From 9c5c0ef83f2bce35198eb1c78c4106d4b616b001 Mon Sep 17 00:00:00 2001
From: Fabian Martinez Portantier <fabian@portantier.com>
Date: Sat, 8 Dec 2018 15:17:51 -0300
Subject: [PATCH] new command habu.extract.hostname

---
 README.md                        | 23 ++++++++++
 habu/cli/cmd_extract_hostname.py | 75 ++++++++++++++++++++++++++++++++
 setup.py                         |  3 +-
 3 files changed, 100 insertions(+), 1 deletion(-)
 create mode 100644 habu/cli/cmd_extract_hostname.py

diff --git a/README.md b/README.md
index ba51443..3e18d8d 100644
--- a/README.md
+++ b/README.md
@@ -617,6 +617,29 @@ Options:
 ```
 
 
+## habu.extract.hostname
+
+
+``` {.sourceCode .bash}
+Usage: habu.extract.hostname [OPTIONS] [INFILE]
+
+  Extract hostnames from a file or stdin.
+
+  Example:
+
+  $ cat /var/log/some.log | habu.extract.hostname
+  www.google.com
+  ibm.com
+  fileserver.redhat.com
+
+Options:
+  -c      Check if hostname resolves
+  -v      Verbose output
+  -j      JSON output
+  --help  Show this message and exit.
+```
+
+
 ## habu.extract.ipv4
 
 
diff --git a/habu/cli/cmd_extract_hostname.py b/habu/cli/cmd_extract_hostname.py
new file mode 100644
index 0000000..0b8101f
--- /dev/null
+++ b/habu/cli/cmd_extract_hostname.py
@@ -0,0 +1,75 @@
+#!/usr/bin/env python3
+
+import json
+import logging
+import socket
+
+import click
+import regex as re
+
+
+def extract_hostname(data):
+
+    regexp = re.compile(r"([a-zA-Z0-9_.-]+)")
+
+    match = regexp.finditer(data)
+
+    result = set()
+
+    for m in match:
+        candidate = m.group(0).lower()
+
+        if '.' not in candidate:
+            continue
+
+        if not re.match('[a-z]+', candidate):
+            continue
+
+        if not re.match('[a-z0-9]+\.[a-z0-9]', candidate):
+            continue
+
+        result.add(candidate)
+
+    return list(result)
+
+
+@click.command()
+@click.argument('infile', type=click.File('r'), default='-')
+@click.option('-c', 'check', is_flag=True, default=False, help='Check if hostname resolves')
+@click.option('-v', 'verbose', is_flag=True, default=False, help='Verbose output')
+@click.option('-j', 'jsonout', is_flag=True, default=False, help='JSON output')
+def cmd_extract_hostname(infile, check, verbose, jsonout):
+    """Extract hostnames from a file or stdin.
+
+    Example:
+
+    \b
+    $ cat /var/log/some.log | habu.extract.hostname
+    www.google.com
+    ibm.com
+    fileserver.redhat.com
+    """
+
+    if verbose:
+        logging.basicConfig(level=logging.INFO, format='%(message)s')
+
+    data = infile.read()
+
+    result = extract_hostname(data)
+
+    if check:
+        logging.info('Checking against DNS...')
+        for candidate in result:
+            try:
+                socket.getaddrinfo(candidate, None)
+            except socket.gaierror:
+                result.remove(candidate)
+
+    if jsonout:
+        print(json.dumps(result, indent=4))
+    else:
+        print('\n'.join(result))
+
+
+if __name__ == '__main__':
+    cmd_extract_hostname()
diff --git a/setup.py b/setup.py
index a5f3f6c..3082587 100644
--- a/setup.py
+++ b/setup.py
@@ -5,7 +5,7 @@
 
 setup(
     name='habu',
-    version='0.0.90',
+    version='0.0.91',
     description='Python Network Hacking Toolkit',
     long_description=readme,
     long_description_content_type='text/markdown',
@@ -53,6 +53,7 @@
         habu.dhcp.discover=habu.cli.cmd_dhcp_discover:cmd_dhcp_discover
         habu.dhcp.starvation=habu.cli.cmd_dhcp_starvation:cmd_dhcp_starvation
         habu.eicar=habu.cli.cmd_eicar:cmd_eicar
+        habu.extract.hostname=habu.cli.cmd_extract_hostname:cmd_extract_hostname
         habu.extract.ipv4=habu.cli.cmd_extract_ipv4:cmd_extract_ipv4
         habu.extract.email=habu.cli.cmd_extract_email:cmd_extract_email
         habu.fernet=habu.cli.cmd_fernet:cmd_fernet