def test_recursive(self): self.options = {} # Set target to domain we know only has 1 subdomain, for speeds sake self.options["TARGET"] = ["neverssl.com"] self.domains.append("neverssl.com") self.options["--verbose"] = True self.options["--queue-workers"] = False recursive_search(self) self.domains = self.clean_domains(self.domains) self.assertIn("www.neverssl.com", self.domains)
def run(self): # Retrieve IP of target and run initial configurations self.init() # If multiple targets, create scans for each for i in range(len(self.options["TARGET"])): # Default scans that run every time target = self.options["TARGET"][i] ColorPrint.green(f"Working on target: {target}") threads = [ threading.Thread(target=dns_zonetransfer, args=(self, target)), threading.Thread(target=subdomain_hackertarget, args=(self, target)), threading.Thread(target=search_subject_alt_name, args=(self, target)), threading.Thread(target=search_netcraft, args=(self, target)), threading.Thread(target=search_crtsh, args=(self, target)), threading.Thread(target=search_dnsdumpster, args=(self, target)), threading.Thread(target=search_anubisdb, args=(self, target)) ] # Additional options - shodan.io scan if self.options["--additional-info"]: threads.append( threading.Thread(target=search_shodan, args=(self, ))) # Additional options - nmap scan of dnssec script and a host/port scan if self.options["--with-nmap"]: threads.append( threading.Thread(target=dnssecc_subdomain_enum, args=(self, target))) threads.append( threading.Thread(target=scan_host, args=(self, ))) # Start all threads and wait for them to finish for x in threads: x.start() for x in threads: x.join() # Run a recursive search on each subdomain - rarely useful, but nice to have # just in case if self.options["--recursive"]: recursive_search(self) # remove duplicates and clean up self.domains = self.clean_domains(self.domains) self.dedupe = set(self.domains) print("Found", len(self.dedupe), "subdomains") print("----------------") if self.options["--ip"]: self.resolve_ips() else: for domain in self.dedupe: cleaned_domain = domain.strip() ColorPrint.green(cleaned_domain) if self.options['--silent']: sys.stdout.write(cleaned_domain, override=True) if self.options["--send-to-anubis-db"]: send_to_anubisdb(self, [target]) # reset per domain self.domains = list()
def run(self): # Retrieve IP of target and run initial configurations self.init() for i in range(len(self.options["TARGET"])): # Default scans that run every time threads = [ Thread( target=dns_zonetransfer(self, self.options["TARGET"][i])), Thread(target=search_subject_alt_name( self, self.options["TARGET"][i])), Thread(target=subdomain_hackertarget( self, self.options["TARGET"][i])), Thread( target=search_virustotal(self, self.options["TARGET"][i])), Thread(target=search_pkey(self, self.options["TARGET"][i])), Thread( target=search_netcraft(self, self.options["TARGET"][i])), Thread(target=search_crtsh(self, self.options["TARGET"][i])), Thread(target=search_dnsdumpster(self, self.options["TARGET"] [i])), Thread(target=search_anubisdb(self, self.options["TARGET"][i])) ] # Additional options - ssl cert scan if self.options["--ssl"]: threads.append( Thread(target=ssl_scan(self, self.options["TARGET"][i]))) # Additional options - shodan.io scan if self.options["--additional-info"]: threads.append(Thread(target=search_shodan(self))) # Additional options - nmap scan of dnssec script and a host/port scan if self.options["--with-nmap"]: threads.append( Thread(target=dnssecc_subdomain_enum( self, self.options["TARGET"][i]))) threads.append(Thread(target=scan_host(self))) # Additional options - brute force common subdomains if self.options["--brute-force"]: threads.append( Thread( target=brute_force(self, self.options["TARGET"][i]))) # Start all threads for x in threads: x.start() # Wait for all of them to finish for x in threads: x.join() # remove duplicates and clean up if self.options["--recursive"]: recursive_search(self) self.domains = self.clean_domains(self.domains) self.dedupe = set(self.domains) print("Found", len(self.dedupe), "subdomains") print("----------------") if self.options["--ip"]: self.resolve_ips() else: for domain in self.dedupe: ColorPrint.green(domain.strip()) if not self.options["--no-anubis-db"]: send_to_anubisdb(self, self.options["TARGET"])
def run(self): # Retrieve IP of target and run initial configurations self.init() # If multiple targets, create scans for each for i in range(len(self.options["TARGET"])): # Default scans that run every time target = self.options["TARGET"][i] threads = [ threading.Thread(target=dns_zonetransfer, args=(self, target)), threading.Thread(target=subdomain_hackertarget, args=(self, target)), threading.Thread(target=search_subject_alt_name, args=(self, target)), threading.Thread(target=search_virustotal, args=(self, target)), # threading.Thread(target=search_pkey, args=(self, target)), # Removed pkey as of June 18 2018 due to issues on their end (not connecting) threading.Thread(target=search_netcraft, args=(self, target)), threading.Thread(target=search_crtsh, args=(self, target)), threading.Thread(target=search_dnsdumpster, args=(self, target)), threading.Thread(target=search_anubisdb, args=(self, target)) ] # Additional options - shodan.io scan if self.options["--additional-info"]: threads.append( threading.Thread(target=search_shodan, args=(self, ))) # Additional options - ssl if self.options["--ssl"]: threads.append( threading.Thread(target=ssl_scan, args=(self, target))) # Additional options - nmap scan of dnssec script and a host/port scan if self.options["--with-nmap"]: threads.append( threading.Thread(target=dnssecc_subdomain_enum, args=(self, target))) threads.append( threading.Thread(target=scan_host, args=(self, ))) # Start all threads and wait for them to finish for x in threads: x.start() for x in threads: x.join() # Run a recursive search on each subdomain - rarely useful, but nice to have # just in case if self.options["--recursive"]: recursive_search(self) # remove duplicates and clean up self.domains = self.clean_domains(self.domains) self.dedupe = set(self.domains) print("Found", len(self.dedupe), "subdomains") print("----------------") if self.options["--ip"]: self.resolve_ips() else: for domain in self.dedupe: ColorPrint.green(domain.strip()) if self.options["--send-to-anubis-db"]: send_to_anubisdb(self, self.options["TARGET"])