Exemple #1
0
def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce,
         engines, valid):
    bruteforce_list = set()
    search_list = set()

    if is_windows:
        subdomains_queue = list()
    else:
        subdomains_queue = multiprocessing.Manager().list()

    # Check Bruteforce Status
    if enable_bruteforce or enable_bruteforce is None:
        enable_bruteforce = True

    # Validate domain
    domain_check = re.compile(
        "^(http|https)?[a-zA-Z0-9]+([\-\.]{1}[a-zA-Z0-9]+)*\.[a-zA-Z]{2,}$")
    if not domain_check.match(domain):
        if not silent:
            print(R + "Error: Please enter a valid domain" + W)
        return []

    if not domain.startswith('http://') or not domain.startswith('https://'):
        domain = 'http://' + domain

    parsed_domain = urlparse.urlparse(domain)

    if not silent:
        print(B +
              "[-] Enumerating subdomains now for %s" % parsed_domain.netloc +
              W)

    if verbose and not silent:
        print(
            Y +
            "[-] verbosity is enabled, will show the subdomains results in realtime"
            + W)

    supported_engines = {
        'baidu': BaiduEnum,
        'yahoo': YahooEnum,
        'google': GoogleEnum,
        'bing': BingEnum,
        'ask': AskEnum,
        'netcraft': NetcraftEnum,
        'dnsdumpster': DNSdumpster,
        'virustotal': Virustotal,
        'threatcrowd': ThreatCrowd,
        'ssl': CrtSearch,
        'passivedns': PassiveDNS
    }

    chosenEnums = []

    if engines is None:
        chosenEnums = [
            BaiduEnum, YahooEnum, GoogleEnum, BingEnum, AskEnum, NetcraftEnum,
            DNSdumpster, Virustotal, ThreatCrowd, CrtSearch, PassiveDNS
        ]
    else:
        engines = engines.split(',')
        for engine in engines:
            if engine.lower() in supported_engines:
                chosenEnums.append(supported_engines[engine.lower()])

    # Start the engines enumeration
    enums = [
        enum(domain, [], q=subdomains_queue, silent=silent, verbose=verbose)
        for enum in chosenEnums
    ]
    for enum in enums:
        enum.start()
    for enum in enums:
        enum.join()

    subdomains = set(subdomains_queue)
    for subdomain in subdomains:
        search_list.add(subdomain)

    if enable_bruteforce:
        if not silent:
            print(G + "[-] Starting bruteforce module now using subbrute.." +
                  W)
        record_type = False
        path_to_file = os.path.dirname(os.path.realpath(__file__))
        subs = os.path.join(path_to_file, 'subbrute', 'names.txt')
        resolvers = os.path.join(path_to_file, 'subbrute', 'resolvers.txt')
        process_count = threads
        output = False
        json_output = False
        bruteforce_list = subbrute.print_target(parsed_domain.netloc,
                                                record_type, subs, resolvers,
                                                process_count, output,
                                                json_output, search_list,
                                                verbose)

    subdomains = search_list.union(bruteforce_list)

    if subdomains:
        subdomains = sorted(subdomains, key=subdomain_sorting_key)

        if valid:
            for subdom in subdomains:
                result = subprocess.run(['host', subdom], capture_output=True)

                if "not found" in result.stdout.decode('utf-8'):
                    subdomains.remove(subdom)

        if savefile:
            write_file(savefile, subdomains)

        if not silent:
            print(Y +
                  "[-] Total Unique Subdomains Found: %s" % len(subdomains) +
                  W)

        if ports:
            if not silent:
                print(G +
                      "[-] Start port scan now for the following ports: %s%s" %
                      (Y, ports) + W)
            ports = ports.split(',')
            pscan = portscan(subdomains, ports)
            pscan.run()

        elif not silent:
            for subdomain in subdomains:
                print(G + subdomain + W)
    return subdomains
Exemple #2
0
def main():
    args = parse_args()
    domain = args.domain
    threads = args.threads
    savefile = args.output
    google_list = []
    bing_list = []
    baidu_list = []
    bruteforce_list = set()
    subdomains_queue = multiprocessing.Queue()

    #Check Verbosity
    global verbose
    verbose = args.verbose
    if verbose or verbose is None:
        verbose = True

    #Check Bruteforce Status
    enable_bruteforce = args.bruteforce
    if enable_bruteforce or enable_bruteforce is None:
        enable_bruteforce = True

    #Validate domain
    domain_check = re.compile("^(http|https)?[a-zA-Z0-9]+([\-\.]{1}[a-zA-Z0-9]+)*\.[a-zA-Z]{2,5}$")
    if not domain_check.match(domain):
        print R+"Error: Please enter a valid domain"+W
        sys.exit()

    if not domain.startswith('http://') or not domain.startswith('https://'):
        domain = 'http://'+domain

    #Print the Banner
    banner()
    parsed_domain = urlparse.urlparse(domain)

    print B+"[-] Enumerating subdomains now for %s"%parsed_domain.netloc+W

    if verbose:
        print Y+"[-] verbosity is enabled, will show the subdomains results in realtime"+W

    #Start the engines enumeration
    enums = [enum(domain, verbose, q=subdomains_queue) for enum in BaiduEnum,
        YahooEnum, GoogleEnum, BingEnum, AskEnum, NetcraftEnum, DNSdumpster]
    for enum in enums:
        enum.start()
    for enum in enums:
        enum.join()

    search_list = set()
    while not subdomains_queue.empty():
        search_list= search_list.union(subdomains_queue.get())

    if enable_bruteforce:
        print G+"[-] Starting bruteforce module now using subbrute.."+W
        record_type = False
        path_to_file = os.path.dirname(os.path.realpath(__file__))
        subs = os.path.join(path_to_file, 'subbrute', 'names.txt')
        resolvers = os.path.join(path_to_file, 'subbrute', 'resolvers.txt')
        process_count = threads
        output = False
        json_output = False
        bruteforce_list = subbrute.print_target(parsed_domain.netloc, record_type, subs, resolvers, process_count, output, json_output, search_list, verbose)

    subdomains = search_list.union(bruteforce_list)

    if subdomains:
        if savefile:
            write_file(savefile, subdomains)
        print Y+"[-] Total Unique Subdomains Found: %s"%len(subdomains)+W
        for subdomain in subdomains:
            print G+subdomain+W
Exemple #3
0
def main():
    args = parse_args()
    domain = args.domain
    #threads = args.threads
    savefile = args.output
    ports = args.ports
    bruteforce_list = []
    subdomains = []

    if not savefile:
        now = datetime.datetime.now()
        timestr = now.strftime("-%Y-%m-%d-%H-%M")
        savefile = domain+timestr+".txt"


    enable_bruteforce = args.bruteforce
    if enable_bruteforce or enable_bruteforce is None:
        enable_bruteforce = True

    #Validate domain
    if not is_domain(domain):
        print R+"[!]Error: Please enter a valid domain"+W
        sys.exit()


    #Print the Banner
    banner()
    waring = "[!] legal disclaimer: Usage of Teemo for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program"
    print waring
    print B+"[-] Enumerating subdomains now for %s"% domain+W

    '''
    subdomains.extend(callsites(domain,proxy))
    domains,emails = callengines(domain,500,proxy)
    subdomains.extend(domains)
    #print subdomains
    '''

