def run(self): while not self.stopper.is_set(): try: target = self.domain_queue.get_nowait() except queue.Empty: break else: sys.__stdout__.write("Starting recursive search on " + target + "\n") self.parent.stdout.flush() # Default scans that run every time threads = [Thread(target=dns_zonetransfer(self.parent, target)), Thread(target=search_sublist3r(self.parent, target)), Thread(target=subdomain_hackertarget(self.parent, target)), Thread(target=search_pkey(self.parent, target)), Thread(target=search_netcraft(self.parent, target)), Thread(target=search_crtsh(self.parent, target)), Thread(target=search_dnsdumpster(self.parent, target))] # Start all threads for x in threads: x.start() # Wait for all of them to finish for x in threads: x.join() self.domains = self.parent.clean_domains(self.domains) for domain in self.domains: if domain not in self.master_domains: sys.__stdout__.write("Found new domain: " + domain) self.master_domains.append(domain) self.domain_queue.put(domain) self.domain_queue.task_done()
def test_netcraft(self): search_netcraft(self, "example.com") self.assertIn("http://www.example.com", self.domains)
def run(self): # Retrieve IP of target and run initial configurations self.init() ColorPrint.green("Searching for subdomains for " + self.ip + " (" + self.options["TARGET"] + ")\n") # Default scans that run every time threads = [ Thread(target=dns_zonetransfer(self, self.options["TARGET"])), Thread( target=search_subject_alt_name(self, self.options["TARGET"])), Thread( target=subdomain_hackertarget(self, self.options["TARGET"])), Thread(target=search_virustotal(self, self.options["TARGET"])), Thread(target=search_pkey(self, self.options["TARGET"])), Thread(target=search_netcraft(self, self.options["TARGET"])), Thread(target=search_crtsh(self, self.options["TARGET"])), Thread(target=search_dnsdumpster(self, self.options["TARGET"])), Thread(target=search_anubisdb(self, self.options["TARGET"])) ] # Additional options - ssl cert scan if self.options["--ssl"]: threads.append( Thread(target=ssl_scan(self, self.options["TARGET"]))) # Additional options - shodan.io scan if self.options["--additional-info"]: threads.append(Thread(target=search_shodan(self))) # Additional options - nmap scan of dnssec script and a host/port scan if self.options["--with-nmap"]: threads.append( Thread(target=dnssecc_subdomain_enum(self, self.options["TARGET"]))) threads.append(Thread(target=scan_host(self))) # Additional options - brute force common subdomains if self.options["--brute-force"]: threads.append( Thread(target=brute_force(self, self.options["TARGET"]))) # Start all threads for x in threads: x.start() # Wait for all of them to finish for x in threads: x.join() # remove duplicates and clean up if self.options["--recursive"]: self.recursive_search() self.domains = self.clean_domains(self.domains) self.dedupe = set(self.domains) print("Found", len(self.dedupe), "subdomains") print("----------------") if self.options["--ip"]: self.resolve_ips() else: for domain in self.dedupe: ColorPrint.green(domain.strip()) if not self.options["--no-anubis-db"]: send_to_anubisdb(self, self.options["TARGET"])
def test_netcraft(self): search_netcraft(self, "example.com") self.assertTrue( True) # patch after netcraft no long returns valid results, 1/6/19