Skip to content

Latest commit

 

History

History
46 lines (33 loc) · 2.03 KB

README.md

File metadata and controls

46 lines (33 loc) · 2.03 KB

Horn3t 🐝 - Better Subdomain Reconnaissance

logo

  • Recon your targets at blazing speed
  • Enhance your productivity by focusing on interesting looking sites
  • Enumerate critical sites immediately
  • Sting your target

Horn3t is your Nr #1 tool for exploring subdomains visually.
Building on the great Sublist3r framework (or extensible with your favorite one) it searches for subdomains and generates awesome picture previews. Get a fast overview of your target with http status codes, add custom found subdomains and directly access found urls with one click.

demo preview

Installation

  • Install Google Chrome
  • Install requirements.txt with pip3
  • Install requirements.txt of sublist3r with pip3
  • Put the directory within the web server of your choice
  • Make sure to have the right permissions
  • Run horn3t.py

Or alternatively use the install.sh file with docker.
Afterwards you can access the web portal under http://localhost:1337

Todo

  • Better Scaling on Firefox
  • Add Windows Dockerfile
  • Direkt Nmap Support per click on a subdomain
  • Direkt Dirb Support per click on a subdomain
  • Generate PDF Reports of found subdomains
  • Assist with subdomain takeover

License

Horn3t is licensed under the GNU GPL license. take a look at the LICENSE for more information.

Respect legal restrictions and only conduct testing against infrastructure that you have permission to target.

Credits

  • aboul3la - The creator of Sublist3r; turbolist3r adds some features but is otherwise a near clone of sublist3r.
  • TheRook - The bruteforce module was based on his script subbrute.
  • bitquark - The Subbrute's wordlist was based on his research dnspop.

Tested on Windows 10 and Debian with Google Chrome/Chromium 73