    Threadlist = []
    q_domains = Queue() #to recevie return values
    q_emails = Queue()
    useragent = random_useragent(allow_random_useragent)

    if args.proxy != None:
        proxy = args.proxy
        proxy = {args.proxy.split(":")[0]: proxy}
    elif default_proxies != None and (proxy_switch ==2 or proxy_switch==1):  #config.py
        proxy = default_proxies
        try:
            sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            sk.settimeout(2)
            ip = default_proxies['http'].split("/")[-2].split(":")[0]
            port = default_proxies['http'].split("/")[-2].split(":")[1]
            sk.connect((ip,int(port)))
            sk.close
        except:
            print "\r\n[!!!]Proxy Test Failed,Please Check!\r\n"
            proxy = {}
    else:
        proxy = {}

    #doing zone transfer checking
    zonetransfer(domain).check()

    for engine in [Alexa, Chaxunla, CrtSearch, DNSdumpster, Googlect, Ilink, Netcraft, PassiveDNS, Pgpsearch, Sitedossier, ThreatCrowd, Threatminer]:
        #print callsites_thread(engine,domain,proxy)
        t = threading.Thread(target=callsites_thread, args=(engine, domain, q_domains, q_emails, proxy))
        Threadlist.append(t)
    for engine in [search_ask,search_baidu,search_bing,search_bing_api,search_dogpile,search_duckduckgo,search_exalead,search_fofa,search_google,search_google_cse,
                   search_shodan,search_so,search_yahoo,search_yandex]:
        if proxy_switch == 1 and engine in proxy_default_enabled:
            pass
        else:
            proxy ={}
        t = threading.Thread(target=callengines_thread, args=(engine, domain, q_domains, q_emails, useragent, proxy, 500))
        #t.setDaemon(True) #变成守护进程,独立于主进程。这里好像不需要
        Threadlist.append(t)
    #for t in Threadlist:
    #    print t
    for t in Threadlist: # use start() not run()
        t.start()
    for t in Threadlist:
        t.join() #主线程将等待这个线程,直到这个线程运行结束

    while not q_domains.empty():
        subdomains.append(q_domains.get())
    emails = []
    while not q_emails.empty():
        emails.append(q_emails.get())


    if enable_bruteforce:
        print G+"[-] Starting bruteforce module now using subbrute.."+W
        record_type = False
        path_to_file = os.path.dirname(os.path.realpath(__file__))
        subs = os.path.join(path_to_file, 'subbrute', 'names.txt')
        resolvers = os.path.join(path_to_file, 'subbrute', 'resolvers.txt')
        process_count = 10
        output = False
        json_output = False
        bruteforce_list = subbrute.print_target(domain, record_type, subs, resolvers, process_count, output, json_output, subdomains)
        subdomains.extend(bruteforce_list)


    if subdomains is not None:
        subdomains = sorted(list(set(subdomains)))
        emails = sorted(list(set(emails)))
        subdomains.extend(emails) #this function return value is NoneType ,can't use in function directly
        #print type(subdomains)

        #write_file(savefile, subdomains)

        if ports:
            print G+"[-] Start port scan now for the following ports: %s%s"%(Y,ports)+W
            ports = ports.split(',') #list
            pscan = portscan(subdomains,ports)
            pscan.run()

        else:
            for subdomain in subdomains:
                print G+subdomain+W

    print "[+] {0} domains found in total".format(len(subdomains))
    print "[+] {0} emails found in total".format(len(emails))
    print "[+] Results saved to {0}".format(write_file(savefile, subdomains))
Exemple #4
0
def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce,
         engines, find_ip):
    bruteforce_list = set()
    search_list = set()

    if is_windows:
        subdomains_queue = list()
    else:
        subdomains_queue = multiprocessing.Manager().list()

    # Check Bruteforce Status
    if enable_bruteforce or enable_bruteforce is None:
        enable_bruteforce = True

    # Validate domain
    domain_check = re.compile(
        "^(http|https)?[a-zA-Z0-9]+([\-\.]{1}[a-zA-Z0-9]+)*\.[a-zA-Z]{2,}$")
    if not domain_check.match(domain):
        if not silent:
            print(R + "Error: Please enter a valid domain" + W)
        return []

    if not domain.startswith('http://') or not domain.startswith('https://'):
        domain = 'http://' + domain

    parsed_domain = urlparse.urlparse(domain)

    if not silent:
        print(B +
              "[-] Enumerating subdomains now for %s" % parsed_domain.netloc +
              W)

    if verbose and not silent:
        print(
            Y +
            "[-] verbosity is enabled, will show the subdomains results in realtime"
            + W)

    if savefile:
        if os.path.isfile(savefile):
            user_input = raw_input(
                "{}[-] File exists!{} Do you want to overwrite file {}{}{}? [y/n] "
                .format(R, W, Y, savefile, W))
            if user_input.lower().startswith('y'):
                os.remove(savefile)
            else:
                print(
                    "{}[-] Please re-run the script with different output file name{}"
                    .format(R, W))
                sys.exit(1)
        print("%s[-] Saving results to file: %s%s%s%s" %
              (Y, W, R, savefile, W))

    supported_engines = {
        'baidu': BaiduEnum,
        'yahoo': YahooEnum,
        'google': GoogleEnum,
        'bing': BingEnum,
        'ask': AskEnum,
        'netcraft': NetcraftEnum,
        'dnsdumpster': DNSdumpster,
        'virustotal': Virustotal,
        'threatcrowd': ThreatCrowd,
        'ssl': CrtSearch,
        'passivedns': PassiveDNS
    }

    chosen_enums = []

    if engines is None:
        chosen_enums = [
            BaiduEnum, YahooEnum, GoogleEnum, BingEnum, AskEnum, NetcraftEnum,
            DNSdumpster, Virustotal, ThreatCrowd, CrtSearch, PassiveDNS
        ]
    else:
        engines = engines.split(',')
        for engine in engines:
            if engine.lower() in supported_engines:
                chosen_enums.append(supported_engines[engine.lower()])

    # Start the engines enumeration
    enums = [
        enum(domain, [], q=subdomains_queue, silent=silent, verbose=verbose)
        for enum in chosen_enums
    ]
    for enum in enums:
        enum.start()
    for enum in enums:
        enum.join()

    subdomains = set(subdomains_queue)
    for subdomain in subdomains:
        search_list.add(subdomain)

    if enable_bruteforce:
        if not silent:
            print(G + "[-] Starting bruteforce module now using subbrute.." +
                  W)
        record_type = False
        path_to_file = os.path.dirname(os.path.realpath(__file__))
        subs = os.path.join(path_to_file, 'subbrute', 'names.txt')
        resolvers = os.path.join(path_to_file, 'subbrute', 'resolvers.txt')
        process_count = threads
        output = False
        json_output = False

        bruteforce_list = subbrute.print_target(parsed_domain.netloc,
                                                record_type, subs, resolvers,
                                                process_count, output,
                                                json_output, search_list,
                                                verbose)

    subdomains = search_list.union(bruteforce_list)

    if subdomains:
        subdomains = sorted(subdomains, key=subdomain_sorting_key)

        if not silent:
            print(Y +
                  "[-] Total Unique Subdomains Found: %s" % len(subdomains) +
                  W)

        if ports:
            if not silent:
                print(G +
                      "[-] Start port scan now for the following ports: %s%s" %
                      (Y, ports) + W)
            ports = ports.split(',')
            pscan = Portscan(subdomains, ports, savefile, find_ip)
            pscan.run()

        elif not silent:
            for subdomain in subdomains:
                if find_ip:
                    ip = get_host_by_name(subdomain)
                    print("{}{} ({}){}".format(G, subdomain, ip, W))
                    if savefile:
                        write_file(savefile, "{},{}".format(subdomain, ip))
                else:
                    print("{}{}{}".format(G, subdomain, W))
                    if savefile:
                        write_file(savefile, "{},{}".format(subdomain, ip))

    return subdomains
def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce, engines):
    bruteforce_list = set()
    search_list = set()

    if is_windows:
        subdomains_queue = list()
    else:
        subdomains_queue = multiprocessing.Manager().list()

