Domain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly, domains that were used previously for benign purposes and were properly categorized can be purchased for only a few dollars. Such domains can allow a team to bypass reputation based web filters and network egress restrictions for phishing and C2 related tasks.

This Python based tool was written to quickly query the Expireddomains.net search engine for expired/available domains with a previous history of use. It then optionally queries for domain reputation against services like Symantec WebPulse (BlueCoat), IBM X-Force, and Cisco Talos. The primary tool output is a timestamped HTML table style report.

DomainHunter – Checks Expired Domains for Reputation

With this tool you will have the following features:

• Retrieve specified number of recently expired and deleted domains (.com, .net, .org) from ExpiredDomains.net
• Retrieve available domains based on keyword search from ExpiredDomains.net
• Perform reputation checks against the Symantec WebPulse Site Review (BlueCoat), IBM x-Force, Cisco Talos, Google SafeBrowsing, and PhishTank services
• Sort results by domain age (if known) and filter for reputation
• Text-based table and HTML report output with links to reputation sources and Archive.org entry

Next you can use any expired domain for running penetration testing and attack based on what you are looking to achieve against your target.

You can download and read more about this tool over here: https://github.com/threatexpress/