Downloads, Hacking Tools, HEDnsExtractor, Threat Hunting, Threat Intelligence, Threatintel

HEDnsExtractor – Raw Html Extractor From Hurricane Electric Portal

Raw html extractor from Hurricane Electric portal

Features

  • Automatically identify IPAddr ou Networks through command line parameter or stdin
  • Extract networks based on IPAddr.
  • Extract domains from networks.

Installation

go install -v github.com/HuntDownProject/hednsextractor/cmd/hednsextractor@latest

Usage

Running

Getting the IP Addresses used for hackerone.com, and enumerating only the networks.

nslookup hackerone.com | awk '/Address: / {print $2}' | hednsextractor -silent -only-networks

[INF] [104.16.99.52] 104.16.0.0/12
[INF] [104.16.99.52] 104.16.96.0/20

Getting the IP Addresses used for hackerone.com, and enumerating only the domains (using tail to show the first 10 results).

nslookup hackerone.com | awk '/Address: / {print $2}' | hednsextractor -silent -only-domains | tail -n 10

herllus.com
hezzy.store
hilariostore.com
hiperdrop.com
hippratas.online
hitsstory.com
hobbyshop.site
holyangelstore.com
holzfallerstore.fun
homedescontoo.com

Running with Virustotal

Edit the config file and add the Virustotal API Key

cat $HOME/.config/hednsextractor/config.yaml 

<div class="highlight highlight-source-ini notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="# hednsextractor config file # generated by https://github.com/projectdiscovery/goflags # show only domains #only-domains: false # show only networks #only-networks: false # show virustotal score #vt: false # minimum virustotal score to show #vt-score: 0 # ip address or network to query #target: # show silent output #silent: false # show verbose output #verbose: false # virustotal api key vt-api-key: Your API Key goes here” dir=”auto”>

# hednsextractor config file
# generated by https://github.com/projectdiscovery/goflags

# show only domains
#only-domains: false

# show only networks
#only-networks: false

# show virustotal score
#vt: false

# minimum virustotal score to show
#vt-score: 0

# ip address or network to query
#target:

# show silent output
#silent: false

# show verbose output
#verbose: false

# virustotal api key
vt-api-key: Your API Key goes here

So, run the hednsextractor with -vt parameter.

nslookup hackerone.com | awk '/Address: / {print $2}' | hednsextractor -only-domains -vt 

And the output will be as below

 _______ ______ _ _______ _______ _________ _______ _______ _______ _________ _______ _______ 
|\ /|( ____ \( __ \ ( ( /|( ____ \( ____ \|\ /|\__ __/( ____ )( ___ )( ____ \\__ __/( ___ )( ____ )
| ) ( || ( \/| ( \ )| \ ( || ( \/| ( \/( \ / ) ) ( | ( )|| ( ) || ( \/ ) ( | ( ) || ( )|
| (___) || (__ | | ) || \ | || (_____ | (__ \ (_) / | | | (____)|| (___) || | | | | | | || (____)|
| ___ || __) | | | || (\ \) |(_____ )| __) ) _ ( | | | __)| ___ || | | | | | | || __)
| ( ) || ( | | ) || | \ | ) || ( / ( ) \ | | | (\ ( | ( ) || | | | | | | || (\ (
| ) ( || (____/\| (__/ )| ) \ |/\____) || (____/\( / \ ) | | | ) \ \__| ) ( || (____/\ | | | (___) || ) \ \__
|/ \|(_______/(______/ |/ )_)\_______)(_______/|/ \| )_( |/ \__/|/ \|(_______/ )_( (_______)|/ \__/

[INF] Current hednsextractor version v1.0.0
[INF] [104.16.0.0/12] domain: ohst.ltd VT Score: 0
[INF] [104.16.0.0/12] domain: jxcraft.net VT Score: 0
[INF] [104.16.0.0/12] domain: teatimegm.com VT Score: 2
[INF] [104.16.0.0/12] domain: debugcheat.com VT Score: 0

Source : KitPloit – PenTest Tools!

Previous ArticleNext Article
Send this to a friend