    # Check Bruteforce Status
    if enable_bruteforce or enable_bruteforce is None:
        enable_bruteforce = True

    # Validate domain
    domain_check = re.compile("^(http|https)?[a-zA-Z0-9]+([\-\.]{1}[a-zA-Z0-9]+)*\.[a-zA-Z]{2,}$")
    if not domain_check.match(domain):
        if not silent:
            print(R + "Error: Please enter a valid domain" + W)
        return []

    if not domain.startswith('http://') or not domain.startswith('https://'):
        domain = 'http://' + domain

    parsed_domain = urlparse.urlparse(domain)

    if not silent:
        print(B + "[-] Enumerating subdomains now for %s" % parsed_domain.netloc + W)

    if verbose and not silent:
        print(Y + "[-] verbosity is enabled, will show the subdomains results in realtime" + W)

    supported_engines = {'baidu': BaiduEnum,
                         'yahoo': YahooEnum,
                         'google': GoogleEnum,
                         'bing': BingEnum,
                         'ask': AskEnum,
                         'netcraft': NetcraftEnum,
                         'dnsdumpster': DNSdumpster,
                         'virustotal': Virustotal,
                         'threatcrowd': ThreatCrowd,
                         'ssl': CrtSearch,
                         'passivedns': PassiveDNS
                         }

    chosenEnums = []

    if engines is None:
        chosenEnums = [
            BaiduEnum, YahooEnum, GoogleEnum, BingEnum, AskEnum,
            NetcraftEnum, DNSdumpster, Virustotal, ThreatCrowd,
            CrtSearch, PassiveDNS
        ]
    else:
        engines = engines.split(',')
        for engine in engines:
            if engine.lower() in supported_engines:
                chosenEnums.append(supported_engines[engine.lower()])

    # Start the engines enumeration
    enums = [enum(domain, [], q=subdomains_queue, silent=silent, verbose=verbose) for enum in chosenEnums]
    for enum in enums:
        enum.start()
    for enum in enums:
        enum.join()

    subdomains = set(subdomains_queue)
    for subdomain in subdomains:
        search_list.add(subdomain)

    if enable_bruteforce:
        if not silent:
            print(G + "[-] Starting bruteforce module now using subbrute.." + W)
        record_type = False
        path_to_file = os.path.dirname(os.path.realpath(__file__))
        subs = os.path.join(path_to_file, 'subbrute', 'names.txt')
        resolvers = os.path.join(path_to_file, 'subbrute', 'resolvers.txt')
        process_count = threads
        output = False
        json_output = False
        bruteforce_list = subbrute.print_target(parsed_domain.netloc, record_type, subs, resolvers, process_count, output, json_output, search_list, verbose)

    subdomains = search_list.union(bruteforce_list)

    if subdomains:
        subdomains = sorted(subdomains, key=subdomain_sorting_key)

        if savefile:
            write_file(savefile, subdomains)

        if not silent:
            print(Y + "[-] Total Unique Subdomains Found: %s" % len(subdomains) + W)

        if ports:
            if not silent:
                print(G + "[-] Start port scan now for the following ports: %s%s" % (Y, ports) + W)
            ports = ports.split(',')
            pscan = portscan(subdomains, ports)
            pscan.run()

        elif not silent:
            for subdomain in subdomains:
                print(G + subdomain + W)
    return subdomains
    def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce, engines):
        bruteforce_list = set()
        search_list = set()

        if is_windows:
            subdomains_queue = list()
        else:
            subdomains_queue = multiprocessing.Manager().list()

        # Check Bruteforce Status
        if enable_bruteforce or enable_bruteforce is None:
            enable_bruteforce = True

        # Validate domain
        domain_check = re.compile("^(http|https)?[a-zA-Z0-9]+([\-\.]{1}[a-zA-Z0-9]+)*\.[a-zA-Z]{2,}$")
        if not domain_check.match(domain):
            if not silent:
                print(R + "Error: Please enter a valid domain" + W)
            return []

        if not domain.startswith('http://') or not domain.startswith('https://'):
            domain = 'http://' + domain

        parsed_domain = urlparse.urlparse(domain)

        if not silent:
            # print(B + "[-] Enumerating subdomains now for %s" % parsed_domain.netloc + W)
            print("Enumerating subdomains now..")

        if verbose and not silent:
            print(Y + "[-] verbosity is enabled, will show the subdomains results in realtime" + W)

        supported_engines = {'baidu': BaiduEnum,
                            'yahoo': YahooEnum,
                            'google': GoogleEnum,
                            'bing': BingEnum,
                            'ask': AskEnum,
                            'netcraft': NetcraftEnum,
                            'dnsdumpster': DNSdumpster,
                            'virustotal': Virustotal,
                            'threatcrowd': ThreatCrowd,
                            'ssl': CrtSearch,
                            'passivedns': PassiveDNS
                            }

        chosenEnums = []

        if engines is None:
            chosenEnums = [
                BaiduEnum, YahooEnum, GoogleEnum, BingEnum, AskEnum,
                NetcraftEnum, DNSdumpster, Virustotal, ThreatCrowd,
                CrtSearch, PassiveDNS
            ]
        else:
            engines = engines.split(',')
            for engine in engines:
                if engine.lower() in supported_engines:
                    chosenEnums.append(supported_engines[engine.lower()])

        # Start the engines enumeration
        enums = [enum(domain, [], q=subdomains_queue, silent=silent, verbose=verbose) for enum in chosenEnums]
        for enum in enums:
            enum.start()
        for enum in enums:
            enum.join()

        subdomains = set(subdomains_queue)
        for subdomain in subdomains:
            search_list.add(subdomain)

        if enable_bruteforce:
            if not silent:
                print(G + "[-] Starting bruteforce module now using subbrute.." + W)
            record_type = False
            path_to_file = os.path.dirname(os.path.realpath(__file__))
            subs = os.path.join(path_to_file, 'subbrute', 'names.txt')
            resolvers = os.path.join(path_to_file, 'subbrute', 'resolvers.txt')
            process_count = threads
            output = False
            json_output = False
            bruteforce_list = subbrute.print_target(parsed_domain.netloc, record_type, subs, resolvers, process_count, output, json_output, search_list, verbose)

        subdomains = search_list.union(bruteforce_list)

        if subdomains:
            subdomains = sorted(subdomains, key=subdomain_sorting_key)

            if savefile:
                write_file(savefile, subdomains)

            if not silent:
                print(Y + "[-] Total Unique Subdomains Found %s" % len(subdomains) + W)

            if ports:
                if not silent:
                    print(G + "[-] Start port scan now for the following ports: %s%s" % (Y, ports) + W)
                ports = ports.split(',')
                pscan = portscan(subdomains, ports)
                pscan.run()

            # elif not silent:
        #         # print(subdomains)
        #         for subdomain in subdomains:
        #             print(G + subdomain + W)
        # return subdomains
                
            elif not silent:
                sub=""
                for subdomain in subdomains:
                    sub+=subdomain + "\n"
    #########################################Email module started#################################

