def test_all(self): engines = None domain = 'http0b100.com' ports = None subdomains = sublist3r.main(domain, self.no_threads, self.savefile, ports, silent=False, verbose=self.verbose, enable_bruteforce=self.enable_bruteforce, engines=engines) domain = 'taiwandestiny.com' subdomains = sublist3r.main(domain, self.no_threads, self.savefile, ports, silent=False, verbose=self.verbose, enable_bruteforce=self.enable_bruteforce, engines=engines) print("test_all") print("==============================") print(subdomains) print("==============================")
def get_domains(domain, delete_www) : if os.path.isfile("{0}/dns/domains".format(domain)) : os.system("rm {0}/dns/domains".format(domain)) if args.subrute is not None : print("{0}[#] Launching Sublist3r with bruteforce module enabled.{1}".format(white, end)) text_trap = io.StringIO() sys.stdout = text_trap sublist3r.main(domain, 100, "{0}/dns/domains".format(domain), ports = None, silent = True, verbose = False, enable_bruteforce = True, engines = None) sys.stdout = sys.__stdout__ if args.sublist is not None : print("{0}[#] Launching Sublist3r with bruteforce module disabled.{1}".format(white, end)) text_trap = io.StringIO() sys.stdout = text_trap sublist3r.main(domain, 100, "{0}/dns/domains".format(domain), ports = None, silent = True, verbose = False, enable_bruteforce = False, engines = None) sys.stdout = sys.__stdout__ domain_file = open("{0}/dns/domains".format(domain), "r") domains = domain_file.readlines() domains.insert(0, domain + "\n") domain_file.close() if delete_www == "True" : domain_file = open("{0}/dns/domains".format(domain), "w") for line in domains : if line.startswith("www.") : wwwless = line.split("www.")[1] domains.remove(line) domains.append(wwwless) domains = set(domains) domain_file.writelines(domains) domain_file.close() print("{0}\tFound {1} domains : \n\t{2}{3}".format(green, len(domains), "\t".join(map(str, domains)), end)) print("\t{0}[!] List of {1} domains written in {2}/dns/domains{3}\n".format(red, len(domains), domain, end)) return
def enum_sub_domains(self, domain, report_path): sublist3r.main('{0}'.format(domain), None, '{0}.txt'.format(report_path), ports=None, silent=False, verbose=True, enable_bruteforce=False, engines=None)
def recon(domainFile): domainFileDir = os.path.dirname(domainFile) subDomainDir = domainFileDir + "/subdomains" try: os.mkdir(subDomainDir) except OSError as e: if e.errno != errno.EEXIST: raise else: print(subDomainDir + '已存在') print(subDomainDir) with open(domainFile) as f: domains = f.read().splitlines() for domain in domains: no_threads = 5 savefile = subDomainDir + '/' + domain + '.sublist3r.txt' ports = None silent = False verbose = True enable_bruteforce = False # subbrute 貌似有问题,会卡住不动 engines = None subdomains = sublist3r.main(domain, no_threads, savefile, ports, silent, verbose, enable_bruteforce, engines) print(subdomains)
def sublister(self, domain, engine): try: doms = sublist3r.main( domain , \ 40 , \ savefile=None , \ ports= None, \ silent=True, \ verbose=False, \ enable_bruteforce=False, \ engines=engine ) except Exception as e: self.log.error(e) if not doms: self.log.error(f'No findings with {engine}') else: cleanDoms = list( set([ d.replace('0-', '') for dom in doms for d in dom.split('<BR>') ])) [self.log.findings(f'{engine} found {d}') for d in cleanDoms] present_subdomains = self.stash.get_column('subdomains', 'subdomain') for s in [x for x in cleanDoms if x not in present_subdomains]: sqlq = 'INSERT INTO subdomains( domain, subdomain ) VALUES(?, ?)' sqlv = (domain, s) self.stash.sql_execcc(sqlq, sqlv)
