Punter (passive hunter) helps with the first step in footprinting a domain. The idea is not to touch the target domain but passively find a good initial amount of information and put it into an easy to view report. It uses:
- DNS Dumpster
- Whois
- Reverse whois on email
- Haveibeenpwned lookup on emails found
- CRT.sh to find subdomains
- Crimeflare to uncover true IP's behind Cloudflare
Whois and DNS lookups are still done on the host, not through an API, so if you are worried about that take precautions. Otherwise, all other lookups are down using other services.
After the scan an HTML report is generated with results, just double click and open it.
pip install -r requirements.txt
Change the target to domain you are interested in:
python main.py -t google.com
- Everyone who built apis/websites this script scrapes form
- @jmingov for html fixes/putting up with my terrible scripts
- Use ping and curl API to test if host is up
- Enable Shodan scanning for each IP
- Grab html of site/headers using another service
- Net range from Whois