                MY_ADDRESS = '*****@*****.**' #CHANGE ME
                PASSWORD = '******' #CHANGE ME
    
                s = smtplib.SMTP(host='smtp.host.com', port=587)  #CHANGE ME
                # s.ehlo()
                s.starttls()
                # s.ehlo()
                s.login(MY_ADDRESS, PASSWORD)
    
                #The email address where you want to receive the results.
                email="*****@*****.**" #CHANGE ME
                msg = MIMEMultipart()
                msg['From']=MY_ADDRESS
                msg['To']=email
                msg['Subject']="Subdomain results for:" + domain
    
                # add in the message body
                msg.attach(MIMEText(sub))
    
                # send the message via the server set up earlier.
                s.send_message(msg)
                print("email sent successfully")
                del msg
    
                # Terminate the SMTP session and close the connection
                s.quit()
Exemple #7
0
def main():
    args = parse_args()
    domain = args.domain
    #threads = args.threads
    savefile = args.output
    ports = args.ports
    bruteforce_list = []
    subdomains = []

    if not savefile:
        now = datetime.datetime.now()
        timestr = now.strftime("%Y-%m-%d-%H-%M")
        savefile = domain+timestr+".txt"

    if args.proxy != None:
        proxy = args.proxy
        proxy = {args.proxy.split(":")[0]: proxy}
    else:
        proxy = proxies

    #Check Verbosity
    #global verbose
    #verbose = args.verbose
    #if verbose or verbose is None:
        #verbose = True

    #Check Bruteforce Status
    enable_bruteforce = args.bruteforce
    if enable_bruteforce or enable_bruteforce is None:
        enable_bruteforce = True

    #Validate domain
    if not is_domain(domain):
        print R+"Error: Please enter a valid domain"+W
        sys.exit()


    #Print the Banner
    banner()
    waring = "[!] legal disclaimer: Usage of Teemo for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program"
    print waring
    print B+"[-] Enumerating subdomains now for %s"% domain+W

    '''
    subdomains.extend(callsites(domain,proxy))
    domains,emails = callengines(domain,500,proxy)
    subdomains.extend(domains)
    #print subdomains
    '''

    Threadlist = []
    q_domains = queue.Queue() #to recevie return values
    q_emails = queue.Queue()
    for engine in [Alexa,Chaxunla,CrtSearch,DNSdumpster,Googlect,Ilink,Netcraft,PassiveDNS,Pgpsearch,Sitedossier,ThreatCrowd,Threatminer]:
        #print callsites_thread(engine,domain,proxy)
        t = threading.Thread(target=callsites_thread,args=(engine, domain, q_domains, q_emails, proxy))
        Threadlist.append(t)
    for engine in [baidu_search, ask_search, bing_search, dogpile_search, exalead_search, google_search, yandex_search, yahoo_search]:
        t = threading.Thread(target=callengines_thread,args=(engine, domain, q_domains, q_emails, proxy, 500))
        Threadlist.append(t)
    #for t in Threadlist:
    #    print t
    for t in Threadlist: # use start() not run()
        t.start()
    for t in Threadlist:
        t.join()

    while not q_domains.empty():
        subdomains.append(q_domains.get())
    emails = []
    while not q_emails.empty():
        emails.append(q_emails.get())


    if enable_bruteforce:
        print G+"[-] Starting bruteforce module now using subDomainsBrute.."+W
        record_type = False
        path_to_file = os.path.dirname(os.path.realpath(__file__))
        subs = os.path.join(path_to_file, 'dict', 'names.txt')
        resolvers = os.path.join(path_to_file, 'resolvers.txt')
        process_count = 10
        output = False
        json_output = False
        bruteforce_list = subbrute.print_target(domain, record_type, subs, resolvers, process_count, output, json_output, subdomains)
        subdomains.extend(bruteforce_list)


    if subdomains is not None:
        subdomains = sorted(list(set(subdomains)))
        emails = sorted(list(set(emails)))
        subdomains.extend(emails) #this function return value is NoneType ,can't use in function directly
        #print type(subdomains)

        write_file(savefile, subdomains)

        if ports:
            print G+"[-] Start port scan now for the following ports: %s%s"%(Y,ports)+W
            ports = ports.split(',') #list
            pscan = portscan(subdomains,ports)
            pscan.run()

        else:
            for subdomain in subdomains:
                print G+subdomain+W

    print "[+] {0} domains found in total".format(len(subdomains))
    print "[+] {0} emails found in total".format(len(emails))
    print "[+] Results saved to {0} in {1}".format(savefile,os.getcwd())
Exemple #8
0
def main():
    args = parse_args()
    domain = args.domain
    threads = args.threads
    savefile = args.output
    google_list = []
    bing_list = []
    baidu_list = []
    bruteforce_list = set()
    subdomains_queue = multiprocessing.Queue()

    #Check Verbosity
    global verbose
    verbose = args.verbose
    if verbose or verbose is None:
        verbose = True

    #Check Bruteforce Status
    enable_bruteforce = args.bruteforce
    if enable_bruteforce or enable_bruteforce is None:
        enable_bruteforce = True

    #Validate domain
    domain_check = re.compile(
        "^(http|https)?[a-zA-Z0-9]+([\-\.]{1}[a-zA-Z0-9]+)*\.[a-zA-Z]{2,}$")
    if not domain_check.match(domain):
        print R + "Error: Please enter a valid domain" + W
        sys.exit()

    if not domain.startswith('http://') or not domain.startswith('https://'):
        domain = 'http://' + domain

    #Print the Banner
    banner()
    parsed_domain = urlparse.urlparse(domain)

    print B + "[-] Enumerating subdomains now for %s" % parsed_domain.netloc + W

    if verbose:
        print Y + "[-] verbosity is enabled, will show the subdomains results in realtime" + W

    #Start the engines enumeration
    enums = [
        enum(domain, verbose, q=subdomains_queue) for enum in BaiduEnum,
        YahooEnum, GoogleEnum, BingEnum, AskEnum, NetcraftEnum, DNSdumpster
    ]
    for enum in enums:
        enum.start()
    for enum in enums:
        enum.join()

    search_list = set()
    while not subdomains_queue.empty():
        search_list = search_list.union(subdomains_queue.get())

    if enable_bruteforce:
        print G + "[-] Starting bruteforce module now using subbrute.." + W
        record_type = False
        path_to_file = os.path.dirname(os.path.realpath(__file__))
        subs = os.path.join(path_to_file, 'subbrute', 'names.txt')
        resolvers = os.path.join(path_to_file, 'subbrute', 'resolvers.txt')
        process_count = threads
        output = False
        json_output = False
        bruteforce_list = subbrute.print_target(parsed_domain.netloc,
                                                record_type, subs, resolvers,
                                                process_count, output,
                                                json_output, search_list,
                                                verbose)

    subdomains = search_list.union(bruteforce_list)

    if subdomains:
        if savefile:
            write_file(savefile, subdomains)
        print Y + "[-] Total Unique Subdomains Found: %s" % len(subdomains) + W
        subdomains = sorted(set(subdomains))
        for subdomain in subdomains:
            print G + subdomain + W
Exemple #9
0
def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce):
    bruteforce_list = set()
    search_list = set()

    if is_windows:
        subdomains_queue = list()
    else:
        subdomains_queue = multiprocessing.Manager().list()
    

    #Check Bruteforce Status
    
    if enable_bruteforce or enable_bruteforce is None:
        enable_bruteforce = True

