentials.\n \n Supports SSL/TLS.\n \n Example:\n \n # sudo habu.server.ftp --ssl --ssl-cert /tmp/cert.pem --ssl-key /tmp/key.pem\n Listening on port 21\n Accepted connection from ('192.168.0.27', 56832)\n Credentials collected from 192.168.0.27! fabian 123456\n \n Options:\n -a TEXT Address to bind (default: all)\n -p INTEGER Which port to use (default: 21)\n --ssl Enable SSL/TLS (default: False)\n --ssl-cert TEXT SSL/TLS Cert file\n --ssl-key TEXT SSL/TLS Key file\n -v Verbose\n --help Show this message and exit.\n \n\nhabu.shodan\n-----------\n\n.. code-block::\n\n Usage: habu.shodan [OPTIONS] IP\n \n Simple shodan API client.\n \n Prints the JSON result of a shodan query.\n \n Example:\n \n $ habu.shodan 216.58.222.36\n asn AS15169\n isp Google\n hostnames eze04s06-in-f4.1e100.net, gru09s17-in-f36.1e100.net\n country_code US\n region_code CA\n city Mountain View\n org Google\n open_ports tcp/443, tcp/80\n \n Options:\n --cache / --no-cache\n -v Verbose output\n --format [txt|csv|json|nmap] Output format\n --help Show this message and exit.\n \n\nhabu.shodan.query\n-----------------\n\n.. code-block::\n\n Usage: habu.shodan.query [OPTIONS] QUERY\n \n Simple shodan API client.\n \n Prints the JSON result of a shodan query.\n \n Example:\n \n $ habu.shodan 8.8.8.8\n {\n \"hostnames\": [\n \"google-public-dns-a.google.com\"\n ],\n \"country_code\": \"US\",\n \"org\": \"Google\",\n \"data\": [\n {\n \"isp\": \"Google\",\n \"transport\": \"udp\",\n \"data\": \"Recursion: enabled\",\n \"asn\": \"AS15169\",\n \"port\": 53,\n \"hostnames\": [\n \"google-public-dns-a.google.com\"\n ]\n }\n ],\n \"ports\": [\n 53\n ]\n }\n \n Options:\n -c Disable cache\n -v Verbose output\n -o FILENAME Output file (default: stdout)\n --help Show this message and exit.\n \n\nhabu.tcp.flags\n--------------\n\n.. code-block::\n\n Usage: habu.tcp.flags [OPTIONS] IP\n \n Send TCP packets with different flags and tell what responses receives.\n \n It can be used to analyze how the different TCP/IP stack implementations\n and configurations responds to packet with various flag combinations.\n \n Example:\n \n # habu.tcp_flags www.portantier.com\n S -\u003e SA\n FS -\u003e SA\n FA -\u003e R\n SA -\u003e R\n \n By default, the command sends all possible flag combinations. You can\n specify which flags must ever be present (reducing the quantity of\n possible combinations), with the option '-f'.\n \n Also, you can specify which flags you want to be present on the response\n packets to show, with the option '-r'.\n \n With the next command, you see all the possible combinations that have the\n FIN (F) flag set and generates a response that contains the RST (R) flag.\n \n Example:\n \n # habu.tcp_flags -f F -r R www.portantier.com\n FPA -\u003e R\n FSPA -\u003e R\n FAU -\u003e R\n \n Options:\n -p INTEGER Port to use (default: 80)\n -f TEXT Flags that must be sent ever (default: fuzz with all flags)\n -r TEXT Filter by response flags (default: show all responses)\n -v Verbose\n --first Stop on first response that matches\n --help Show this message and exit.\n \n\nhabu.tcp.isn\n------------\n\n.. code-block::\n\n Usage: habu.tcp.isn [OPTIONS] IP\n \n Create TCP connections and print the TCP initial sequence numbers for each\n one.\n \n $ sudo habu.tcp.isn -c 5 www.portantier.com\n 1962287220\n 1800895007\n 589617930\n 3393793979\n 469428558\n \n Note: You can get a graphical representation (needs the matplotlib\n package) using the '-g' option to better understand the randomness.\n \n Options:\n -p INTEGER Port to use (default: 80)\n -c INTEGER How many packets to send/receive (default: 5)\n -i TEXT Interface to use\n -g Graph (requires matplotlib)\n -v Verbose output\n --help Show this message and exit.\n \n\nhabu.tcp.scan\n-------------\n\n.. code-block::\n\n Usage: habu.tcp.scan [OPTIONS] IP\n \n TCP Port Scanner.\n \n Print the ports that generated a response with the SYN flag or (if show\n use -a) all the ports that generated a response.\n \n It's really basic compared with nmap, but who is comparing?