-
Notifications
You must be signed in to change notification settings - Fork 3
/
cert4recon.py
115 lines (95 loc) · 3.06 KB
/
cert4recon.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#!/usr/bin/env python3
import requests
import re
import sys
from sys import argv
print('''
______ ______ ______ _______ 4 ______ ______ ______ ______ ______
| | | | | | | \ | | | | | \ | | | | / | | \ | | \ \
| | | |---- | |__| | | | | |__| | | |---- | | | | | | | | | |
|_|____ |_|____ |_| \_\ |_| |_| \_\ |_|____ |_|____ \_|__|_/ |_| |_|
by S1rN3tZ
''')
class bcolors:
OK = '\033[92m'
WARNING = '\033[93m'
FAIL = '\033[91m'
RESET = '\033[0m'
INFO = '\033[94m'
def help():
print('''
Options
-------------------------------------------
-h help
-t target
-o output file
-a check for alive subdomains
-------------------------------------------
''')
def getopts(argv):
opts = {}
while argv:
try:
if argv[0][0] == '-':
opts[argv[0]] = argv[1]
except:
if argv[0] == '-h':
print(bcolors.INFO+"[*] "+bcolors.RESET+"usage: ./cert4recon.py [-h] -t target [-o output file] [-a]")
help()
sys.exit(0)
argv = argv[1:]
return opts
def main():
myargs = getopts(argv)
list=[]
NoDuplicates_list=[]
url="https://crt.sh/?q="
if len(sys.argv) < 2:
print(bcolors.FAIL+"[!] "+bcolors.RESET+"No target given.")
print(bcolors.INFO+"[*] "+bcolors.RESET+"usage: ./cert4recon.py [-h] -t target.com [-o output file] [-a]")
sys.exit(0)
elif '-t' in myargs:
url = url+myargs['-t']
regex=r"^(([a-zA-Z]{1})|([a-zA-Z]{1}[a-zA-Z]{1})|([a-zA-Z]{1}[0-9]{1})|([0-9]{1}[a-zA-Z]{1})|([a-zA-Z0-9][-_\.a-zA-Z0-9]{1,61}[a-zA-Z0-9]))\.([a-zA-Z]{2,13}|[a-zA-Z0-9-]{2,30}\.[a-zA-Z]{2,3})$"
r = requests.get(url)
jump=r.text.replace("<BR>","\n")
nohtml=re.sub("<.*?>","",jump)
nohtml=nohtml.replace(" ","")
matches = re.finditer(regex, nohtml, re.MULTILINE)
for matchNum, match in enumerate(matches):
result= "{match}".format(matchNum = matchNum, start = match.start(), end = match.end(), match = match.group())
list.append(result)
for sub in list:
if sub not in NoDuplicates_list:
NoDuplicates_list.append(sub)
print("Subdomains found with crt.sh:\n")
del NoDuplicates_list[0]
for onlysub in NoDuplicates_list:
print(bcolors.OK+"[+] "+bcolors.RESET+onlysub)
if '-o' in myargs:
log = open(myargs['-o'], "w")
for onlysub in NoDuplicates_list:
log.write(onlysub+"\n")
log.close()
if '-a' in sys.argv:
print("\n Active HTTP(S) subdomains:\n")
for onlysub in NoDuplicates_list:
for proto in ["http://","https://"]:
try:
url=proto+onlysub
rq = requests.get(url)
print(bcolors.OK+"[+] "+bcolors.RESET+url+bcolors.INFO+" ==> "+bcolors.RESET+rq.url)
except KeyboardInterrupt:
print(bcolors.FAIL+"[!] "+bcolors.RESET+"Script canceled.")
exit(0)
except:
pass
try:
main()
except Exception as e:
print(bcolors.FAIL+"[!] "+bcolors.RESET+"A problem has occured.")
print(bcolors.FAIL+"[!] "+bcolors.RESET+"No subdomain found.")
print(bcolors.INFO+"[*] "+bcolors.RESET+"Error info:")
print(e)
except KeyboardInterrupt:
print(bcolors.FAIL+"[!] "+bcolors.RESET+"Script canceled.")