    #Validate domain
    domain_check = re.compile("^(http|https)?[a-zA-Z0-9]+([\-\.]{1}[a-zA-Z0-9]+)*\.[a-zA-Z]{2,}$")
    if not domain_check.match(domain):
        if not silent: print(R+"Error: Please enter a valid domain"+W)
        return []

    if not domain.startswith('http://') or not domain.startswith('https://'):
        domain = 'http://'+domain

    parsed_domain = urlparse.urlparse(domain)

    if not silent: print(B+"[-] Enumerating subdomains now for %s"%parsed_domain.netloc+W)

    if verbose and not silent:
        print(Y+"[-] verbosity is enabled, will show the subdomains results in realtime"+W)

    #Start the engines enumeration
    enums = [enum(domain, [], q=subdomains_queue, silent=silent, verbose=verbose) for enum in (BaiduEnum, YahooEnum, GoogleEnum, BingEnum, AskEnum, NetcraftEnum, DNSdumpster, Virustotal, ThreatCrowd, CrtSearch, PassiveDNS)]
    for enum in enums:
        enum.start()
    for enum in enums:
        enum.join()

    subdomains =  set(subdomains_queue)
    for subdomain in subdomains:
        search_list.add(subdomain)

    if enable_bruteforce:
        if not silent: print(G+"[-] Starting bruteforce module now using subbrute.."+W)
        record_type = False
        path_to_file = os.path.dirname(os.path.realpath(__file__))
        subs = os.path.join(path_to_file, 'subbrute', 'names.txt')
        resolvers = os.path.join(path_to_file, 'subbrute', 'resolvers.txt')
        process_count = threads
        output = False
        json_output = False
        bruteforce_list = subbrute.print_target(parsed_domain.netloc, record_type, subs, resolvers, process_count, output, json_output, search_list, verbose)

    subdomains = search_list.union(bruteforce_list)

    if subdomains:
        subdomains = sorted(
            subdomains,
            key=functools.cmp_to_key(subdomain_cmp),
        )
        if savefile:
            write_file(savefile, subdomains)

        if not silent: print(Y+"[-] Total Unique Subdomains Found: %s"%len(subdomains)+W)

        if ports:
            if not silent: print(G+"[-] Start port scan now for the following ports: %s%s"%(Y,ports)+W)
            ports = ports.split(',')
            pscan = portscan(subdomains,ports)
            pscan.run()

        elif not silent:
            for subdomain in subdomains:
                print(G+subdomain+W)
    return subdomains
Exemple #10
0
def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce,
         engines):
    bruteforce_list = set()
    search_list = set()

    if is_windows:
        subdomains_queue = list()
    else:
        subdomains_queue = multiprocessing.Manager().list()

    # Check Bruteforce Status
    if enable_bruteforce or enable_bruteforce is None:
        enable_bruteforce = True

    # Validate domain
    domain_check = re.compile(
        "^(http|https)?[a-zA-Z0-9]+([\-\.]{1}[a-zA-Z0-9]+)*\.[a-zA-Z]{2,}$")
    if not domain_check.match(domain):
        if not silent:
            print(R + "Error: Please enter a valid domain" + W)
        return []

    if not domain.startswith('http://') or not domain.startswith('https://'):
        domain = 'http://' + domain

    parsed_domain = urlparse.urlparse(domain)

    if not silent:
        print(B +
              "[-] Enumerating subdomains now for %s" % parsed_domain.netloc +
              W)

    if verbose and not silent:
        print(
            Y +
            "[-] verbosity is enabled, will show the subdomains results in realtime"
            + W)

    supported_engines = {
        'baidu': BaiduEnum,
        'yahoo': YahooEnum,
        'google': GoogleEnum,
        'bing': BingEnum,
        'ask': AskEnum,
        'netcraft': NetcraftEnum,
        'dnsdumpster': DNSdumpster,
        'virustotal': Virustotal,
        'threatcrowd': ThreatCrowd,
        'ssl': CrtSearch,
        'passivedns': PassiveDNS
    }

    chosenEnums = []

    if engines is None:
        chosenEnums = [
            BaiduEnum, YahooEnum, GoogleEnum, BingEnum, AskEnum, NetcraftEnum,
            DNSdumpster, Virustotal, ThreatCrowd, CrtSearch, PassiveDNS
        ]
    else:
        engines = engines.split(',')
        for engine in engines:
            if engine.lower() in supported_engines:
                chosenEnums.append(supported_engines[engine.lower()])

    # Start the engines enumeration
    enums = [
        enum(domain, [], q=subdomains_queue, silent=silent, verbose=verbose)
        for enum in chosenEnums
    ]
    for enum in enums:
        enum.start()
    for enum in enums:
        enum.join()

    subdomains = set(subdomains_queue)
    for subdomain in subdomains:
        search_list.add(subdomain)

    if enable_bruteforce:
        if not silent:
            print(G + "[-] Starting bruteforce module now using subbrute.." +
                  W)
        record_type = False
        path_to_file = os.path.dirname(os.path.realpath(__file__))
        subs = os.path.join(path_to_file, 'subbrute', 'names.txt')
        resolvers = os.path.join(path_to_file, 'subbrute', 'resolvers.txt')
        process_count = threads
        output = False
        json_output = False
        bruteforce_list = subbrute.print_target(parsed_domain.netloc,
                                                record_type, subs, resolvers,
                                                process_count, output,
                                                json_output, search_list,
                                                verbose)

    subdomains = search_list.union(bruteforce_list)

    if subdomains:
        subdomains = sorted(
            subdomains,
            key=functools.cmp_to_key(subdomain_cmp),
        )
        if savefile:
            write_file(savefile, subdomains)

        if not silent:
            print(Y +
                  "[-] Total Unique Subdomains Found: %s" % len(subdomains) +
                  W)

        if ports:
            if not silent:
                print(G +
                      "[-] Start port scan now for the following ports: %s%s" %
                      (Y, ports) + W)
            ports = ports.split(',')
            pscan = portscan(subdomains, ports)
            pscan.run()

        elif not silent:
            table = Texttable()
            table.set_deco(Texttable.HEADER)
            for subdomain in subdomains:
                try:
                    geo = geolite2.lookup(socket.gethostbyname(subdomain))
                    if geo:
                        table.add_rows(
                            [["Subdomain", "IP Address", "Location"],
                             [
                                 subdomain,
                                 socket.gethostbyname(subdomain),
                                 str(geo.country) + " - " + str(geo.location)
                             ]])
                    else:
                        table.add_rows(
                            [["Subdomain", "IP Address", "Location"],
                             [subdomain,
                              socket.gethostbyname(subdomain), "-"]])
                except socket.gaierror:
                    table.add_rows([["Subdomain", "IP Address", "Location"],
                                    [subdomain, "-", "-"]])
            print(G + table.draw() + W)
    return subdomains
Exemple #11
0
    def scan(self):
        bruteforce_list = set()
        search_list = set()

        if is_windows:
            subdomains_queue = list()
        else:
            subdomains_queue = multiprocessing.Manager().list()

        # Check Bruteforce Status
        # if self.scan_flags.BruteForce or self.scan_flags.BruteForce is None:
        #     self.scan_flags.BruteForce = True

        # Check Takeover Status
        # if self.scan_flags.TakeoverCheck or self.scan_flags.TakeoverCheck is None:
        #     self.scan_flags.TakeoverCheck = True

