forked from wap-community/Tools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
unused_code.py
91 lines (65 loc) · 2.74 KB
/
unused_code.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
def find_subdomains_shodan(domain, shodan_api):
SD = []
api = shodan.Shodan(shodan_api)
if shodan_api == "":
print(" \__", colored("No Shodan API key configured", "red"))
return []
else:
try:
results = api.search("hostname:.{0}".format(domain))
print(results)
try:
for res in results["matches"]:
SD.append("".join(res["hostnames"]))
except KeyError as errk:
print(" \__", colored(errk, "red"))
return []
SD = set(SD)
print(" \__ {0}: {1}".format(colored("Unique subdomains found", "cyan"), colored(len(SD), "yellow")))
return SD
except shodan.exception.APIError as err:
print(" \__", colored(err, "red"))
return []
except Exception:
print(" \__", colored("Something went wrong!", "red"))
return []
def cert_spotter_parseResponse(response, domain):
hostnameRegex = "([\w\.\-]+\.%s)" % (domain.replace(".", "\."))
hosts = findall(hostnameRegex, str(response))
return [host.lstrip(".") for host in hosts]
def find_subdomains_cert_spotter(domain):
CS = []
print(colored("[*]-Searching CertSpotter...", "yellow"))
base_url = "https://api.certspotter.com"
next_link = "/v1/issuances?domain={0}&include_subdomains=true&expand=dns_names".format(domain)
# headers = {"user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Firefox/52.0"}
while next_link:
try:
response = requests.get(base_url + next_link)
if response.status_code == 429:
print(" \__", colored("Search rate limit exceeded.", "red"))
return []
CS += cert_spotter_parseResponse(response.content, domain)
try:
next_link = response.headers["Link"].split(";")[0][1:-1]
except KeyError:
break
except requests.exceptions.RequestException as err:
print(" \__", colored(err, "red"))
return []
except requests.exceptions.HTTPError as errh:
print(" \__", colored(errh, "red"))
return []
except requests.exceptions.ConnectionError as errc:
print(" \__", colored(errc, "red"))
return []
except requests.exceptions.Timeout as errt:
print(" \__", colored(errt, "red"))
return []
except Exception:
print(" \__", colored("Something went wrong!", "red"))
return []
CS = set(CS)
print(" \__ {0}: {1}".format(colored("Unique subdomains found", "cyan"), colored(len(CS), "yellow")))
print(CS)
return CS