def dynamic_main(self, queue_dict):
"""
Main entry point for process to call.
core_serialization.SubDomain Attributes:
name: long name of method
module_name: name of the module that performed collection
source: source of the subdomain or resource of collection
module_version: version from meta
source: source of the collection
time: time the result obj was built
subdomain: subdomain to use
valid: is domain valid
:return:
"""
core_args = self.json_entry['args']
task_output_queue = queue_dict['task_output_queue']
cs = core_scrub.Scrub()
rd = []
data = crtshAPI().search(str(core_args.DOMAIN))
for d in data:
cs.subdomain = d['issuer']
# check if domain name is valid
valid = cs.validate_domain()
# build the SubDomain Object to pass
sub_obj = core_serialization.SubDomain(self.info["Name"],
self.info["Module"],
"https://crt.sh",
self.info["Version"],
time.time(), d['issuer'],
valid)
# populate queue with return data objects
task_output_queue.put(sub_obj)
def __init__(self, json_entry):
"""
Init class structure. Each module takes a JSON entry object which
can pass different values to the module with out changing up the API.
adapted form Empire Project:
https://github.com/EmpireProject/Empire/blob/master/lib/modules/python_template.py
:param json_entry: JSON data object passed to the module.
"""
module_helpers.RequestsHelpers.__init__(self)
self.json_entry = json_entry
self.info = {
# mod name
'Module': 'subdomain_bruteforce.py',
# long name of the module to be used
'Name': 'Recursive Subdomain Bruteforce Using Wordlist',
# version of the module to be used
'Version': '1.0',
# description
'Description': ['Uses lists from dnspop',
'with high quality dns resolvers.'],
# authors or sources to be quoted
'Authors': ['@Killswitch-GUI', '@blark'],
# list of resources or comments
'comments': [
'Searches and performs recursive dns-lookup.',
' adapted from https://github.com/blark/aiodnsbrute/blob/master/aiodnsbrute/cli.py'
],
# priority of module (0) being first to execute
'priority': 0
}
self.options = {
}
# ~ queue object
self.word_count = int(self.json_entry['args'].raw_depth)
self.word_list_queue = queue.Queue(maxsize=0)
self.tasks = []
self.domain = ''
self.errors = []
self.fqdn = []
self.sub_gen_count = 0
# disable uvloop until supports windows
# asyncio.set_event_loop_policy(uvloop.EventLoopPolicy())
self.loop = asyncio.get_event_loop()
self.resolver = aiodns.DNSResolver(loop=self.loop, rotate=True)
# TODO: make max tasks defined in config.json
self.max_tasks = 1024
# TODO: make total set from wordcount in config.json
self.sem = asyncio.BoundedSemaphore(self.max_tasks)
self.cs = core_scrub.Scrub()
self.core_args = self.json_entry['args']
self.core_resolvers = self.json_entry['resolvers']
self.silent = self.json_entry['silent']
def dynamic_main(self, queue_dict):
"""
Main entry point for process to call.
core_serialization.SubDomain Attributes:
name: long name of method
module_name: name of the module that performed collection
source: source of the subdomain or resource of collection
module_version: version from meta
source: source of the collection
time: time the result obj was built
subdomain: subdomain to use
valid: is domain valid
:return: NONE
"""
foundsubdomains = []
core_args = self.json_entry['args']
task_output_queue = queue_dict['task_output_queue']
cs = core_scrub.Scrub()
start_count = int(self.json_entry['bing_search']['start_count'])
end_count = int(self.json_entry['bing_search']['end_count'])
while start_count <= end_count:
domain = "http://www.bing.com/search?q=site%3A" + \
str(core_args.DOMAIN) + "&first=" + str(start_count)
data, status = self.request_content(domain)
soup = BeautifulSoup(data, 'html.parser')
for i in soup.find_all('a', href=True):
possiblesubdomain = i['href']
if "." + str(core_args.DOMAIN) in possiblesubdomain:
parsed = urlparse(possiblesubdomain)
if parsed.netloc not in foundsubdomains:
foundsubdomains.append(str(parsed.netloc))
if parsed.hostname not in foundsubdomains:
foundsubdomains.append(str(parsed.hostname))
for sub in foundsubdomains:
cs.subdomain = sub
# check if domain name is valid
valid = cs.validate_domain()
# build the SubDomain Object to pass
sub_obj = core_serialization.SubDomain(
self.info["Name"],
self.info["Module"],
self.options['url'],
domain,
time.time(),
sub,
valid
)
task_output_queue.put(sub_obj)
# results inc at rate of 10 per page
start_count += 10
time.sleep(0.5)
def dynamic_main(self, queue_dict):
"""
Main entry point for process to call.
core_serialization.SubDomain Attributes:
name: long name of method
module_name: name of the module that performed collection
source: source of the subdomain or resource of collection
module_version: version from meta
source: source of the collection
time: time the result obj was built
subdomain: subdomain to use
valid: is domain valid
:return: NONE
"""
core_args = self.json_entry['args']
task_output_queue = queue_dict['task_output_queue']
cs = core_scrub.Scrub()
domain = self.options['url'] % (str(core_args.DOMAIN))
data, status = self.request_json(domain)
data = json.loads(data)
if status:
for d in data['data']:
cs.subdomain = d['id']
# check if domain name is valid
valid = cs.validate_domain()
# build the SubDomain Object to pass
sub_obj = core_serialization.SubDomain(
self.info["Name"],
self.info["Module"],
self.options['url'],
self.info["Version"],
time.time(),
d['id'],
valid
)
# populate queue with return data object
task_output_queue.put(sub_obj)