        # Validate domain
        domain_check = re.compile(
            "^(http|https)?[a-zA-Z0-9]+([\-.][a-zA-Z0-9]+)*\.[a-zA-Z]{2,}$")
        if not domain_check.match(self.domain):
            if not self.scan_flags.Silent:
                print(self.logger.R + "Error: Please enter a valid domain" +
                      self.logger.W)
            return []

        if not self.domain.startswith(
                'http://') and not self.domain.startswith('https://'):
            self.domain = 'http://' + self.domain

        parsed_domain = urlparse.urlparse(self.domain)

        if not self.scan_flags.Silent:
            print(self.logger.B + "[-] Enumerating subdomains now for %s" %
                  parsed_domain.netloc + self.logger.W)

        if self.scan_flags.Verbose and not self.scan_flags.Silent:
            print(
                self.logger.Y +
                "[-] verbosity is enabled, will show the subdomains results in realtime"
                + self.logger.W)

        chosenEnums = []

        if self.scan_flags.Engines is None:
            chosenEnums = Engines.supported_engines.values()
        else:
            engines = self.scan_flags.Engines.split(',')
            for engine in engines:
                if engine.lower() in Engines.supported_engines:
                    chosenEnums.append(
                        Engines.supported_engines[engine.lower()])

        # Start the engines enumeration
        enums = [
            enum(self.domain, [],
                 q=subdomains_queue,
                 silent=self.scan_flags.Silent,
                 logger=self.logger) for enum in chosenEnums
        ]
        for e in enums:
            e.start()
        for e in enums:
            e.join()

        subdomains = set(subdomains_queue)
        for subdomain in subdomains:
            search_list.add(subdomain)

        if self.scan_flags.BruteForce:
            if not self.scan_flags.Silent:
                print(self.logger.G +
                      "[-] Starting bruteforce module now using subbrute.." +
                      self.logger.W)
            record_type = False
            path_to_file = os.path.dirname(os.path.realpath(__file__))
            subs = os.path.join(path_to_file, 'subbrute', 'names.txt')
            resolvers = os.path.join(path_to_file, 'subbrute', 'resolvers.txt')
            process_count = self.scan_flags.ThreadCount
            output = False
            json_output = False
            bruteforce_list = subbrute.print_target(parsed_domain.netloc,
                                                    record_type, subs,
                                                    resolvers, process_count,
                                                    output, json_output,
                                                    search_list,
                                                    self.scan_flags.Verbose)

        subdomains = search_list.union(bruteforce_list)

        if subdomains:
            subdomains = sorted(subdomains, key=Util.subdomain_sorting_key)

            if self.scan_flags.SaveFile:
                print("%s[-] Saving results to file: %s%s%s%s" %
                      (self.logger.Y, self.logger.W, self.logger.R,
                       self.scan_flags.SaveFile, self.logger.W))
                Util.write_file(self.scan_flags.SaveFile, subdomains)

            if not self.scan_flags.Silent:
                print(self.logger.Y + "[-] Total Unique Subdomains Found: %s" %
                      len(subdomains) + self.logger.W)

            if self.scan_flags.TakeoverCheck:
                print(
                    self.logger.G +
                    "[-] Checking for subdomains pointing to unregistered services"
                    + self.logger.W)
                for subdomain in subdomains:
                    if self.scan_flags.Verbose:
                        print(self.logger.G + "[-] Checking " + subdomain +
                              self.logger.W)

                    services = Util.get_url_signatures("http://" + subdomain)
                    if len(services) > 0:
                        for service in services:
                            print(self.logger.Y +
                                  "[-] Found unregistered service \"" +
                                  service + "\" on subdomain " + subdomain +
                                  self.logger.W)

            if self.scan_flags.Ports:
                if not self.scan_flags.Silent:
                    print(
                        self.logger.G +
                        "[-] Starting port scan for the following ports: %s%s" %
                        (self.logger.Y, self.scan_flags.Ports) + self.logger.W)
                ports = self.scan_flags.Ports.split(',')
                pscan = PortScanner(subdomains, ports, self.logger)
                pscan.run()

            elif not self.scan_flags.Silent:
                for subdomain in subdomains:
                    print(self.logger.G + subdomain + self.logger.W)
        return subdomains
Exemple #12
0
def main():
    args = parse_args()
    domain = args.domain
    threads = args.threads
    savefile = args.output
    resolve = args.resolve
    resolvedfile = args.rsave
    ports = args.ports
    google_list = []
    bing_list = []
    baidu_list = []
    bruteforce_list = set()
    search_list = set()

    if is_windows:
        subdomains_queue = list()
    else:
        subdomains_queue = multiprocessing.Manager().list()

    #Check Verbosity
    global verbose
    verbose = args.verbose
    if verbose or verbose is None:
        verbose = True

    #Check Bruteforce Status
    enable_bruteforce = args.bruteforce
    if enable_bruteforce or enable_bruteforce is None:
        enable_bruteforce = True

    #Validate domain
    domain_check = re.compile("^(http|https)?[a-zA-Z0-9]+([\-\.]{1}[a-zA-Z0-9]+)*\.[a-zA-Z]{2,}$")
    if not domain_check.match(domain):
        print R+"Error: Please enter a valid domain"+W
        sys.exit()

    if not domain.startswith('http://') or not domain.startswith('https://'):
        domain = 'http://'+domain

    #Print the Banner
    banner()
    parsed_domain = urlparse.urlparse(domain)

    print B+"[-] Enumerating subdomains now for %s"%parsed_domain.netloc+W

    if verbose:
        print Y+"[-] verbosity is enabled, will show the subdomains results in realtime"+W

    #Start the engines enumeration
    enums = [enum(domain, verbose, q=subdomains_queue) for enum in BaiduEnum, YahooEnum, GoogleEnum, BingEnum, AskEnum, NetcraftEnum, DNSdumpster, Virustotal, ThreatCrowd, CrtSearch, PassiveDNS]
    for enum in enums:
        enum.start()
    for enum in enums:
        enum.join()

    subdomains =  set(subdomains_queue)
    for subdomain in subdomains:
        search_list.add(subdomain)

    if enable_bruteforce:
        print G+"[-] Starting bruteforce module now using subbrute.."+W
        record_type = False
        path_to_file = os.path.dirname(os.path.realpath(__file__))
        subs = os.path.join(path_to_file, 'subbrute', 'names.txt')
        resolvers = os.path.join(path_to_file, 'subbrute', 'resolvers.txt')
        process_count = threads
        output = False
        json_output = False
        bruteforce_list = subbrute.print_target(parsed_domain.netloc, record_type, subs, resolvers, process_count, output, json_output, search_list, verbose)

    subdomains = search_list.union(bruteforce_list)

    if subdomains:
        subdomains = sorted(subdomains)
        if savefile:
            write_file(savefile, subdomains)

        if resolvedfile:
            write_ipfile(resolvedfile, subdomains)

	if resolve:
	    for subdomain in subdomains:
	        try:
	            print G+subdomain+" with the IP address of: "+socket.gethostbyname(subdomain)+""+W
	        except:
	            print G+subdomain+" could not be resolved. Maybe a private hostname."+W


        print Y+"[-] Total Unique Subdomains Found: %s"%len(subdomains)+W

        if ports:
            print G+"[-] Start port scan now for the following ports: %s%s"%(Y,ports)+W
            ports = ports.split(',')
            pscan = portscan(subdomains,ports)
            pscan.run()

        else:
            for subdomain in subdomains:
                print G+subdomain+W
Exemple #13
0
def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce,
         engines):
    bruteforce_list = set()
    search_list = set()

    if is_windows:
        subdomains_queue = list()
    else:
        subdomains_queue = multiprocessing.Manager().list()

