forked from githubmaidou/tools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sub.py
108 lines (96 loc) · 4.15 KB
/
sub.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
import requests
import re
import socket
import time
import sys
import urllib3
import json
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
try:
import config
keys = config.__dir__()
if "vt_key" in keys:
vt_key = config.vt_key
else:
vt_key=""
if "sec_keys" in keys:
#是数组,这个接口只有第个月只有50次,需要多个key
sec_keys = config.sec_keys
else:
sec_keys=[]
except:
print("未发现接口key")
class subdomain:
def __init__(self):
self.api_list = [
{'method':'get','url':"https://site.ip138.com/{target}/domain.htm",'data':"ok=1",'headers':{},'re':"/([a-zA-Z0-9_\-\.]*?{target})/"},
{'method': 'get', 'url': "http://ce.baidu.com/index/getRelatedSites",
'data': "site_address={target}", 'headers': {}, 're': "domain\":\"([a-zA-Z0-9_\-\.]*?)\","}, #baidu接口
{'method':'get','url':"https://www.virustotal.com/vtapi/v2/domain/report",'data':"apikey=%s&domain={target}" % vt_key,'headers':{'Origin': 'https://developers.virustotal.com'},'re':"\"([a-zA-Z0-9_\-\.]*?)\","},
{"method":"get","url":"https://crt.sh/","data":"q=%.{target}&output=json","headers":{"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"},"re":"name_value\":\"([a-zA-Z0-9_\-\.]*?)\""},
{"method":"post","url":"https://hackertarget.com/find-dns-host-records/","data":"theinput={target}&thetest=hostsearch&name_of_nonce_field=8a94567cc2","headers":{},"re":"([a-zA-Z0-9_\-\.]*?{target}),"},
] # api接口列表
self.domain = ""
#self.start(self.domain)
def securitytrails_api(self,domain):
api_url = "https://api.securitytrails.com/v1/domain/%s/subdomains?children_only=false" % domain
for key in sec_keys:
headers = {
'accept': "application/json",
'apikey': key,
}
req = requests.get(api_url,headers,verify=False)
if req.status_code == 200:
json_text = json.loads(req.text)
if "subdomains" not in json_text.keys():
continue
subs = json_text['subdomains']
subdomains = [sub+"."+domain for sub in subs]
return subdomains
return []
def req_text(self, method, url, data, headers):
if not headers:
headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36',
'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
}
if method.upper() == 'GET':
url = url.strip()+'?'+data.strip()
req = requests.get(url, headers=headers,verify=False)
elif method.upper() == 'POST':
req = requests.post(url, data, headers=headers,verify=False)
else:
return ""
if req.status_code == 200:
text = req.text
else:
text = ""
return text
def get_domains(self,reStr,text):
temp = []
r = re.compile(reStr)
r1 = re.findall(r,text)
if r1:
for subdomain in r1:
if self.domain in subdomain:
temp.append(subdomain)
return temp
return []
def api_start(self,domain):
subdomains = []
subdomains = subdomains + self.securitytrails_api(domain)
subip={}
for api in self.api_list:
data=api['data'].replace('{target}',domain)
url = api['url'].replace('{target}',domain)
text = self.req_text(api['method'],url,data,api['headers'])
re_domain_list = self.get_domains(api['re'].replace("{target}",domain),text)
if re_domain_list:
subdomains = subdomains + re_domain_list
return subdomains
if __name__ == '__main__':
domain = sys.argv[1]
sub = subdomain()
s = sub.api_start(domain)
for s1 in list(set(s)):
if domain in s1:
print(s1)