def run(self): print("[*] Initiating whois lookup.") whoisexec = pwhois.Main(self.verbose, False, self.pool, self.updatelacnicdb, self.ripe, self.lacnic, self.afrinic, self.apnic, self.arin) self.whoisdata, domain = whoisexec.run() clientname = domain.split('.')[0] print("[+] Completed whois lookup for %s." % clientname.title()) if self.updatelacnicdb: sys.exit() print("[*] Initiating subdomain lookup with sublist3r.") silent = not self.verbose subdomains = sublist3r.main(domain, self.threads, None, False, silent=silent, verbose=self.verbose, enable_bruteforce=False, engines=None) print("[+] Completed subdomain lookup with sublist3r.") print("[*] Performing DNS lookup on subdomains discovered.") subdnslookup = pdnslookup.DNSLookup(subdomains, self.verbose, self.pool) self.dnslookups = subdnslookup.execute() print("[+] Completed DNS lookups.") print("[*] Discovering whois data for subdomains and correlating with previously obtained whois data.") for host in self.dnslookups.keys(): for cidr in self.whoisdata.keys(): if IPAddress(self.dnslookups[host]["ip"]) in IPNetwork(cidr): self.dnslookups[host]["inranges"] = "Yes - " + cidr self.dnslookups[host]["rir"] = self.whoisdata[cidr]["rir"] self.pool.map(self.pullwhoisdb, self.dnslookups.keys()) print("[+] Completed data correlation and additional whois lookups.") output = excelwriter(self.whoisdata, self.dnslookups, clientname) output.create()
def parse_domain(domain_name, savefile): return sublist3r.main(domain_name, 40, savefile, ports=None, silent=False, verbose=False, enable_bruteforce=False, engines=None)
def get_subs(domain, threads): return sublist3r.main(domain, threads, None, ports=None, silent=False, verbose=False, enable_bruteforce=False, engines=None)
def get_sub_domains(domain, threads): return [domain] + sublist3r.main(domain, threads, savefile='./' + domain + '/dns', ports=None, silent=False, verbose=False, enable_bruteforce=False, engines='Bing,Baidu,Yahoo,Virustotal')
def scan_sub_domain(domain): return sublist3r.main( domain, 100, None, ports=None, silent=False, verbose=False, enable_bruteforce=False, engines='baidu,yahoo,bing,ask,virustotal,threatcrowd,ssl,passivedns')
def find_subdomains(domain): print "[+] Running sublist3r to find subdomains of %s..." % domain return sublist3r.main(domain, 40, '', ports=None, silent=True, verbose=True, enable_bruteforce=True, engines=None)
def getsubdomines(domine): subdomains = sublist3r.main(domine, 40, "temp2.txt", ports=None, silent=False, verbose=True, enable_bruteforce=False, engines=None) return subdomains
def test_google_com(self): engines = 'Google,Yahoo,Ask,SSL,Bing,Baidu,PassiveDNS,Virustotal,ThreatCrowd,DNSdumpster,Netcraft,Error' domain = 'google.com' ports = None subdomains = sublist3r.main(domain, self.no_threads, self.savefile, ports, silent=False, verbose=True, enable_bruteforce=self.enable_bruteforce, engines=engines) subdomains = sublist3r.main(domain, self.no_threads, self.savefile, ports, silent=False, verbose=False, enable_bruteforce=self.enable_bruteforce, engines=engines)
def subdomain_search(self, target): print("[~] Scanning for subdomains. This may take a moment...") subdomains = sublist3r.main( target, 40, 'Workspaces/{0}/Recon/subdomain-scan.txt'.format(self.TARGET), ports=None, silent=True, verbose=False, enable_bruteforce=False, engines=None)
def check_sub_req(): if args.bruteforce: bruteforce = True else: bruteforce = False if args.verbose: verbose = True else: verbose = False if args.threads: threads = args.threads else: print("Number of threads not specified,Setting threads to 2") threads = 2 if args.output: output = True else: output = False if args.savefile: savefile = args.savefile else: #ap.print_help() None if args.silent: silent = True else: silent = False if args.ports is None: ports = 80 else: ports = args.ports print("Using specified ports-%d",ports) if args.engines is None: engines = None elif args.engines is not None: engines = args.engines print("Using specified engines-%s",engines) else: None if args.csvfields is None: csvfields = [] else: csvfields = args.csvfields print("Using specified csvfields-%s",csvfields) subdomains = sublist3r.main(domain, threads, output, ports, silent, verbose, bruteforce, engines)
