def grab_domains(domain): # We're using the certificates python API instead of making REST API calls to the certificates endpoint certificates = censys.certificates.CensysCertificates( CENSYS_API_KEY, CENSYS_SECRET) # Iterate over certs that match a specific search; we're going to match on the Names field # Could look at Subject Alternate Name (SAN) on cert, which allows multiple hostnames to be protected by a single cert fields = ["parsed.names"] # Declare empty set to hold subdomains subdomains = set() # initiate a search for any certs associated with the domain try: for certificate in certificates.search("parsed.names: " + domain, fields=fields): # Add contents of parsed names list to our set of domains subdomains.update(certificate["parsed.names"]) return subdomains # we're not permissive of exceptions here; if there's an API issue we'll quit right away except censys.base.CensysRateLimitExceededException as e: print(e) exit(1) except censys.base.CensysNotFoundException as e: print(e) exit(1) except censys.base.CensysUnauthorizedException as e: print(e) exit(1) except censys.base.CensysJSONDecodeException as e: print(e) exit(1) # we've caught the most critical faults, but the one below is if you've hit maximum free results in one search except Exception as e: print(e) return subdomains
def get_subdomains(domain, certificates): logging.info("[+] Extracting sub-domains for {} from certificates".format(domain)) subdomains = [] certificate_query = 'parsed.names: {}'.format(domain) certificates_search_results = certificates.search(certificate_query, fields=['parsed.names']) for search_result in certificates_search_results: subdomains.extend(search_result['parsed.names']) return set(subdomains)
def get_subdomains(domain, certificates): subdomains = [] certificate_query = 'parsed.names: {}'.format(domain) certificates_search_results = certificates.search(certificate_query, fields=['parsed.names']) for search_result in certificates_search_results: subdomains.extend(search_result['parsed.names']) return set(subdomains)
def cert2iplis(cert): import config import censys.certificates query_str = cert UID = config.censys_uid SECRET = config.censys_secret certificates = censys.certificates.CensysCertificates(UID, SECRET) for result in certificates.search(query_str): print(result)
def find_certificates(target): print("Certificates:") certificates = censys.certificates.CensysCertificates(UID, SECRET) fingerprints = [] fields = ["parsed.names", "parsed.extensions.subject_alt_name.dns_names", "parsed.fingerprint_sha256", "parsed.subject_dn"] for cert in certificates.search("%s and tags: trusted" % target, fields=fields): if not is_cloudflare(cert["parsed.subject_dn"]) and target in cert["parsed.names"]: fingerprints.append(cert["parsed.fingerprint_sha256"]) print("\tHost: %s\n\tFingerprint: %s" % (' '.join(cert["parsed.names"]), cert["parsed.fingerprint_sha256"])) return fingerprints
def call_censys(domain: str, censys_uid: str, censys_secret: str): domain = f'{domain}*' certificates = censys.certificates.CensysCertificates(censys_uid, censys_secret) fields = ["parsed.subject_dn", "parsed.names"] censys_list = [] try: for c in certificates.search(f"parsed.names:({domain})", fields=fields): censys_list.append(c) except: print('Max limit of certs reached for this account') with open('out_censys.json', 'w') as f: json.dump(censys_list, f, ensure_ascii=False, indent=4)
def get_emails(domain, certificates): del emails_found[:] logging.info("[+] Extracting emails belonging to {} from SSL/TLS certificates".format(domain.rstrip())) certificate_query = 'parsed.names: {}'.format(domain) try: certificates_search_results = certificates.search(certificate_query, fields=['parsed.subject.email_address']) except KeyError: pass for search_result in certificates_search_results: try: emails_found.extend(search_result['parsed.subject.email_address']) except KeyError: pass return set(emails_found)
def main(): certificates = censys.certificates.CensysCertificates(uid, api_key) fields = [ "parsed.subject.common_name", "parsed.extensions.subject_alt_name.dns_names" ] query = "parsed.subject.common_name:%s or parsed.extensions.subject_alt_name.dns_names:%s" % (suffix, suffix) print("Censys query:\n%s\n" % query) current_page = start_page print("Fetching up to %i records, starting at page %i." % (max_records, start_page)) while current_page <= end_page: if current_page > start_page: print("(Waiting %is before fetching page %i.)" % (delay, current_page)) time.sleep(delay) print("Fetching page %i." % current_page) for cert in certificates.search(query, fields=fields, page=current_page, max_records=page_size): # Common name + SANs names = cert['parsed.subject.common_name'] + cert['parsed.extensions.subject_alt_name.dns_names'] if debug: print(names) for name in names: name = re.sub(wildcard_pattern, '', name).lower().strip() if suffix_pattern.search(name): hostnames_map[name] = None current_page += 1 print("Done fetching from API.") hostnames = list(hostnames_map.keys()) hostnames.sort() print("Writing out CSV.") for hostname in hostnames: out_writer.writerow([hostname]) print("Done.")
