domainhunter - Checks expired domains for phishing and C2 domain names.

domainhunter – Checks expired domains for phishing and C2 domain names.

This is for educational purposes only!
It is designed to promote education and the improvement of computer/cyber security.
The authors or employers are not liable for any illegal act or misuse performed by any user of this tool.
If you plan to use this content for illegal purpose, don’t.
DomainHunter is a tools for Domain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly, domains that were used previously for benign purposes and were properly categorized can be purchased for only a few dollars. Such domains can allow a team to bypass reputation based web filters and network egress restrictions for phishing and C2 related tasks.

This Python based tool was written to quickly query the search engine for expired/available domains with a previous history of use. It then optionally queries for domain reputation against services like BlueCoat and IBM X-Force. The primary tool output is a timestamped HTML table style report.

domainhunter – Expired Domains Reputation Checker

+ Retrieves specified number of recently expired and deleted domains (.com, .net, .org primarily)
+ Retrieves available domains based on keyword search
+ Reads line delimited input file of potential domains names to check against reputation services
+ Performs reputation checks against the Blue Coat Site Review and IBM x-Force services
+ Sorts results by domain age (if known)
+ Text-based table and HTML report output with links to reputation sources and entry