def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
############################
self.version = 1
self.author = ['VinaKid']
self.description = 'Get subdomain and email'
self.detailed_description = \
'\tModule is using to get subdomain and email of domains\n' + \
' by bruteforce subdomain or from search engineer\n' +\
' $ w2a > set DOMAIN google,bing,yahoo\n' +\
' $ w2a > unset DOMAIN\n' +\
' $ w2a > set DOMAINLIST [path to domain list])\n' +\
'- Option TYPE: speed\n' +\
'- Option SUBLIST: path of subdomain list is using to bruteforce subdomain\n'
############################
self.options.add_string('DOMAIN',
'Target domain (support: domain1,domain2...)',
False)
self.options.add_string(
'SEARCHER',
'Select search enginee: google, bing, yahoo, baidu, exalead, all',
default='google',
complete=['google', 'bing', 'yahoo', 'baidu', 'exalead', 'all'])
self.options.add_integer('LIMIT', 'Set limit search', default=1000)
self.options.add_string('TYPE',
'Type scan(fast, nomal , slow)',
default='slow',
complete=['fast', 'nomal', 'slow'])
self.options.add_integer('DELAY', 'Delay time', default=1)
self.options.add_boolean('MULTITHREADS',
'Get subdomain and email with multithreading',
default=False)
self.options.add_path('SUBLIST',
'Bruteforce subdomain list',
False,
default=CONFIG.DATA_PATH + '/dict/subdomain.vn')
############################
self.advanced_options.add_integer('THREADS',
'Thread bruteforce',
default=5)
self.advanced_options.add_boolean('REVERSEIP',
'Reverse ip to find subdomain',
False)
self.advanced_options.add_path('DOMAINLIST', 'Path to domain list',
False)
self.advanced_options.add_path('OUTPUT', 'Output directory', False)
############################
self.ip_helper = IP()
def worker(self, domain):
threads = []
self.subs = [domain]
self.emails = []
self.listip = {}
##################################################
subbrute = []
for ext in ['.', '-', '']:
for sub in self.subbrute:
subbrute.append(sub + ext + domain)
if len(subbrute) > 0:
self.frmwk.print_status('Starting bruteforce subdomain in : %d thread' % self.subbrutethread)
self.listip = IP().getListIP(subbrute, self.subbrutethread)
del subbrute
##################################################
if self.options['TYPE'].strip().lower() == "fast":
type = 2
elif self.options['TYPE'].strip().lower() == "slow":
type = 0
else:
type = 1
##################################################
self.frmwk.print_status("%s : Start search enginee !" % domain)
keywork = '"@' + domain + '" ext:(' + ' OR '.join(CONFIG.EXTENSION) + ')'
if self.searcher in ("yahoo", "all"):
yh = yahoo.yahoo(keywork, self.limit, self.delay)
yh.start()
threads.append(yh)
if self.searcher in ("bing", "all"):
bg = bing.bing(keywork, self.limit, self.delay)
bg.start()
threads.append(bg)
if self.searcher in ("baidu", "all"):
bd = baidu.baidu('"@' + domain + '"', self.limit, self.delay)
bd.start()
threads.append(bd)
if self.searcher in ("exalead", "all"):
el = exalead.exalead(keywork, self.limit, self.delay)
el.start()
threads.append(el)
if self.searcher in ("google", "all"):
gg = google.google(keywork, self.limit, self.delay)
gg.start()
threads.append(gg)
############### get info from db ##################
if self.frmwk.dbconnect:
self.frmwk.print_status('Getting data in database')
cursor = self.frmwk.dbconnect.db.cursor()
dmrow = getDomain(cursor, ['domain_name', 'mail_list'], {'domain_name': '%%%s' % domain})
if dmrow:
for dm in dmrow:
self.subs.append(dm[0])
if dm[1]:
for e in dm[1].split('\n'):
self.emails.append(e.split('|')[0].strip())
else:
self.frmwk.print_status('Nothing in Database!')
cursor.close()
else:
self.frmwk.print_error('Database connect false!')
##################################################
docsthreads = []
try:
for t in threads:
t.join()
self.frmwk.print_status("Harvesting : <[ {0:<25} {1:d}".format(t.name, len(t.info)))
if self.multithread:
ps = Thread(target = filter.Filter, args = (domain, t.info, type,))
docsthreads.append(ps)
ps.start()
else:
s,e = filter.Filter(domain, t.info, type)
self.subs += s
self.emails += e
except KeyboardInterrupt:
for t in threads:
if t.isAlive():
t.terminate()
for t in docsthreads:
if t.isAlive():
t.terminate()
pass
if len(docsthreads) > 0:
for ps in docsthreads:
s,e = ps.join()
self.subs += s
self.emails += e
self.subs.append(domain)
self.subs = sorted(list(set(self.subs)))
self.emails = sorted(list(set(self.emails)))
############ check subdomain ##############
self.frmwk.print_status('Checking subdomain in : %d thread' % self.subbrutethread)
ips = IP().getListIP(self.subs, self.subbrutethread)
for ip in ips.keys():
if ip in self.listip:
self.listip[ip] = sorted(list(set(self.listip[ip] + ips[ip])))
else:
self.listip[ip] = ips[ip]
del ips
################ insert db #################
if self.frmwk.dbconnect:
self.frmwk.print_status('start save database!')
self.DBInsert(domain)
################# reverse ip ###############
if self.reverseip:
for ip in self.listip.keys():
reip = self.frmwk.modules['info/reverse_ip']
reip.options.addString('RHOST', 'IP/Domain to reverse(support : ip1,ip2...)', default = ip)
reip.options.addBoolean('CHECK', 'check domain is in this IP ', default = True)
reip.options.addInteger('THREADS', 'thread check domain', default = 10)
############################
reip.advanced_options.addPath('HOSTLIST', 'Path to domain list', False)
reip.advanced_options.addPath('OUTPUT', 'Output directory', False)
reip.run(self.frmwk, None)
self.frmwk.reload_module('info/reverse_ip')
for d in reip.domains:
if d.endswith(domain):
self.listip[ip].append(d)
self.listip[ip] = sorted(list(set(self.listip[ip])))
###########################################
self.frmwk.print_line()
self.frmwk.print_success("Hosts found in search engines:\n------------------------------")
for ip in self.listip.keys():
self.frmwk.print_success('IP Server : ' + ip)
for dm in self.listip[ip]:
self.frmwk.print_line('\t. ' + dm)
self.frmwk.print_line()
self.frmwk.print_line()
self.frmwk.print_success("Emails found:\n-------------")
self.frmwk.print_line("\n".join(self.emails))
self.frmwk.print_line('')