def get_subdomains(domain, certificates): unique_subdomains = [] logging.info("[+] Extracting sub-domains for {} from certificates".format(domain.rstrip())) try: certificate_query = 'parsed.names: {}'.format(domain) certificates_search_results = certificates.search(certificate_query, fields=['parsed.names']) except CensysException: logging.info('\033[93m[!] Error while fetching results from Censys.\n\033[1;m') sys.exit(1) for search_result in certificates_search_results: subdomains_found.extend(search_result['parsed.names']) for subdomain in subdomains_found: if '*' not in subdomain and subdomain.endswith(domain): unique_subdomains.append(subdomain) return set(unique_subdomains)
def show_censys_data(domain, uid, secret): logger.info("Looking up {} on censys".format(domain)) domains = set() domain_array = domain.split(".") domain_array.pop() certificates = censys.certificates.CensysCertificates(uid, secret) fields = ["parsed.names"] for c in certificates.search("parsed.names: %s" % domain, fields=fields): for d in c["parsed.names"]: if close_to_domain(d, domain, domain_array): domains.add(d) logger.info("Found {} unique domains".format(len(domains))) for d in domains: print(d)
def censys_search_certs(host): try: certificates = censys.certificates.CensysCertificates(api_id=UID, api_secret=TOKEN) cert_query = certificates.search( "parsed.names: {0} AND tags.raw: trusted AND NOT parsed.names: cloudflaressl.com" .format(host)) result = set( [cert['parsed.fingerprint_sha256'] for cert in cert_query]) hosts_query = censys.ipv4.CensysIPv4(api_id=UID, api_secret=TOKEN) hosts = ' OR '.join(result) if hosts: searching = hosts_query.search(hosts) host_result = set( [search_result['ip'] for search_result in searching]) return host_result except: print("[-] We got an error here, maybe with your credentials!") exit(1)
def investigate(domain, vt_api, api_id, api_secret): certificates = censys.certificates.CensysCertificates(api_id, api_secret) certificate_query = 'parsed.names: {}'.format(domain) certificates_search_results = certificates.search(certificate_query, fields=['parsed.names']) #print(certificates_search_results) subdomains = [] for search_result in certificates_search_results: subdomains.extend(search_result['parsed.names']) for subs in subdomains: print(subs) result_A = dns.resolver.query(domain, 'A') for ipadd in result_A: print('[+] A RECORDS :', ipadd) result_TXT = dns.resolver.query(domain, 'TXT') print('[+] TXT : ', result_TXT) url = 'https://www.virustotal.com/vtapi/v2/domain/report' params = {'apikey': vt_api, 'domain': domain} response = requests.get(url, params=params) for i in response.json()['detected_urls']: print("RELATED URL : {} POSITIVES {}".format(i['url'], i['positives']))
def get_emails(domain, certificates): del emails_found[:] logging.info( "[+] Extracting emails belonging to {} from SSL/TLS certificates". format(domain.rstrip())) try: certificate_query = 'parsed.names: {}'.format(domain) except CensysException: logging.info( '\033[93m[!] Error while fetching results from Censys.\n\033[1;m') sys.exit(1) try: certificates_search_results = certificates.search( certificate_query, fields=['parsed.subject.email_address']) except KeyError: pass for search_result in certificates_search_results: try: emails_found.extend(search_result['parsed.subject.email_address']) except KeyError: pass return set(emails_found)
def censys_search_certs(host): if not API_ID or not SECRET: return False try: certificates = censys.certificates.CensysCertificates( api_id=API_ID, api_secret=SECRET) cert_query = certificates.search( "parsed.names: {0} AND tags.raw: trusted AND NOT parsed.names: cloudflaressl.com".format(host)) result = set([cert['parsed.fingerprint_sha256'] for cert in cert_query]) hosts_query = censys.ipv4.CensysIPv4(api_id=API_ID, api_secret=SECRET) hosts = ' OR '.join(result) if hosts: searching = hosts_query.search(hosts) host_result = set([search_result['ip'] for search_result in searching]) return host_result else: return [] except: return False
