-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcrt_subdomainner.py
More file actions
60 lines (47 loc) · 1.41 KB
/
crt_subdomainner.py
File metadata and controls
60 lines (47 loc) · 1.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
import re
import requests
import sys
from bs4 import BeautifulSoup
URL = "https://crt.sh/?q=%25." #gets all subdomains on %.exampledomain.com by fingerprinting domain ceritificates
results = []
if len(sys.argv) < 2:
print('You must provide the domain for fingerprinting.\nE.g. example.com')
sys.exit(1)
else:
URL = URL + sys.argv[1]
DOMAIN_REGEX = r'' + '(\w|-)+\.' + sys.argv[1].strip() + '(\.\w)*' #build regex
print('Requesting ', URL)
try:
html_res = requests.get(URL)
except:
print('An error ocurred.')
sys.exit(1)
# Parsing and getting XML from content
soup = BeautifulSoup(html_res.content, 'lxml') #lxml required (pip install lxml)
print('Searching for domains in parsed text...')
td = soup.select('td')
# Scraping tr elements
for element in td:
#checking for br
if '<br' in str(element):
td_text = str(element).split("<br/>")
for a in td_text:
match = re.match(DOMAIN_REGEX, a)
if match != None:
results.append(str(match.group(0)))
else:
# Searching for general omain matches
match = re.match(DOMAIN_REGEX, element.get_text())
if match != None:
results.append(str(match.group(0)))
print('\nDone\n')
print('Total results: ', len(results))
print('\nCleaning results...')
# Removing duplicates and sorting
result_set = set(results)
clean_results = list(result_set)
clean_results.sort()
print('\nFinal results: ', len(clean_results))
print('\n\n')
for host in clean_results:
print(host)