Ticker

6/recent/ticker-posts

SpyHunt: Unleashing the Power of Recon for Bug Hunters

SpyHunt a powerful OSINT tool
In this article, we explore a comprehensive network scanning and vulnerability assessment tool that is very helpful for bug bounty hunters, security professionals, etc.

SpyHunt is a comprehensive network scanning and vulnerability assessment tool. This tool is designed for security professionals and penetration testers to perform comprehensive reconnaissance and vulnerability assessments on target networks and web applications. It combines multiple scanning techniques and integrates various external tools to provide a wide range of information about the target.

These tools are made with various libraries that can perform network operations, web scraping, parallel processing, etc. The tools come with command-line argument parsing for different scanning options. 


This tool is completely for bug hunters. It includes each and every tool that helps a hunter for finding bugs from subdomain enumeration to brute forcing.

Function

  • Subdomain enumeration
  • Technology detection
  • DNS record scanning
  • Web crawling and URL extraction
  • Favicon hash calculation
  • Host header injection testing
  • Security header analysis
  • Network vulnerability analysis
  • Wayback machine URL retrieval
  • JavaScript file discovery
  • Broken link checking
  • HTTP request smuggling detection
  • IP address extraction
  • Domain information gathering
  • API endpoint fuzzing
  • Shodan integration for additional recon
  • 403 Forbidden bypass attempts
  • Directory and file brute-forcing
  • Local File Inclusion (LFI) scanning with Nuclei
  • Google Dorking
  • Directory Traversal
  • SQL Injection
  • XSS
  • Web Server Detection
  • JavaScript file scanning for sensitive info
  • The script uses multithreading and multiprocessing to perform scans efficiently.
  • It includes options to save results to files and customize scan parameters.
  • The tool integrates with external tools and APIs like Shodan, Nmap, and various web-based services.
  • It implements various techniques to bypass restrictions and discover vulnerabilities.
  • The script includes a CIDR notation scanner for port scanning across IP ranges.

Installation 

git clone https://github.com/gotr00t0day/spyhunt.git

cd spyhunt

pip3 install -r requirements.txt

sudo python3 install.py

USAGE

usage: spyhunt.py [-h] [-sv filename.txt] [-s domain.com] [-j domain.com] [-t domain.com] [-d domain.com]
                  [-p domains.txt] [-r domains.txt] [-b domains.txt] [-w https://domain.com]

                  [-wc https://domain.com] [-fi https://domain.com] [-fm https://domain.com]

                  [-na https://domain.com] [-ri IP] [-rim IP] [-sc domain.com] [-co domains.txt]

                  [-hh domain.com] [-sh domain.com] [-ed domain.com] [-smu domain.com] [-rd domain list]

                  [-ips domain list] [-dinfo domain list] [-isubs domain list] [-pspider domain.com]

                  [-nft domains.txt] [-ph domain.txt]

  • Scan for subdomains and save the output to a file.

python3 spyhunt.py -s yahoo.com --save filename.txt
  • Scan for javascript files

python3 spyhunt.py -j yahoo.com

Scan for DNS records

python3 spyhunt.py -d domains.txt

  • Scan for FavIcon hashes

python3 spyhunt.py -fi domain.com

  • Web Crawler

python3 spyhunt.py -wc https://www.domain.com

  • Broken Links

python3 spyhunt.py -b https://www.domain.com

  • Cors Misconfiguration Scan

python3 spyhunt.py -co domains.txt

  • Host Header Injection

python3 spyhunt.py -hh domains.txt

  • Directory Brute Forcing

python3 spyhunt.py --directorybrute domain.com --wordlist list.txt --threads 50 -e php,txt,html -x 404,403

  • Directory Brute Forcing with no extensions

python3 spyhunt.py --directorybrute domain.com --wordlist list.txt --threads 50 -x 404,403

  • Scanning a subnet

python3 spyhunt.py --cidr_notation IP/24 --ports 80,443 --threads 200

  • Directory Traversal

python3 spyhunt.py -ph domain.com?id=

  • sql injection

python3 spyhunt.py -sqli domain.com?id=1
  • XSS

python3 spyhunt.py -xss domain.com?id=1

  • JavaScript file scanning for sensitive info

python3 spyhunt.py -javascript domain.com
  • Javascript endpoint fuzzing

python3 spyhunt.py -javascript_endpoint domains.txt -c 20 --save filename.txt

Now you can use it in your own ways, I hope this information is helpful for you and make sure to save bookmarks for future posts.


Want to be a hacker? Join our Complete Offensive-Hacking course and learn everything from scratch, from your home comfort to your time flexibility. Register Now to get 10% special off.