new command habu.extract.hostname

fportantier · Dec 8, 2018 · 9c5c0ef · 9c5c0ef
1 parent f51ebb5
commit 9c5c0ef
Show file tree

Hide file tree

Showing 3 changed files with 100 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -617,6 +617,29 @@ Options:
 ```
 
 
+## habu.extract.hostname
+
+
+``` {.sourceCode .bash}
+Usage: habu.extract.hostname [OPTIONS] [INFILE]
+
+  Extract hostnames from a file or stdin.
+
+  Example:
+
+  $ cat /var/log/some.log | habu.extract.hostname
+  www.google.com
+  ibm.com
+  fileserver.redhat.com
+
+Options:
+  -c      Check if hostname resolves
+  -v      Verbose output
+  -j      JSON output
+  --help  Show this message and exit.
+```
+
+
 ## habu.extract.ipv4
 
 

diff --git a/habu/cli/cmd_extract_hostname.py b/habu/cli/cmd_extract_hostname.py
@@ -0,0 +1,75 @@
+#!/usr/bin/env python3
+
+import json
+import logging
+import socket
+
+import click
+import regex as re
+
+
+def extract_hostname(data):
+
+    regexp = re.compile(r"([a-zA-Z0-9_.-]+)")
+
+    match = regexp.finditer(data)
+
+    result = set()
+
+    for m in match:
+        candidate = m.group(0).lower()
+
+        if '.' not in candidate:
+            continue
+
+        if not re.match('[a-z]+', candidate):
+            continue
+
+        if not re.match('[a-z0-9]+\.[a-z0-9]', candidate):
+            continue
+
+        result.add(candidate)
+
+    return list(result)
+
+
+@click.command()
+@click.argument('infile', type=click.File('r'), default='-')
+@click.option('-c', 'check', is_flag=True, default=False, help='Check if hostname resolves')
+@click.option('-v', 'verbose', is_flag=True, default=False, help='Verbose output')
+@click.option('-j', 'jsonout', is_flag=True, default=False, help='JSON output')
+def cmd_extract_hostname(infile, check, verbose, jsonout):
+    """Extract hostnames from a file or stdin.
+
+    Example:
+
+    \b
+    $ cat /var/log/some.log | habu.extract.hostname
+    www.google.com
+    ibm.com
+    fileserver.redhat.com
+    """
+
+    if verbose:
+        logging.basicConfig(level=logging.INFO, format='%(message)s')
+
+    data = infile.read()
+
+    result = extract_hostname(data)
+
+    if check:
+        logging.info('Checking against DNS...')
+        for candidate in result:
+            try:
+                socket.getaddrinfo(candidate, None)
+            except socket.gaierror:
+                result.remove(candidate)
+
+    if jsonout:
+        print(json.dumps(result, indent=4))
+    else:
+        print('\n'.join(result))
+
+
+if __name__ == '__main__':
+    cmd_extract_hostname()
diff --git a/setup.py b/setup.py
@@ -5,7 +5,7 @@
 
 setup(
     name='habu',
-    version='0.0.90',
+    version='0.0.91',
     description='Python Network Hacking Toolkit',
     long_description=readme,
     long_description_content_type='text/markdown',
@@ -53,6 +53,7 @@
         habu.dhcp.discover=habu.cli.cmd_dhcp_discover:cmd_dhcp_discover
         habu.dhcp.starvation=habu.cli.cmd_dhcp_starvation:cmd_dhcp_starvation
         habu.eicar=habu.cli.cmd_eicar:cmd_eicar
+        habu.extract.hostname=habu.cli.cmd_extract_hostname:cmd_extract_hostname
         habu.extract.ipv4=habu.cli.cmd_extract_ipv4:cmd_extract_ipv4
         habu.extract.email=habu.cli.cmd_extract_email:cmd_extract_email
         habu.fernet=habu.cli.cmd_fernet:cmd_fernet