\n \n Example:\n \n # habu.tcp.scan -p 22,23,80,443 -s 1 45.77.113.133\n 22 S -\u003e SA\n 80 S -\u003e SA\n 443 S -\u003e SA\n \n Options:\n -p TEXT Ports to use (default: 80) example: 20-23,80,135\n -i TEXT Interface to use\n -f TEXT Flags to use (default: S)\n -s TEXT Time between probes (default: send all together)\n -t INTEGER Timeout for each probe (default: 2 seconds)\n -a Show all responses (default: Only containing SYN flag)\n -v Verbose output\n --help Show this message and exit.\n \n\nhabu.tcp.synflood\n-----------------\n\n.. code-block::\n\n Usage: habu.tcp.synflood [OPTIONS] IP\n \n Launch a lot of TCP connections and keeps them opened.\n \n Some very old systems can suffer a Denial of Service with this.\n \n Reference: https://en.wikipedia.org/wiki/SYN_flood\n \n Example:\n \n # sudo habu.tcp.synflood 172.16.0.10\n .................\n \n Each dot is a packet sent.\n \n You can use the options '-2' and '-3' to forge the layer 2/3 addresses.\n \n If you use them, each connection will be sent from a random layer2 (MAC)\n and/or layer3 (IP) address.\n \n You can choose the number of connections to create with the option '-c'.\n The default is never stop creating connections.\n \n Note: If you send the packets from your real IP address and you want to\n keep the connections half-open, you need to setup for firewall to don't\n send the RST packets.\n \n Options:\n -i TEXT Wich interface to use (default: auto)\n -c INTEGER How many packets send (default: infinit)\n -p INTEGER Port to use (default: 135)\n -2 Forge layer2/MAC address (default: No)\n -3 Forge layer3/IP address (default: No)\n -v Verbose\n --help Show this message and exit.\n \n\nhabu.traceroute\n---------------\n\n.. code-block::\n\n Usage: habu.traceroute [OPTIONS] IP\n \n TCP traceroute.\n \n Identify the path to a destination getting the ttl-zero-during-transit\n messages.\n \n Note: On the internet, you can have various valid paths to a device.\n \n Example:\n \n # habu.traceroute 45.77.113.133\n IP / ICMP 192.168.0.1 \u003e 192.168.0.5 time-exceeded ttl-zero-during-transit / IPerror / TCPerror\n IP / ICMP 10.242.4.197 \u003e 192.168.0.5 time-exceeded ttl-zero-during-transit / IPerror / TCPerror / Padding\n IP / ICMP 200.32.127.98 \u003e 192.168.0.5 time-exceeded ttl-zero-during-transit / IPerror / TCPerror / Padding\n .\n IP / ICMP 4.16.180.190 \u003e 192.168.0.5 time-exceeded ttl-zero-during-transit / IPerror / TCPerror\n .\n IP / TCP 45.77.113.133:http \u003e 192.168.0.5:ftp_data SA / Padding\n \n Note: It's better if you use a port that is open on the remote system.\n \n Options:\n -p INTEGER Port to use (default: 80)\n -i TEXT Interface to use\n --help Show this message and exit.\n \n\nhabu.upgrade\n------------\n\n.. code-block::\n\n Usage: habu.upgrade [OPTIONS]\n \n Upgrade habu (from https://github.com/fportantier/habu)\n \n Options:\n --help Show this message and exit.\n \n\nhabu.usercheck\n--------------\n\n.. code-block::\n\n Usage: habu.usercheck [OPTIONS] USERNAME\n \n Check if the given username exists on various social networks and other\n popular sites.\n \n $ habu.usercheck portantier\n {\n \"aboutme\": \"https://about.me/portantier\",\n \"disqus\": \"https://disqus.com/by/portantier/\",\n \"github\": \"https://github.com/portantier/\",\n \"ifttt\": \"https://ifttt.com/p/portantier\",\n \"lastfm\": \"https://www.last.fm/user/portantier\",\n \"medium\": \"https://medium.com/@portantier\",\n \"pastebin\": \"https://pastebin.com/u/portantier\",\n \"pinterest\": \"https://in.pinterest.com/portantier/\",\n \"twitter\": \"https://twitter.com/portantier\",\n \"vimeo\": \"https://vimeo.com/portantier\"\n }\n \n Options:\n -c Disable cache\n -v Verbose output\n -w Open each valid url in a webbrowser\n --help Show this message and exit.\n \n\nhabu.version\n------------\n\n.. code-block::\n\n Usage: habu.version [OPTIONS]\n \n Options:\n --help Show this message and exit.\n \n\nhabu.vhosts\n-----------\n\n.. code-block::\n\n Usage: habu.vhosts [OPTIONS] HOST\n \n Use Bing to query the websites hosted on the same IP address.