def module_run(self, addresses):
# build a regex that matches any of the stored domains
domains = [x[0] for x in self.query('SELECT DISTINCT domain from domains WHERE domain IS NOT NULL')]
regex = '(?:%s)' % ('|'.join(['\.'+re.escape(x)+'$' for x in domains]))
for address in addresses:
self.heading(address, level=0)
query = 'ip:%s' % (address)
results = self.search_bing_api(query)
if not results:
self.verbose('No additional hosts discovered at \'%s\'.' % (address))
for result in results:
host = parse_hostname(result['displayUrl'])
self.verbose(host)
# apply restriction
if self.options['restrict'] and not re.search(regex, host):
continue
# add hosts to the database
self.add_hosts(host, address)
def module_run(self, domains):
limit = self.options['limit']
requests = 0
for domain in domains:
self.heading(domain, level=0)
hosts = []
results = []
pages = 1
base_query = f"domain:{domain}"
while not limit or requests < limit:
query = base_query
# build query string based on api limitations
for host in hosts:
omit_domain = f" -domain:{host}"
# https://msdn.microsoft.com/en-us/library/dn760794.aspx
if len(query) + len(omit_domain) >= 1500:
break
query += omit_domain
# make api requests
if limit and requests + pages > limit:
pages = limit - requests
last_len = len(results)
results = self.search_bing_api(query, pages)
requests += pages
# iterate through results and add new hosts
flag = False
for result in results:
host = parse_hostname(result['displayUrl'])
if host.endswith('.' + domain) and host not in hosts:
hosts.append(host)
self.insert_hosts(host)
flag = True
if not flag and last_len == len(results):
break
elif not flag and last_len != len(results):
pages += 1
self.verbose(
f"No new hosts found for the current query. Increasing depth to '{pages}' pages."
)
def module_run(self, domains):
limit = self.options['limit']
requests = 0
for domain in domains:
self.heading(domain, level=0)
hosts = []
results = []
pages = 1
base_query = 'domain:%s' % (domain)
while not limit or requests < limit:
query = base_query
# build query string based on api limitations
for host in hosts:
omit_domain = ' -domain:%s' % (host)
# https://msdn.microsoft.com/en-us/library/dn760794.aspx
if len(query) + len(omit_domain) >= 1500:
break
query += omit_domain
# make api requests
if limit and requests + pages > limit:
pages = limit - requests
last_len = len(results)
results = self.search_bing_api(query, pages)
requests += pages
# iterate through results and add new hosts
flag = False
for result in results:
host = parse_hostname(result['displayUrl'])
if host.endswith('.'+domain) and host not in hosts:
hosts.append(host)
self.add_hosts(host)
flag = True
if not flag and last_len == len(results):
break
elif not flag and last_len != len(results):
pages += 1
self.verbose('No new hosts found for the current query. Increasing depth to \'%d\' pages.' % (pages))