-
Notifications
You must be signed in to change notification settings - Fork 93
/
Copy pathct-exposer.py
112 lines (92 loc) · 3.3 KB
/
ct-exposer.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#!/usr/bin/env python3
import requests
import argparse
from gevent import socket
from gevent.pool import Pool
requests.packages.urllib3.disable_warnings()
def main(domain, masscanOutput, urlOutput):
domainsFound = {}
domainsNotFound = {}
if (not masscanOutput and not urlOutput):
print("[+]: Downloading domain list from crt.sh...")
response = collectResponse(domain)
if (not masscanOutput and not urlOutput):
print("[+]: Download of domain list complete.")
domains = collectDomains(response)
if (not masscanOutput and not urlOutput):
print("[+]: Parsed %s domain(s) from list." % len(domains))
if len(domains) == 0:
exit(1)
pool = Pool(15)
greenlets = [pool.spawn(resolve, domain) for domain in domains]
pool.join(timeout=1)
for greenlet in greenlets:
result = greenlet.value
if (result):
for ip in result.values():
if ip != 'none':
domainsFound.update(result)
else:
domainsNotFound.update(result)
if (urlOutput):
printUrls(sorted(domains))
if (masscanOutput):
printMasscan(domainsFound)
if (not masscanOutput and not urlOutput):
print("\n[+]: Domains found:")
printDomains(domainsFound)
print("\n[+]: Domains with no DNS record:")
printDomains(domainsNotFound)
def resolve(domain):
try:
return({domain: socket.gethostbyname(domain)})
except:
return({domain: "none"})
def printDomains(domains):
for domain in sorted(domains):
print("%s\t%s" % (domains[domain], domain))
def printMasscan(domains):
iplist = set()
for domain in domains:
iplist.add(domains[domain])
for ip in sorted(iplist):
print("%s" % (ip))
def printUrls(domains):
for domain in domains:
print("https://%s" % domain)
def collectResponse(domain):
url = 'https://crt.sh/?q=' + domain + '&output=json'
try:
response = requests.get(url, verify=False)
except:
print("[!]: Connection to server failed.")
exit(1)
try:
domains = response.json()
return domains
except:
print("[!]: The server did not respond with valid json.")
exit(1)
def collectDomains(response):
domains = set()
for domain in response:
domains.add(domain['common_name'])
if '\n' in domain['name_value']:
domlist = domain['name_value'].split()
for dom in domlist:
domains.add(dom)
else:
domains.add(domain['name_value'])
return domains
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument("-d", "--domain", type=str, required=True,
help="domain to query for CT logs, e.g.: domain.com")
parser.add_argument("-u", "--urls", default=0, action="store_true",
help="ouput results with https:// urls for \
domains that resolve, one per line.")
parser.add_argument("-m", "--masscan", default=0, action="store_true",
help="output resolved IP address, one per line. \
Useful for masscan IP list import \"-iL\" format.")
args = parser.parse_args()
main(args.domain, args.masscan, args.urls)