def subdomGather(domain): domains=[] ports=None silent=True verbose= False enable_bruteforce= False no_threads=40 engines=None print(Fore.YELLOW+"\n[-] Fetching Subdomains for "+domain+" using sublister, this will take time\n\n") print(Fore.WHITE+"[...] Ignore the following error! [...]"+Style.RESET_ALL) subdomain = sublist3r.main(domain, no_threads,"save.txt", ports, silent, verbose, enable_bruteforce,engines) return subdomain
def verticalEnum(): for domain in finalDomains: print "Performing vertical enumeration for: " + domain + " using Sublist3r." subdomains = sublist3r.main(domain, 40, 'vertDoms.txt',ports= None, silent=False, verbose= False, enable_bruteforce= False, engines=None) time.sleep(30) global completeDomains for dom in subdomains: completeDomains.append(dom) print "Sublist3r done, port scan will start next." print (completeDomains)
def test_error_domains(self): engines = 'ThreatCrowd,Netcraft,Error' domain = '\\\\\\' ports = None subdomains = sublist3r.main(domain, self.no_threads, self.savefile, ports, silent=True, verbose=self.verbose, enable_bruteforce=True, engines=engines)
def sublister(self, url): global urls subdomains = sublist3r.main(url, 40, savefile=False, ports=None, silent=True, verbose=False, enable_bruteforce=False, engines=None) for x in subdomains: urls.append(x) urls = list(set(urls))
def test_bruteforce(self): engines = 'ThreatCrowd' domain = 'taiwandestiny.com' ports = None subdomains = sublist3r.main(domain, self.no_threads, self.savefile, ports, silent=False, verbose=False, enable_bruteforce=True, engines=engines) subdomains = sublist3r.main(domain, self.no_threads, self.savefile, ports, silent=True, verbose=False, enable_bruteforce=True, engines=engines) subdomains = sublist3r.main(domain, self.no_threads, self.savefile, ports, silent=False, verbose=True, enable_bruteforce=True, engines=engines) subdomains = sublist3r.main(domain, self.no_threads, self.savefile, None, silent=True, verbose=True, enable_bruteforce=True, engines=engines)
def getDataFromSublist3r(url): #Get domain name tsd, td, tsu = extract(url) url = td + '.' + tsu subdomains = sublist3r.main(url, 10, '', ports=None, silent=True, verbose=False, enable_bruteforce=False, engines=None) return subdomains
def get_subs(domain): """ Uses sublist3r to search for subdomains on several engines -- Example -- get_subs('nequi.com') >> www.nequi.com ; api.nequi.com ; etc... """ subdomains = sublist3r.main(domain, 40, savefile=False, ports=None, silent=True, verbose=False, enable_bruteforce=False, engines='google,bing,yahoo,passivedns') return subdomains
def http_subdomains(domain, exhaustive=False): subdomains = sublist3r.main(domain, 40, 'some_subdomains.txt', ports=None, silent=True, verbose=False, enable_bruteforce=False, engines=None) insecure = [] for website in subdomains: #print('checking http://' + website) try: r = requests.get('http://'+website, timeout=5) except: continue if not 'https' in r.url: insecure.append(website) print(website) if not exhaustive and len(insecure) > 4: break return insecure