def investigate(domain, vt_api, api_id, api_secret): certificates = censys.certificates.CensysCertificates(api_id, api_secret) certificate_query = 'parsed.names: {}'.format(domain) certificates_search_results = certificates.search(certificate_query, fields=['parsed.names']) #print(certificates_search_results) subdomains = [] # use for search_result in certificates_search_results: subdomains.extend(search_result['parsed.names']) for subs in subdomains: print(subs) result_A = dns.resolver.query(domain, 'A') ip = '' # use for ipadd in result_A: ip = str(ipadd) print('[+] A RECORDS :', ipadd) #result_TXT = dns.resolver.query(domain, 'TXT') #print('[+] TXT : ', result_TXT.qname) url = 'https://www.virustotal.com/vtapi/v2/domain/report' params = {'apikey': vt_api, 'domain': domain} response = requests.get(url, params=params) for dnsres in response.json()['dns_records']: print(dnsres) dnsresponse = response.json()['dns_records'] # use dnsurls = response.json()['detected_urls'] # use for i in response.json()['detected_urls']: print("RELATED URL : {} POSITIVES {}".format(i['url'], i['positives'])) print('[+] Finding Geo-location of the Domain:') handler = ipinfo.getHandler(access_token='b5239b01d8abc5') print('\n') details = handler.getDetails(ip) # use pprint.pprint(details.all) return details
import censys.certificates UID = "78d24978-4024-45ce-97a0-913fa26b4cdc" SECRET = "Ee0SBxl9XelzvS6C0RHaBsSCPDTgMpvl" certificates = censys.certificates.CensysCertificates(UID, SECRET) fields = [ "parsed.subject_dn", "parsed.fingerprint_sha256", "parsed.fingerprint_sha1" ] for c in certificates.search("validation.nss.valid: true", fields=fields): print(c["parsed.subject_dn"])
print(""" +++ Menu +++ 1.Check Subdomain with Censys 2.Check Subdomain with list keyword 3.Check Subdomain with Censys and list keyword 4.Exit/Quit """) ans = input("What would you like to do? ") if ans == "1": domain = input("Enter Domain: ") UID = "83f1de21-5e60-4c6a-8bb1-6afb3617aa6d" SECRET = "WVHec4SvOQTBuBZMZpQwVHrjSHABSiS1" certificates = censys.certificates.CensysCertificates(UID, SECRET) sub = 'parsed.names: %s' % domain cert_search_results = certificates.search(sub, fields=['parsed.names']) subdomains = [] for c in cert_search_results: subdomains.extend(c['parsed.names']) def RemoveDuplication(subdomains): final_list = [] for text in subdomains: if text not in final_list: final_list.append(text) return final_list print("=" * 60) for dns in RemoveDuplication(subdomains): if domain in dns: print(dns)
print("╚═════╝░░╚═════╝░╚═════╝░╚═════╝░░╚════╝░╚═╝░░░░░╚═╝╚═╝░░╚═╝╚═╝╚═╝░░╚══╝╚═════╝░") import censys.certificates import socket print("[SYNTAX]: google.com") searchDomain = input("[DOMAIN NAME]: ") updomains = {} downdomains = {} UID = "" SECRET = "" certificates = censys.certificates.CensysCertificates(UID, SECRET) fields = ["parsed.names"] for c in certificates.search(searchDomain, fields=fields, max_records=1000): try: domain = c["parsed.names"][0].replace("*.", "").replace("www.", "") except: continue if not updomains.get(domain) and not downdomains.get(domain) and domain.endswith(searchDomain) and (("."+searchDomain in domain) or searchDomain == domain): try: ip = socket.gethostbyname(domain) updomains[domain] = ip except: downdomains[domain] = True if updomains: print("--------------------------") print("-=-=-=- DOMAINS UP -=-=-=-")
#!/usr/bin/env python # -*- coding: utf-8 -*- # author = [email protected] # project = https://github.com/Xyntax/POC-T import censys.certificates UID = "login for API key" SECRET = "login for API secret" certificates = censys.certificates.CensysCertificates(UID, SECRET) fields = [ "parsed.subject_dn", "parsed.fingerprint_sha256", "parsed.fingerprint_sha1" ] for c in certificates.search("current_valid_nss: true"): print c["parsed.subject_dn"]
import censys.certificates import csv from settings import UID, SECRET certificates = censys.certificates.CensysCertificates(UID, SECRET) fields = [ "parsed.fingerprint_sha256", "parsed.validity.start", "parsed.validity.end" ] with open('results.csv', 'w', newline='') as file: writer = csv.writer(file) writer.writerow( ["SHA256 fingerprint", "validity start date", "validity end date"]) for c in certificates.search("parsed.names: censys.io, tags: trusted", fields=fields): writer.writerow([ c["parsed.fingerprint_sha256"], c["parsed.validity.start"], c["parsed.validity.end"] ]) # for c in certificates.search("parsed.names: censys.io, tags: trusted", fields=fields): # print(c["parsed.validity.start"] + " " + c["parsed.fingerprint_sha256"] + " " + str(c["parsed.validity.end"]))
#!/usr/bin/env python # -*- coding: utf-8 -*- # author = [email protected] # project = https://github.com/Xyntax/POC-T import censys.certificates UID = "login for API key" SECRET = "login for API secret" certificates = censys.certificates.CensysCertificates(UID, SECRET) fields = ["parsed.subject_dn", "parsed.fingerprint_sha256", "parsed.fingerprint_sha1"] for c in certificates.search("current_valid_nss: true"): print c["parsed.subject_dn"]