def subdomainfile():
subdomainAllFile = "{}-all.txt".format(output_base)
names = ["sublist3r", "knock", "enumall", "massdns", "amass", "subfinder"]
for name in names:
writeFiles(name)
debug("\nCombining Domains Lists\n")
with open(subdomainAllFile, "r") as domainList:
uniqueDomains = set(domainList)
domainList.close()
subdomainUniqueFile = "{}-unique.txt".format(output_base)
uniqueDomainsOut = open(subdomainUniqueFile, "w")
for domains in uniqueDomains:
domains = domains.replace("\n", "")
if domains.endswith(domain):
uniqueDomainsOut.writelines("https://{}\n".format(domains))
if ports is not False:
uniqueDomainsOut.writelines(
"https://{}:8443\n".format(domains))
if secure is False:
uniqueDomainsOut.writelines("http://{}\n".format(domains))
if ports is not False:
uniqueDomainsOut.writelines(
"http://{}:8080\n".format(domains))
time.sleep(1)
rootdomainStrip = domain.replace(".", "_")
info("\nCleaning Up Old Files\n")
try:
os.system("rm {}*".format(domain))
os.system("rm {}*".format(rootdomainStrip))
except:
error("\nError Removing Files!\n")
if not noeyewitness:
eyewitness(subdomainUniqueFile)
def knockpy():
info("\n\nRunning Knock \n")
knockpyCmd = "python {} -c {}".format(
os.path.join(script_path, "bin/knockpy/knockpy/knockpy.py"), domain)
debug("\nRunning Command: {}".format(knockpyCmd))
os.system(knockpyCmd)
rootdomainStrip = domain.replace(".", "_")
knockpyFilenameInit = "{}_knock.csv".format(output_base)
os.system("mv {}* {}".format(rootdomainStrip, knockpyFilenameInit))
time.sleep(1)
knockpySubs = []
try:
with open(knockpyFilenameInit, "rt") as f:
reader = csv.reader(f, delimiter=",")
for row in reader:
knockpySubs.append(row[3])
filenameKnocktxt = "{}.txt".format(knockpyFilenameInit)
f1 = open(filenameKnocktxt, "w")
for hosts in knockpySubs:
hosts = "".join(hosts)
f1.writelines("\n" + hosts)
f1.close()
except:
error("\nKnock File Error\n")
time.sleep(1)
def writeFiles(name):
"""Writes info of all hosts from subhosts
"""
subdomainCounter = 0
subdomainAllFile = "{}-all.txt".format(output_base)
fileExt = {
"sublist3r": ".txt",
"knock": ".csv.txt",
"enumall": ".lst",
"massdns": ".txt",
"amass": ".txt",
"subfinder": ".txt",
}
fileName = output_base + "_" + name + fileExt[name]
debug("\n Opening %s File" % name)
try:
with open(fileName, "r") as f:
SubHosts = f.read().splitlines()
with open(subdomainAllFile, "a") as f:
f.writelines("\n\n" + name)
for hosts in SubHosts:
hosts = "".join(hosts)
f.writelines("\n" + hosts)
subdomainCounter = subdomainCounter + 1
os.remove(fileName)
info("\n{} Subdomains discovered by {}".format(subdomainCounter, name))
except:
error("\nError Opening %s File!\n" % name)
return subdomainCounter
def enumall():
info("\n\nRunning Enumall \n")
enumallCMD = "python {} {}".format(
os.path.join(script_path, "bin/domain/enumall.py"), domain)
debug("\nRunning Command: {}".format(enumallCMD))
os.system(enumallCMD)
info("\nenumall Complete")
time.sleep(1)
def vpncheck():
vpnck = requests.get("https://ifconfig.co/json")
# Change "City" to your city")
if "City" in vpnck.text:
warning("\nNot connected via VPN ")
warning("\n{}".format(vpnck.content))
warning("\nQuitting domained... ")
quit()
else:
info("\nConnected via VPN ")
info("\n{}".format(vpnck.content))
time.sleep(5)
def amass(rerun=0):
if which("amass"):
info("\n\nRunning Amass \n")
amassFileName = "{}_amass.txt".format(output_base)
amassCmd = "amass enum -d {} -o {}".format(domain, amassFileName)
debug("\nRunning Command: {}".format(amassCmd))
os.system(amassCmd)
info("\nAmass Complete")
time.sleep(1)
else:
warning("\n\nmass is not currently in your $PATH \n")
if check_gopath("amass", "github.com/OWASP/Amass/...") and rerun != 1:
amass(rerun=1)
def subfinder(rerun=0):
if which("subfinder"):
info("\n\nRunning Subfinder \n")
subfinderFileName = "{}_subfinder.txt".format(output_base)
subfinderCmd = "subfinder -d {} -o {}".format(domain,
subfinderFileName)
debug("\nRunning Command: {}".format(subfinderCmd))
os.system(subfinderCmd)
info("\nsubfinder Complete")
time.sleep(1)
else:
warning("\n\nubfinder is not currently in your $PATH \n")
if check_gopath("subfinder",
"github.com/subfinder/subfinder") and rerun != 1:
subfinder(rerun=1)
def sublist3r(brute=False):
info("\n\nRunning Sublist3r \n")
sublist3rFileName = "{}_sublist3r.txt".format(output_base)
Subcmd = "python {} -v -t 15 {} -d {} -o {}".format(
