Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/0xkoda/huntrs

Hunt related infrastructure accross the web. Leveraging Passive DNS, SSL certs, Reverse IP and Favicon hash search
https://github.com/0xkoda/huntrs

cloudflare dns osint pdns

Last synced: 9 days ago
JSON representation

Hunt related infrastructure accross the web. Leveraging Passive DNS, SSL certs, Reverse IP and Favicon hash search

Host: GitHub
URL: https://github.com/0xkoda/huntrs
Owner: 0xKoda
License: mit
Created: 2024-08-03T10:45:38.000Z (4 months ago)
Default Branch: main
Last Pushed: 2024-08-05T20:09:22.000Z (4 months ago)
Last Synced: 2024-08-05T23:46:20.119Z (3 months ago)
Topics: cloudflare, dns, osint, pdns
Language: Rust
Homepage:
Size: 38.1 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Huntrs: Web OSINT

Huntrs leverages OSINT techniques to identify and uncover related infrastructure. Namely, it serves 3 primary purposes, to identify origin servers of domains behind Cloudflare, identify similar hosts via fashicon hash searches, and identify domains via reverse IP lookups.

## Features

[*] Uncover origin servers of sites hidden behind Cloudflare
- Analyze SSL certificates for subdomains
- Utilize Passive DNS History to identify potential servers
- Flexible output options (console, text file)

[*] Uncover related hosts by favicon hash
- Calculate favicon murmur3 hash for a domain
- Search Shodan for related servers by hash

[*] Reverse IP lookup
- Find all domains for an IP found using pdns

### Outputs include
- Domain list
- Origin Server IP
- ASN

## Description
Cloudflare provides an additional layer of security by masking the true IP addresses of origin servers. However, if not properly configured, origin servers may still be exposed. Huntrs helps find these origin servers.

Favicon hashes provide a timeless method for uncovering potentially related servers.

## Installation

### Prerequisites

Ensure you have the latest version of Rust installed.

### Building from Source
```bash
cargo build --release
```

The binary will be available in `target/release/huntrs`.

## Usage

### Basic Syntax
```bash
huntrs [OPTIONS]
```

### Examples

1. Find origin servers for example.com:
```bash
huntrs example.com
```

2. Find origin servers by favicon hash:
```bash
huntrs example.com --favi --key
```

3. Find domains by IP:
```bash
huntrs 50.12.6.1 --rev
```

### Options

- `-o, --output `: Specify the output file
- `--use-cloudfront`: Check for Cloudfront origin servers
- `-v, --viewdns`: Use only ViewDNS history
- `-b, --both`: Use both Passive DNS sources for deeper results
- `-g, --origin`: Show only origin server information
- `--txt`: Output results to a text file
- `-h, --help`: Print help information
- `-V, --version`: Print version information
- `--favi`: Perform favicon search
- `--key `: Shodan API key for favicon search
- `-rev`: Perform reverse IP lookup on ViewDNS

## Interactive Mode

If Huntrs finds more than 5 subdomains to scan, it will prompt you to choose:
- `all`: Scan all subdomains
- `top5`: Scan only the top 5 subdomains
- `main`: Scan only the main domain

## Contributing

Contributions are welcome!

## Disclaimer

This tool is provided as is and is for educational purposes only.