Blog | Study | Writing | Tools | Contact | About | Syndication | Search

Hostfind

This bash-based CLI tool is extremely lame simple. It appends a wordlist to the front of a domain name in order to discover additional hosts to test during a vulnerability assessment or penetration test.

This incarnation is a standalone, but I'll soon be building it into my mst tool--another one of my bash-based laziness optimization applications oriented around information security testing.

hostfind.tar.bz2
hostfind.tar.bz2.sha1
hostfind.tar.bz2.sha1.asc

Output

-------------------------------------------------------
- Hostfind -- A lame tool for finding hostnames to scan
-------------------------------------------------------

Searching google.com...

Host 66.249.83.19 not scanned
Host ns1.google.com (216.239.32.10) not scanned
Host ns1.google.com (216.239.32.10) not scanned
Host ns2.google.com (216.239.34.10) not scanned
Host proxy.google.com (216.239.37.5) not scanned
Host smtp1.google.com (216.239.57.25) not scanned

Enjoy...

Again, the goal is to add valid systems to a list to be scanned, so in practice you'll want to put this through | cut -d" " -f2 to get your list. The next version of this "module" will use host to pull DNS information and add that as well.

--

[Note: This tool, as well as the other security tools on my site, are to help authorized professionals save time during security testing. If you have authorization to scan your own systems that's fine, but please don't point my tools at systems you're not supposed to.]

Security & Technology

• XSS Explained
• Security and Obscurity
• The Diffie-Hellman Protocol
• Not All SYN Packets Are Created Equal
• The Birthday Attack
• The Hyperlink Trailing Slash Debate
• Understanding Subnetting
• Why CISSPs *DO* Need to Be Technical
• A tcpdump Primer
• Understanding Network Ports
• Windows is IE: OS X is Firefox
• 10 Infosec Interview Questions
• Security is Not a Technology Problem
• Why You Should Encrypt *ALL* of Your Google Activities
• An lsof Primer
• Using find and xargs
• A Guide to the tr Command
• How UNIX/Linux Permissions Work
• Proving the Monty Hall Puzzle in Python
• An Infosec Prediction: More Human-Based Attacks
• It's Time to Drop the "www"
• How to Pronounce "Linux"
• How to Pronounce "Ubuntu"
• How to Pronounce "OS X"
• The Pronunciation of "Rijndael"

Philosophy & Science

• Free Will: The Necessary Delusion
• Logical Conclusions to the Lack of Free Will
• Outrageous Beliefs Are NOT Equal to Claims They Are Preposterous
• How Would *YOU* Prove Evolution?
• An Atheist Debate Reference
• Was the Last Time Your Last Time?
• How I Became an Atheist
• A Letter to Religious Moderates
• What Does it Mean If We Have No Free Will?

Culture & Society

• The Nice Guy Paradox
• Socialism, Anarchy and Ideal Government
• What Every American Should Know About the Middle East
• The Bimbo and the Caveman
• Multiculturalism: Tested and Failed
• Is it Wrong to Have Children Today?
• A Logical Approach to CFR and NWO Conspiracies
• Lifecasting: What It Is and How It Will Change Society
• Why You Should Submit Your Own Content To Social Sites
• Measuring The Quality Of A Society

Blog Archives

• 1996
• 1997
• 1998
• 1999
• 2000
• 2001
• 2002
• 2003
• 2004
• 2005
• 2006
• 2007

 

Copyright © | Daniel Miessler | 1999-2008 | All Rights Reserved