os.path.join(script_path, "bin/Sublist3r/sublist3r.py"),
"-b" if brute else "",
domain,
sublist3rFileName,
)
debug("\nRunning Command: {}".format(Subcmd))
os.system(Subcmd)
info("\nSublist3r Complete")
time.sleep(1)
if brute:
eyewitness(sublist3rFileName)
def massdns():
info("\n\nRunning massdns \n")
word_file = os.path.join(
script_path,
"bin/sublst/all.txt" if bruteall else "bin/sublst/sl-domains.txt")
massdnsCMD = "python {} {} {} | {} -r resolvers.txt -t A -o S -w {}-massdns.txt".format(
os.path.join(script_path, "bin/subbrute/subbrute.py"),
word_file,
domain,
os.path.join(script_path, "bin/massdns/bin/massdns"),
output_base,
)
debug("\nRunning Command: {}".format(massdnsCMD))
os.system(massdnsCMD)
info("\nMasscan Complete")
time.sleep(1)
def eyewitness(filename):
info("\n\nRunning EyeWitness \n")
EWHTTPScriptIPS = "python {} -f {} {} --no-prompt --web -d {}-{}-EW".format(
os.path.join(script_path, "bin/EyeWitness/Python/EyeWitness.py"),
filename,
"--active-scan" if active else "",
output_base,
time.strftime("%m-%d-%y-%H-%M"),
)
if vpn:
info(
"\nIf not connected to VPN manually run the following command on reconnect:\n{}"
.format(EWHTTPScriptIPS))
vpncheck()
debug("\nRunning Command: {}".format(EWHTTPScriptIPS))
os.system(EWHTTPScriptIPS)
print("\a")
def check_gopath(cmd, install_repo):
if os.environ["GOPATH"]:
execs = os.listdir(os.path.join(os.environ["GOPATH"], "bin"))
if cmd in execs:
warning(
"\nFound '{}' in your $GOPATH/bin folder please add this to your $PATH"
.format(cmd))
else:
ans = input(
"\n{}{} does not appear to be installed, would you like to run `go get -u -v {}`? [y/N]{}"
.format(colorama.Fore.RED, cmd, install_repo,
colorama.Style.RESET_ALL))
if ans.lower() == "y":
info("\nInstalling {}".format(install_repo))
os.system("go get -u -v {}".format(install_repo))
return True
def notified():
notifySub = "domained Script Finished"
notifyMsg = "domained Script Finished for {}".format(domain)
Config = configparser.ConfigParser()
Config.read(os.path.join(script_path, "ext/notifycfg.ini"))
if (Config.get("Pushover", "enable")) == "True":
poToken = Config.get("Pushover", "token")
poUser = Config.get("Pushover", "user")
if "device" in Config.options("Pushover"):
poDevice = Config.get("Pushover", "device")
poRequestPayload = {
"token": poToken,
"user": poUser,
"device": poDevice,
"title": notifySub,
"message": notifyMsg,
}
else:
poRequestPayload = {
"token": poToken,
"user": poUser,
"title": notifySub,
"message": notifyMsg,
}
poValidatePayload = {"token": poToken, "user": poUser}
poValidate = requests.post(
"https://api.pushover.net/1/users/validate.json",
data=(poValidatePayload),
)
poJsonV = poValidate.json()
if poJsonV["status"] == 1:
info("\nPushover Account Validated\n")
poRequest = requests.post(
"https://api.pushover.net/1/messages.json",
data=(poRequestPayload))
poJsonR = poRequest.json()
if poJsonV["status"] == 1:
info("\nPushover Account Notified\n")
else:
error("\nError - Pushover Account Not Notified\n")
else:
error("\nError - Pushover Account Not Validated\n")
if (Config.get("Email", "enable")) == "True":
gmailUser = Config.get("Email", "user")
gmailPass = Config.get("Email", "password")
try:
server = smtplib.SMTP("smtp.gmail.com", 587)
server.starttls()
server.login(gmailUser, gmailPass)
subject = "domained Script Complete"
text = "domained Script Complete for " + domain
msg = "Subject: {}\n\n{}".format(subject, text)
server.sendmail(gmailUser, gmailUser, msg)
server.quit()
info("\nEmail Notification Sent\n")
except:
error("\nError - Email Notification Not Sent\n")
def banner():
warning("""
___/ /__ __ _ ___ _(_)__ ___ ___/ /
/ _ / _ \/ ' \/ _ `/ / _ \/ -_) _ /
\_,_/\___/_/_/_/\_,_/_/_//_/\__/\_,_/
{}\t\t\tgithub.com/cakinney{}""".format(colorama.Fore.BLUE,
colorama.Style.RESET_ALL))
globpath = "*.csv"
globpath2 = "*.lst"
if (next(glob.iglob(globpath), None)) or (next(glob.iglob(globpath2),
None)):
info(
"\nThe following files may be left over from failed domained attempts:"
)
for file in glob.glob(globpath):
info(" - {}".format(file))
for file in glob.glob(globpath2):
info(" - {}".format(file))
signal(SIGALRM, lambda x: 1 / 0)
try:
alarm(5)
RemoveQ = input("\nWould you like to remove the files? [y/n]: ")
if RemoveQ.lower() == "y":
os.system("rm *.csv")
os.system("rm *.lst")
info("\nFiles removed\nStarting domained...")