    # Check Bruteforce Status
    if enable_bruteforce or enable_bruteforce is None:
        enable_bruteforce = True

    # Validate domain
    domain_check = re.compile(
        "^(http|https)?[a-zA-Z0-9]+([\-\.]{1}[a-zA-Z0-9]+)*\.[a-zA-Z]{2,}$")
    if not domain_check.match(domain):
        if not silent:
            print(R + "Error: Please enter a valid domain" + W)
        return []

    if not domain.startswith('http://') or not domain.startswith('https://'):
        domain = 'http://' + domain

    parsed_domain = urlparse.urlparse(domain)

    if not silent:
        api = 'http://ip-api.com/json/'
        print(B +
              "[-] Enumerating subdomains now for %s" % parsed_domain.netloc +
              W)
        print("Ip address for %s" % parsed_domain.netloc + R)
        response_text = requests.get(api + parsed_domain.netloc).text
        response_json = json.loads(response_text)
        if response_json.get('status') == "success":
            print("Request Successful Displaying Response:\n")
        else:
            print("[!] The Request Failed. Try again with a different IP "
                  "or check your internet connection. [!]")
            exit(1)
        print("IP: {query}".format(**response_json))
        print("ISP/Server: {isp}\n".format(**response_json))
        print("Location: {city}, {regionName} {country} {zip}".format(
            **response_json))
        details = requests.get("https://www." + parsed_domain.netloc)
        print(details.headers)

    if verbose and not silent:
        print(
            Y +
            "[-] verbosity is enabled, will show the subdomains results in realtime"
            + W)

    supported_engines = {
        'baidu': BaiduEnum,
        'yahoo': YahooEnum,
        'google': GoogleEnum,
        'bing': BingEnum,
        'ask': AskEnum,
        'netcraft': NetcraftEnum,
        'dnsdumpster': DNSdumpster,
        'virustotal': Virustotal,
        'threatcrowd': ThreatCrowd,
        'ssl': CrtSearch,
        'passivedns': PassiveDNS
    }

    chosenEnums = []

    if engines is None:
        chosenEnums = [
            BaiduEnum, YahooEnum, GoogleEnum, BingEnum, AskEnum, NetcraftEnum,
            DNSdumpster, Virustotal, ThreatCrowd, CrtSearch, PassiveDNS
        ]
    else:
        engines = engines.split(',')
        for engine in engines:
            if engine.lower() in supported_engines:
                chosenEnums.append(supported_engines[engine.lower()])

    # Start the engines enumeration
    enums = [
        enum(domain, [], q=subdomains_queue, silent=silent, verbose=verbose)
        for enum in chosenEnums
    ]
    for enum in enums:
        enum.start()
    for enum in enums:
        enum.join()

    subdomains = set(subdomains_queue)
    for subdomain in subdomains:
        search_list.add(subdomain)

    if enable_bruteforce:
        if not silent:
            print(G + "[-] Starting bruteforce module now using subbrute.." +
                  W)
        record_type = False
        path_to_file = os.path.dirname(os.path.realpath(__file__))
        subs = os.path.join(path_to_file, 'subbrute', 'names.txt')
        resolvers = os.path.join(path_to_file, 'subbrute', 'resolvers.txt')
        process_count = threads
        output = False
        json_output = False
        bruteforce_list = subbrute.print_target(parsed_domain.netloc,
                                                record_type, subs, resolvers,
                                                process_count, output,
                                                json_output, search_list,
                                                verbose)

    subdomains = search_list.union(bruteforce_list)

    if subdomains:
        subdomains = sorted(subdomains, key=subdomain_sorting_key)

        if savefile:
            write_file(savefile, subdomains)

        if not silent:
            print(Y +
                  "[-] Total Unique Subdomains Found: %s" % len(subdomains) +
                  W)

        if ports:
            if not silent:
                print(G +
                      "[-] Start port scan now for the following ports: %s%s" %
                      (Y, ports) + W)
            ports = ports.split(',')
            pscan = portscan(subdomains, ports)
            pscan.run()

        elif not silent:
            for subdomain in subdomains:
                print(G + subdomain + W)
    return subdomains
Exemple #14
0
def main():
    args = parse_args()
    domain = args.domain
    #threads = args.threads
    savefile = args.output
    ports = args.ports
    bruteforce_list = []
    subdomains = []

    if args.proxy != None:
        proxy = args.proxy
        proxy = {args.proxy.split(":")[0]: proxy}
    else:
        proxy = proxies

    #Check Verbosity
    #global verbose
    #verbose = args.verbose
    #if verbose or verbose is None:
    #verbose = True

    #Check Bruteforce Status
    enable_bruteforce = args.bruteforce
    if enable_bruteforce or enable_bruteforce is None:
        enable_bruteforce = True

    #Validate domain
    if not is_domain(domain):
        print R + "Error: Please enter a valid domain" + W
        sys.exit()

    #Print the Banner
    banner()
    print B + "[-] Enumerating subdomains now for %s" % domain + W
    '''
    subdomains.extend(callsites(domain,proxy))
    domains,emails = callengines(domain,500,proxy)
    subdomains.extend(domains)
    #print subdomains
    '''

    Threadlist = []
    q_domains = queue.Queue()  #to recevie return values
    q_emails = queue.Queue()
    for engine in [
            Alexa, Chaxunla, CrtSearch, DNSdumpster, Googlect, Ilink, Netcraft,
            PassiveDNS, Pgpsearch, Sitedossier, ThreatCrowd, Threatminer
    ]:
        #print callsites_thread(engine,domain,proxy)
        t = threading.Thread(target=callsites_thread,
                             args=(engine, domain, q_domains, q_emails, proxy))
        Threadlist.append(t)
    for engine in [
            baidu_search, ask_search, bing_search, dogpile_search,
            exalead_search, google_search, yandex_search, yahoo_search
    ]:
        t = threading.Thread(target=callengines_thread,
                             args=(engine, domain, q_domains, q_emails, proxy,
                                   500))
        Threadlist.append(t)
    #for t in Threadlist:
    #    print t
    for t in Threadlist:  # use start() not run()
        t.start()
    for t in Threadlist:
        t.join()

    while not q_domains.empty():
        subdomains.append(q_domains.get())
    emails = []
    while not q_emails.empty():
        emails.append(q_emails.get())

    if enable_bruteforce:
        print G + "[-] Starting bruteforce module now using subDomainsBrute.." + W
        record_type = False
        path_to_file = os.path.dirname(os.path.realpath(__file__))
        subs = os.path.join(path_to_file, 'dict', 'names.txt')
        resolvers = os.path.join(path_to_file, 'resolvers.txt')
        process_count = 10
        output = False
        json_output = False
        bruteforce_list = subbrute.print_target(domain, record_type, subs,
                                                resolvers, process_count,
                                                output, json_output,
                                                subdomains)

        subdomains.extend(bruteforce_list)
        print subdomains
        print len(subdomains)

    print "[+] {0} domains found in total".format(len(subdomains))
    print "[+] {0} emails found in total".format(len(emails))

    if subdomains is not None:
        subdomains = sorted(list(set(subdomains)))
        emails = sorted(list(set(emails)))
        subdomains.extend(
            emails
        )  #this function return value is NoneType ,can't use in function directly
        #print type(subdomains)
        if savefile:
            write_file(savefile, subdomains)
        else:
            write_file(domain, subdomains)

        if ports:
            print G + "[-] Start port scan now for the following ports: %s%s" % (
                Y, ports) + W
            ports = ports.split(',')  #list
            pscan = portscan(subdomains, ports)
            pscan.run()

        else:
            for subdomain in subdomains:
                print G + subdomain + W
Exemple #15
0
def main(domain,
         threads,
         savefile,
         ports,
         silent=False,
         verbose=False,
         enable_bruteforce=False,
         enable_rdns=True,
         enable_ranges=False,
         engines=None):
    bruteforce_list = set()
    search_list = set()

    if is_windows:
        subdomains_queue = list()
    else:
        subdomains_queue = multiprocessing.Manager().list()

