Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/HuntDownProject/HEDnsExtractor
A suite for hunting suspicious targets, expose domains and phishing discovery
https://github.com/HuntDownProject/HEDnsExtractor
adversarial-attacks malware-analysis phishing-detection threat-hunting threat-intelligence threatintel
Last synced: 3 days ago
JSON representation
A suite for hunting suspicious targets, expose domains and phishing discovery
- Host: GitHub
- URL: https://github.com/HuntDownProject/HEDnsExtractor
- Owner: HuntDownProject
- License: gpl-3.0
- Created: 2023-07-16T17:51:37.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-08-12T23:24:53.000Z (4 months ago)
- Last Synced: 2024-08-17T07:01:56.886Z (4 months ago)
- Topics: adversarial-attacks, malware-analysis, phishing-detection, threat-hunting, threat-intelligence, threatintel
- Language: Go
- Homepage: https://huntdownproject.github.io/
- Size: 3.09 MB
- Stars: 314
- Watchers: 6
- Forks: 41
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
- awesome-lists - HEDnsExtractor
README
HEDnsExtractor
A suite for hunting suspicious targets, expose domains and phishing discovery
## Features
* Implementing workflows with yaml 🔥
* Adds support to work with multiples domains as target 🔥
* Regex support 🥷
* VirusTotal Integration
* Adds support to work with IPv6 filters 🔥
* Extract networks based on IP/Domain
* Extract domains from networks.
# Workflows## Installation
```
go install -v github.com/HuntDownProject/hednsextractor/cmd/hednsextractor@latest
```## Usage
```bash
hednsextractor -h
``````
HEDnsExtractor - Raw html extractor from Hurricane Electric portal!Usage:
hednsextractor [flags]Flags:
CONFIGURATION:
-config string flag config file (default "/home/hunter/.config/hednsextractor/config.yaml")VIRUSTOTAL:
-vt show Virustotal score
-vt-api-key string Virustotal API Key
-vt-score string Minimum Virustotal score to show (default "0")OTHER OPTIONS:
-only-domains show only domains
-only-networks show only networks
-workflow string Workflow config
-target string IP Address or Network to query
-silent show silent output
-verbose show verbose output
```## Running
Getting the IP Addresses used for hackerone.com, and enumerating only the networks.
```bash
nslookup hackerone.com | awk '/Address: / {print $2}' | hednsextractor -silent -only-networks[INF] [104.16.99.52] 104.16.0.0/12
[INF] [104.16.99.52] 104.16.96.0/20
```Getting the IP Addresses used for hackerone.com, and enumerating only the domains (using tail to show the first 10 results).
```bash
nslookup hackerone.com | awk '/Address: / {print $2}' | hednsextractor -silent -only-domains | tail -n 10herllus.com
hezzy.store
hilariostore.com
hiperdrop.com
hippratas.online
hitsstory.com
hobbyshop.site
holyangelstore.com
holzfallerstore.fun
homedescontoo.com
```### Running with Virustotal
Edit the config file and add the Virustotal API Key
```bash
cat $HOME/.config/hednsextractor/config.yaml
``````ini
# hednsextractor config file
# generated by https://github.com/projectdiscovery/goflags# show only domains
#only-domains: false# show only networks
#only-networks: false# show virustotal score
#vt: false# minimum virustotal score to show
#vt-score: 0# ip address or network to query
#target:# show silent output
#silent: false# show verbose output
#verbose: false# virustotal api key
vt-api-key: Your API Key goes here
```So, run the `hednsextractor` with `-vt` parameter.
```bash
nslookup hackerone.com | awk '/Address: / {print $2}' | hednsextractor -only-domains -vt
```And the output will be as below
```
╭╮╱╭┳━━━┳━━━╮╱╱╱╱╱╭━━━╮╱╱╭╮╱╱╱╱╱╱╱╱╭╮
┃┃╱┃┃╭━━┻╮╭╮┃╱╱╱╱╱┃╭━━╯╱╭╯╰╮╱╱╱╱╱╱╭╯╰╮
┃╰━╯┃╰━━╮┃┃┃┣━╮╭━━┫╰━━┳╮┣╮╭╋━┳━━┳━┻╮╭╋━━┳━╮
┃╭━╮┃╭━━╯┃┃┃┃╭╮┫━━┫╭━━┻╋╋┫┃┃╭┫╭╮┃╭━┫┃┃╭╮┃╭╯
┃┃╱┃┃╰━━┳╯╰╯┃┃┃┣━━┃╰━━┳╋╋┫╰┫┃┃╭╮┃╰━┫╰┫╰╯┃┃
╰╯╱╰┻━━━┻━━━┻╯╰┻━━┻━━━┻╯╰┻━┻╯╰╯╰┻━━┻━┻━━┻╯[INF] Current hednsextractor version v1.0.0
[INF] [104.16.0.0/12] domain: ohst.ltd VT Score: 0
[INF] [104.16.0.0/12] domain: jxcraft.net VT Score: 0
[INF] [104.16.0.0/12] domain: teatimegm.com VT Score: 2
[INF] [104.16.0.0/12] domain: debugcheat.com VT Score: 0
```