time.sleep(5)
else:
info("\nThank you.\nPlease wait...")
time.sleep(1)
except:
info("\n\nStarting domained...")
def upgradeFiles():
"""Upgrade all the required files
"""
binpath = os.path.join(SCRIPT_PATH, "bin")
old_wd = os.getcwd()
if not os.path.exists(binpath):
os.makedirs(binpath)
else:
debug("Removing old bin directory: {}".format(binpath))
os.system("rm -rf {}".format(binpath))
os.makedirs(binpath)
info("Changing into domained home: {}".format(SCRIPT_PATH))
os.chdir(SCRIPT_PATH)
unameChk = subprocess.check_output(["uname", "-am"]).decode("utf-8")
if "kali" not in unameChk:
warning("\nKali Linux Recommended!")
warning(
"Please install ldns (https://www.nlnetlabs.nl/documentation/ldns, 'apt install libldns-dev') and Go (https://golang.org, 'apt install golang')"
)
time.sleep(3)
else:
dependenciesInstall = "apt install libldns-dev golang"
info("\nInstalling dependencies (ldns, Go) ")
os.system(dependenciesInstall)
info("\nDependencies Installed\n")
sublist3rUpgrade = (
"git clone https://github.com/aboul3la/Sublist3r.git ./bin/Sublist3r")
info("\nInstalling Sublist3r ")
os.system(sublist3rUpgrade)
subInstallReq = "pip install -r bin/Sublist3r/requirements.txt"
os.system(subInstallReq)
info("Sublist3r Installed\n")
eyeWitnessUpgrade = "git clone https://github.com/FortyNorthSecurity/EyeWitness.git ./bin/EyeWitness"
info("\nInstalling EyeWitness" + eyeWitnessUpgrade)
os.system(eyeWitnessUpgrade)
eyeInstallReq = "bash bin/EyeWitness/setup/setup.sh"
debug("\nRunning Command: ")
os.system(eyeInstallReq)
info("\nEyeWitness Installed\n")
enumallUpgrade = "git clone https://github.com/jhaddix/domain.git ./bin/domain"
info("\nInstalling Enumall ")
info("\nenumall Installed\n")
os.system(enumallUpgrade)
knockpyUpgrade = "git clone https://github.com/guelfoweb/knock.git ./bin/knockpy"
info("\nInstalling Knock ")
os.system(knockpyUpgrade)
info("\nKnockpy Installed\n")
sublstUpgrade = "git clone https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056 ./bin/sublst"
info("\nCopying JHaddix All Domain List: ")
info("\nJHaddix All Domain List Installed\n")
os.system(sublstUpgrade)
SLsublstUpgrade = "wget -O ./bin/sublst/sl-domains.txt https://github.com/danielmiessler/SecLists/raw/master/Discovery/DNS/sortedcombined-knock-dnsrecon-fierce-reconng.txt"
info("\nCopying SecList Domain List ")
info("\nSecList Domain List Installed\n")
os.system(SLsublstUpgrade)
subbruteUpgrade = "git clone https://github.com/TheRook/subbrute.git ./bin/subbrute"
info("\nInstalling Subbrute ")
os.system(subbruteUpgrade)
info("\nSubbrute Installed\n")
amassUpgrade = "GO111MODULE=on go get -v -u github.com/OWASP/Amass/v3/..."
info("\nInstalling Amass ")
os.system(amassUpgrade)
subfinderUpgrade = "GO111MODULE=on go get -u -v github.com/projectdiscovery/subfinder/cmd/subfinder"
info("\nInstalling Subfinder ")
os.system(subfinderUpgrade)
massdnsUpgrade = "git clone --branch v0.2 --single-branch https://github.com/blechschmidt/massdns ./bin/massdns"
info("\nInstalling massdns ")
os.system(massdnsUpgrade)
massdnsMake = "make -C ./bin/massdns"
os.system(massdnsMake)
info("\nMassdns Installed\n")
os.system("cp ./bin/subbrute/resolvers.txt ./")
if "kali" in unameChk:
reconNGInstall = "apt-get install recon-ng"
info("\nInstalling Recon-ng ")
os.system(reconNGInstall)
info("\nRecon-ng Installed\n")
else:
info("Please install Recon-ng - https://bitbucket.org/LaNMaSteR53/")
info("\nAll tools installed ")
debug("Changing back to old working directory: {}".format(old_wd))
os.chdir(old_wd)