    # Check Bruteforce Status
    if enable_bruteforce or enable_bruteforce is None:
        enable_bruteforce = True

    # Validate domain
    domain_check = re.compile(
        "^(http|https)?[a-zA-Z0-9]+([\-\.]{1}[a-zA-Z0-9]+)*\.[a-zA-Z]{2,}$")
    if not domain_check.match(domain):
        if not silent:
            print(R + "Error: Please enter a valid domain" + W)
        return []

    if not domain.startswith('http://') or not domain.startswith('https://'):
        domain = 'http://' + domain

    parsed_domain = urlparse.urlparse(domain)

    if not silent:
        print(B +
              "[-] Enumerating subdomains now for %s" % parsed_domain.netloc +
              W)

    if verbose and not silent:
        print(
            Y +
            "[-] verbosity is enabled, will show the subdomains results in realtime"
            + W)

    supported_engines = {
        'baidu': BaiduEnum,
        'yahoo': YahooEnum,
        'google': GoogleEnum,
        'bing': BingEnum,
        'ask': AskEnum,
        'netcraft': NetcraftEnum,
        'dnsdumpster': DNSdumpster,
        'virustotal': Virustotal,
        'threatcrowd': ThreatCrowd,
        'ssl': CrtSearch,
        'passivedns': PassiveDNS
    }

    chosenEnums = []

    if engines is None:
        chosenEnums = [
            BaiduEnum, YahooEnum, GoogleEnum, BingEnum, AskEnum, NetcraftEnum,
            DNSdumpster, Virustotal, ThreatCrowd, CrtSearch, PassiveDNS
        ]
    else:
        engines = engines.split(',')
        for engine in engines:
            if engine.lower() in supported_engines:
                chosenEnums.append(supported_engines[engine.lower()])

    # Start the engines enumeration
    enums = [
        enum(domain, [], q=subdomains_queue, silent=silent, verbose=verbose)
        for enum in chosenEnums
    ]
    for enum in enums:
        enum.start()
    for enum in enums:
        enum.join()

    subdomains = set(subdomains_queue)
    for subdomain in subdomains:
        search_list.add(subdomain)

    if enable_bruteforce:
        if not silent:
            print(G + "[-] Starting bruteforce module now using subbrute.." +
                  W)
        record_type = False
        path_to_file = os.path.dirname(os.path.realpath(__file__))
        subs = os.path.join(path_to_file, 'subbrute', 'names.txt')
        resolvers = os.path.join(path_to_file, 'subbrute', 'resolvers.txt')
        process_count = threads
        output = False
        json_output = False
        bruteforce_list = subbrute.print_target(parsed_domain.netloc,
                                                record_type, subs, resolvers,
                                                process_count, output,
                                                json_output, search_list,
                                                verbose)

    subdomains = search_list.union(bruteforce_list)

    if enable_rdns:
        if not silent:
            print(G + "[-] Starting RDNS module now.." + W)

        rdns_subdomains, rdns_ips = recurse_rdns(subdomains)
        print(G + "[-] RDNS finds:" + W)
        for domain in rdns_subdomains - subdomains:
            print(G + ' - ' + domain + W)

        subdomains |= rdns_subdomains

    if subdomains:
        subdomains = sorted(subdomains, key=subdomain_sorting_key)

        if savefile:
            write_file(savefile, subdomains)

        if not silent:
            print(Y +
                  "[-] Total Unique Subdomains Found: %s" % len(subdomains) +
                  W)

        if ports:
            if not silent:
                print(G +
                      "[-] Start port scan now for the following ports: %s%s" %
                      (Y, ports) + W)
            ports = ports.split(',')
            pscan = portscan(subdomains, ports)
            pscan.run()

        elif not silent:
            for subdomain in subdomains:
                print(G + subdomain + W)

    if enable_ranges:
        print(G + "[-] Starting ranges module now.." + W)
        ranges = get_ranges(subdomains)
        by_cidr = {}
        for subdomain, results in ranges.items():
            for result in results:
                asn_cidr = result['asn_cidr']
                ip = result['ip']
                if asn_cidr not in by_cidr:
                    by_cidr[asn_cidr] = result
                    by_cidr[asn_cidr]['hosts'] = []

                by_cidr[asn_cidr]['hosts'].append((subdomain, ip))

        for asn_cidr, result in by_cidr.items():
            name = result['network_name']
            cidr = result['network_cidr']
            asn_desc = result['asn_description']
            hosts = result['hosts']

            print(G + '=== {} ==='.format(asn_cidr) + W)
            print(G + 'ASN description: {}'.format(asn_desc) + W)
            print(G + 'Network name: {}'.format(name) + W)
            if cidr == asn_cidr:
                note = ' (same as ASN)'
            else:
                note = ''
            print(G + 'Network cidr: {}{}'.format(cidr, note) + W)

            print(G + 'Hosts:' + W)
            for subdomain, ip in hosts:
                print(G + ' - {}\t{}'.format(subdomain, ip) + W)
            print()

    return subdomains
Exemple #16
0
def main():
    args = parse_args()
    domain = args.domain
    #threads = args.threads
    savefile = args.output
    ports = args.ports
    bruteforce_list = []
    subdomains = []

    if args.proxy != None:
        proxy = args.proxy
        proxy = {args.proxy.split(":")[0]: proxy}
    else:
        proxy = proxies

    #Check Verbosity
    #global verbose
    #verbose = args.verbose
    #if verbose or verbose is None:
        #verbose = True

    #Check Bruteforce Status
    enable_bruteforce = args.bruteforce
    if enable_bruteforce or enable_bruteforce is None:
        enable_bruteforce = True

    #Validate domain
    if not is_domain(domain):
        print R+"Error: Please enter a valid domain"+W
        sys.exit()


    #Print the Banner
    banner()
    print B+"[-] Enumerating subdomains now for %s"% domain+W

    subdomains.extend(callsites(domain,proxy))
    domains,emails = callengines(domain,500,proxy)
    subdomains.extend(domains)
    #print subdomains

    if enable_bruteforce:
        print G+"[-] Starting bruteforce module now using subDomainsBrute.."+W
        record_type = False
        path_to_file = os.path.dirname(os.path.realpath(__file__))
        subs = os.path.join(path_to_file, 'dict', 'names.txt')
        resolvers = os.path.join(path_to_file, 'resolvers.txt')
        process_count = 10
        output = False
        json_output = False
        bruteforce_list = subbrute.print_target(domain, record_type, subs, resolvers, process_count, output, json_output, subdomains)

        subdomains.extend(bruteforce_list)
        print subdomains
        print len(subdomains)


    print "[+] {0} domains found in total".format(len(subdomains))
    print "[+] {0} emails found in total".format(len(emails))

    if subdomains is not None:
        subdomains = sorted(subdomains)
        emails = sorted(emails)
        subdomains.extend(emails) #this function return value is NoneType ,can't use in function directly
        #print type(subdomains)
        if savefile:
            write_file(savefile, subdomains)
        else:
            write_file(domain, subdomains)


        if ports:
            print G+"[-] Start port scan now for the following ports: %s%s"%(Y,ports)+W
            ports = ports.split(',') #list
            pscan = portscan(subdomains,ports)
            pscan.run()

        else:
            for subdomain in subdomains:
                print G+subdomain+W