\n \n $ habu.vhosts www.telefonica.com\n www.telefonica.com -\u003e 212.170.36.79\n [\n 'www.telefonica.es',\n 'universitas.telefonica.com',\n 'www.telefonica.com',\n ]\n \n Options:\n -c Disable cache\n -p INTEGER Pages count (Default: 10)\n -f INTEGER First result to get (Default: 1)\n --help Show this message and exit.\n \n\nhabu.virustotal\n---------------\n\n.. code-block::\n\n Usage: habu.virustotal [OPTIONS] INPUT\n \n Send a file to VirusTotal https://www.virustotal.com/ and print the report\n in JSON format.\n \n Note: Before send a file, will check if the file has been analyzed before\n (sending the sha256 of the file), if a report exists, no submission will\n be made, and you will see the last report.\n \n $ habu.virustotal meterpreter.exe\n Verifying if hash already submitted: f4826b219aed3ffdaa23db26cfae611979bf215984fc71a1c12f6397900cb70d\n Sending file for analysis\n Waiting/retrieving the report...\n {\n \"md5\": \"0ddb015b5328eb4d0cc2b87c39c49686\",\n \"permalink\": \"https://www.virustotal.com/file/c9a2252b491641e15753a4d0c4bb30b1f9bd26ecff2c74f20a3c7890f3a1ea23/analysis/1526850717/\",\n \"positives\": 49,\n \"resource\": \"c9a2252b491641e15753a4d0c4bb30b1f9bd26ecff2c74f20a3c7890f3a1ea23\",\n \"response_code\": 1,\n \"scan_date\": \"2018-05-20 21:11:57\",\n \"scan_id\": \"c9a2252b491641e15753a4d0c4bb30b1f9bd26ecff2c74f20a3c7890f3a1ea23-1526850717\",\n \"scans\": {\n \"ALYac\": {\n \"detected\": true,\n \"result\": \"Trojan.CryptZ.Gen\",\n \"update\": \"20180520\",\n \"version\": \"1.1.1.5\"\n },\n ... The other scanners ...\n },\n \"sha1\": \"5fa33cab1729480dd023b08f7b91a945c16d0a9e\",\n \"sha256\": \"c9a2252b491641e15753a4d0c4bb30b1f9bd26ecff2c74f20a3c7890f3a1ea23\",\n \"total\": 67,\n \"verbose_msg\": \"Scan finished, information embedded\"\n }\n \n Options:\n -v Verbose output\n --help Show this message and exit.\n \n\nhabu.web.report\n---------------\n\n.. code-block::\n\n Usage: habu.web.report [OPTIONS] [INPUT_FILE]\n \n Makes a report that includes HTTP headers of websites.\n \n Optionally, uses Firefox or Chromium to take a screenshot of the websites.\n \n The expected format is one url per line.\n \n Creates a directory called 'report' with the content inside.\n \n $ echo https://www.portantier.com | habu.web.report\n \n Options:\n -v Verbose output\n -s Take a screenshot for each website\n -b [firefox|chromium-browser] Browser to use for screenshot.\n --help Show this message and exit.\n \n\nhabu.web.screenshot\n-------------------\n\n.. code-block::\n\n Usage: habu.web.screenshot [OPTIONS] URL\n \n Uses Firefox or Chromium to take a screenshot of the website.\n \n $ habu.web.screenshot https://www.portantier.com\n \n Options:\n -b [firefox|chromium-browser] Browser to use for screenshot.\n -o TEXT Output file. (default: screenshot.png)\n --help Show this message and exit.\n \n\nhabu.whois.domain\n-----------------\n\n.. code-block::\n\n Usage: habu.whois.domain [OPTIONS] DOMAIN\n \n Simple whois client to check domain names.\n \n Example:\n \n $ habu.whois.domain google.com\n registrar MarkMonitor, Inc.\n whois_server whois.markmonitor.com\n creation_date 1997-09-15 04:00:00\n expiration_date 2028-09-14 04:00:00\n name_servers ns1.google.com, ns2.google.com, ns3.google.com, ns4.google.com\n emails abusecomplaints@markmonitor.com, whoisrequest@markmonitor.com\n dnssec unsigned\n org Google LLC\n country US\n state CA\n \n Options:\n --json Print the output in JSON format\n --csv Print the output in CSV format\n --help Show this message and exit.\n \n\nhabu.whois.ip\n-------------\n\n.. code-block::\n\n Usage: habu.whois.ip [OPTIONS] IP\n \n Simple whois client to check IP addresses (IPv4 and IPv6).\n \n Example:\n \n $ habu.whois.ip 8.8.4.4\n asn 15169\n asn_registry arin\n asn_cidr 8.8.4.0/24\n asn_country_code US\n asn_description GOOGLE - Google LLC, US\n asn_date 1992-12-01\n \n Options:\n --json Print the output in JSON format\n --csv Print the output in CSV format\n --help Show this message and exit.\n \n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffportantier%2Fhabu","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffportantier%2Fhabu","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffportantier%2Fhabu/lists"}