**Note: The content in this article is only for educational purposes and understanding of cybersecurity concepts. It should enable people and organizations to have a better grip on threats and know how to protect themselves against them. Please use this information responsibly.**
BillCipher is an information-gathering tool that can be used for any website or IP address. It can also run on any operating system provided it supports Python2, Python3 or Ruby.
Installation of Python
Ensure that Python is installed in your operating system.
You can check this by typing the command:
python -V or python –version
If Python is installed, it will tell you the installed Python version
In case it is not installed in Kali Linux (The required packages are already available), use the following command to install it:
sudo apt install python3-pip
Installation of BillCipher
Copy the link from the BillCipher GitHub page and perform a git clone on your terminal or, copy and enter the command given below:
git clone https://github.com/bahatiphill/BillCipher.git
This clones the BillCipher utility from the GitHub page to your present working directory.
You can check this by listing the contents of your present working directory. For this, type the command:
ls
Now enter the BillCipher directory by typing:
cd BillCipher
The contents of the directory will be displayed as shown below:
Now install the contents of the requirements.txt file by entering the command:
pip3 install -r requirements.txt
With this, all the requirements for using BillCipher have been completely installed.
Using BillCipher
To enter into the tool, use the command python3 billcipher.py
After you enter, it will ask you to mention whether you want to perform footprinting on a website or IP address (It will even work if you enter “w” or “i”).
Enter accordingly. Here we will find information about a website.
It will then ask you to enter the website name whose information you want to gather.
Here we will conduct footprinting on “testfire.net”
After you enter the website name, BillCipher displays a menu with numbers followed by functions. You can choose what information you want by typing the corresponding option number.
Functions of BillCipher
DNS Lookup
For performing DNS lookup enter 1. This will display all the DNS records for the website.
After this, it asks if you want to continue, for which you can enter yes or no (It even works with y or n).
We have also shown the DNS records for tesla.com
Notice how the records here are more than those displayed for testfire.net, as Tesla has way more servers than Testfire (which is just a test website for educational purposes).
GeoIP Lookup
Now we will see how to display the Geographical location of target servers:
As this domain has various “a records”, you can select a specific one by entering its IP address.
We can use DNS Lookup to determine the various IP addresses mapped to a domain, its subdomains and all their servers and then find their location using GeoIP Lookup.
Subnet Lookup
Subnet details can be found by following the process below:
Enter any website name and press 4
Attackers can use this information to know the network and subnetwork of the target.
It can also be used to perform a Port Scan, which is also a function of BillCipher.
To find Page Links press 6.
HTTP Header information can be retrieved by entering 8.
Robots.txt
Enter 12 to find out Robots.txt details
Using this and sitemaps, content can be discovered on websites and web applications. While primarily used to assist search engines attempting to index a site, they can be valuable methods for those wishing to better understand the structure of a site without the use of specialized tools.
Now that we know how to navigate, you can try other functions of BillCipher using the interactive menu. Other functions of BillCipher include:
Zone Transfer
Host Finder
IP Locator
Find Shared DNS Servers
Host DNS Finder
Reserve IP Lookup
Email Gathering
Sub Domain Listing
Find Admin Login Site
Check and Bypass Cloudflare
Attackers can use the feature of checking and bypassing Cloudflare to probe vulnerabilities and gain unauthorized access to protected websites. Defenders can study these techniques to improve security controls and threat detection.
We can even copy website information using Website Copier.
BillCipher is an all-purpose tool developed to cover both the defensive and offensive sides of penetration testing. It provides subdomain enumeration, port scanning, and vulnerability assessment, making it very useful for both ethical hackers and security professionals in general.
