BillCipher is a website and IP address information gathering tool. The tool gathers a series of information including DNS record, Whois information, GeoIP data, Subnet record , open ports information, live pages (links) available on the target web application, server information, Cloudflare information, plugins, HTTP Header, Host Header, reverse IP information, shared DNS servers, IP location information, subdomain listings, emails associated with the target domain, admin pages, and Robots.txt data. BillCipher scans the target web application for Zone transfer vulnerabilities. Moreover, the tool can clone the target web application using third party tool (HTTrack).
BillCipher tool works on all major operating systems including Linux and Windows. In Linux OS, run the following commands to fulfill the prerequisites.
sudo apt update && sudo apt install ruby python python-pip python3 python3-pip sudo apt install httrack whatweb
After installing the prerequisites, clone BillCipher using the following command.
git clone https://github.com/GitHackTools/BillCipher
BillCipher requires argparse, dnspython, and requests packages to operate. To install these packages, navigate to the tool’s directory and run the requirements.txt file using the following terminal commands.
pip install -r requirements.txt pip3 install -r requirements.txt
How to Operate BillCipher
BillCipher can be set into action by typing the following command in the terminal.
When we first run BillCipher, the tool asks for the format of the target host, whether it is a website or IP address. Provide the desired format and the target host address to unlock the tool’s menu as shown in the following screenshot.
We can see a series of scanning (information gathering) options in the menu. All these canning options can be performed by providing the target host address and selecting the sequence number of the desired scanning option. BillCipher provides detailed information for majority of the scanning features supported by the tool. For instance, if we search for the Whois record of the target host, BillCipher responds with detailed information as shown in the following screenshots.
The port scanner option performs a quick scan to find out all the open ports and the running services.
Page links (at sequence #6) is a very handy option to find out all the pages (links) associated with the target web application. The option can be used to find out the potentially vulnerable links that can be analyzed using the desired vulnerabilities testing and exploitation tools.
To find out the email addresses linked with the target domains, BillCipher scans a number of search engines including Google, Bing, Yahoo, Baidi, Ask, Dogpile, PGP, and Exalead.
The host info scanner option can be used for banner grabbing purpose. The option allows collecting the server and plugins information about the target web application.
Apart from information gathering, BillCipher also scans the target web application for the Zone transfer vulnerabilities.
BillCipher can also clone the target web application (web mirroring) using the HTTtrack tool. HTTrack is an open source tool capable of copying remotely hosted websites to the local drives.
BillCipher is a handy information gathering tool that provides series of useful information that can later be used to attack and exploit the vulnerabilities in target websites and applications.