def run(self, domains): if domains: scopelist = [] nonwild = [] for domain in domains: if '*' in domain: scopelist.append(domain.strip('*.')) for domain in scopelist: print '[+]Currently Running sublist3r on: ' + domain subdomains = sublist3r.main(domain, self.no_threads, self.savefile, self.ports, self.silent, self.verbose, self.enable_bruteforce, self.engines) self.foundDomains += subdomains self.foundDomains = set(self.foundDomains) Domains(self.foundDomains).verify()
def get_subs(self): output = self.domain.replace('https://', '') + '_subdomains.txt' subdomains = sublist3r.main(self.domain.replace('https://', ''), 40, output, ports=None, silent=False, verbose=False, enable_bruteforce=False, engines=None) self.subdomains = subdomains self.subdomains.append(self.domain) for sub in self.subdomains: name = sub name = name.replace('https://', '').replace('.com', ' ') name = name.strip() self.names[name] = sub
def get_subs(tld_list, sub_list, verbose_toggle, brute_toggle, ports_list=None): for tld in tld_list: sub_list.append(tld.strip()) savefile = "sd_discover_"+str(tld)+".txt" subdomains = sublist3r.main(tld, 40, savefile, ports=ports_list, silent=False, verbose= verbose_toggle, enable_bruteforce=brute_toggle, engines=None) for line in subdomains: if line.strip() not in sub_list: sub_list.append(line.strip()) print('\nTotal unique subdomains: '+str(len(sub_list))) with open('sd_discover_results.txt', 'w') as output: for k in sub_list: output.write(str(k)) output.write('\n') if verbose_toggle: print(k) print('\nResults saved to "sd_discover_results.txt"')
def run(self, domains, dbsfile): if domains: scopelist = [] nonwild = [] for domain in domains: if '*' in domain: scopelist.append(domain.strip('*.')) for domain in scopelist: print colored('[-] Running sublist3r on ' + domain + '...', 'blue') subdomains = sublist3r.main(domain, self.no_threads, self.savefile, self.ports, self.silent, self.verbose, self.enable_bruteforce, self.takeover_check, self.engines) self.foundDomains += subdomains self.foundDomains = set(self.foundDomains) Domains(self.foundDomains, dbsfile).verify()
def enumerate_subdomain(self, target, threads_no, output_file, ports=None, silent_mode=False, verbose=False, bruteforce=False, engines=None): results = sublist3r.main(domain=target, threads=threads_no, savefile="results/" + output_file, ports=ports, silent=silent_mode, verbose=verbose, enable_bruteforce=bruteforce, engines=engines) self.subdomain_count = len(results)
def getSubdomains(domain): try: tld = getTldFromUrl(domain) tldSplitted = tld.split(".")[0] domain = domain.split(".")[domain.split(".").index(tldSplitted) - 1] + "." + tld return sublist3r.main(domain, 5, savefile=None, ports=None, silent=False, verbose=False, enable_bruteforce=False, engines=Constants.sublist3rEngines) except Exception as e: logging.error("Error in getSubdomains(): " + str(e)) pass return None
def parse_domain(domain, nameserver): domain_list = [] ip_list = set() if "*" in domain and domain[0:2] != "*.": raise Exception("Invalid domain: {}".format(domain)) elif "*" in domain: sub_domains = sublist3r.main(domain[2:], 40, None, ports=None, silent=False, verbose=False, enable_bruteforce=False, engines=None) print(sub_domains) domain_list.extend(sub_domains) else: domain_list.append(domain) # Use DNSPYTHON to get info. resolver = dns.resolver.Resolver() resolver.lifetime = resolver.timeout = 20.0 for domain_name in domain_list: print("Resolving: {}".format(domain_name)) try: resolver.nameservers = [nameserver] response = resolver.query(domain_name) for answer in response.response.answer: for ip in answer.items: if ip.rdtype == 1: ip_list.add(ip.address + "/32") except: pass # try: # response = dns.resolver.query(domain_name, "CNAME") # for answer in response.response.answer: # for ip in answer.items: # if ip.rdtype == 1: # ip_list.add(ip.address+"/32") # except: # pass return ip_list