-
Notifications
You must be signed in to change notification settings - Fork 151
/
censys_subdomain_enum.py
executable file
·83 lines (70 loc) · 2.87 KB
/
censys_subdomain_enum.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/usr/bin/env python
# A script to extract domain names from related SSL/TLS certificates using Censys
# You'll need Censys API ID and API Secret to be able to extract SSL/TLS certificates
# Needs censys module to run. pip install censys.
from __future__ import print_function
import logging
logging.basicConfig(
level=logging.INFO,
format="%(message)s"
)
__author__ = "Bharath(github.com/0xbharath)"
__version__ = "0.1"
__purpose__ = "Extract subdomains for a domain from censys certificate dataset"
CENSYS_API_ID = ""
CENSYS_API_SECRET = ""
import argparse
import re
import sys
try:
import censys.certificates
import censys.ipv4
except ImportError:
logging.info("\033[1;31m[!] Failed to import censys module. Run 'pip install censys'\033[1;m")
sys.exit()
def get_certificates():
try:
if not CENSYS_API_ID or not CENSYS_API_SECRET:
logging.info("\033[1;31m[!] API KEY or Secret for Censys not provided.\033[1;m" \
"\nYou'll have to provide them in the script")
sys.exit()
logging.info("[+] Extracting certificates for {} using Censys".format(domain))
censys_certificates = censys.certificates.CensysCertificates(CENSYS_API_ID, CENSYS_API_SECRET)
return censys_certificates
except censys.base.CensysUnauthorizedException:
logging.info('[!] Your Censys credentials look invalid.\n')
exit(1)
except censys.base.CensysRateLimitExceededException:
logging.info('[!] Looks like you exceeded your Censys account limits rate. Exiting\n')
exit(1)
def get_subdomains(domain, certificates):
logging.info("[+] Extracting sub-domains for {} from certificates".format(domain))
subdomains = []
certificate_query = 'parsed.names: {}'.format(domain)
certificates_search_results = certificates.search(certificate_query, fields=['parsed.names'])
for search_result in certificates_search_results:
subdomains.extend(search_result['parsed.names'])
return set(subdomains)
def print_subdomains(subdomains, domain):
unique_subdomains = []
if len(subdomains) is 0:
logging.info('[!] Did not find any subdomains')
return
for subdomain in subdomains:
if '*' not in subdomain and subdomain.endswith(domain):
unique_subdomains.append(subdomain)
logging.info("\033[1;32m[+] Total unique subdomains found: {}\033[1;m".format(len(unique_subdomains)))
for subdomain in sorted(unique_subdomains):
print(subdomain)
def get_domain():
if len(sys.argv) < 2:
print("\n[!] Usage: python subdomain_enum_censys.py <target_domain>\n")
sys.exit()
else:
domain = sys.argv[1]
return domain
if __name__ == '__main__':
domain = get_domain()
certificates = get_certificates()
subdomains = get_subdomains(domain, certificates)
print_subdomains(subdomains, domain)