Created
October 6, 2020 18:08
-
-
Save Aetsu/1d2831e3fed9f10788dbfce5c5a22e95 to your computer and use it in GitHub Desktop.
Discover related domains and subdomains by iterating over all the certificates associated to a domain
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# pip3 install pycrtsh validators tqdm | |
# @author: @aetsu | |
import sys | |
from tqdm import tqdm | |
import validators | |
from pycrtsh import Crtsh | |
DEBUG = False | |
def get_cert(crt, c): | |
l_name = c['name'].split('\n') | |
l_targets = l_name | |
try: | |
details = crt.get(c["id"], type="id") | |
if 'extensions' in details: | |
if 'alternative_names' in details['extensions']: | |
l_targets += details['extensions']['alternative_names'] | |
except Exception as e: | |
if DEBUG: | |
print('<get_cert> -<cert_id:' + str(c["id"]) + '> - ' + str(e)) | |
return l_targets | |
def search_certs(target): | |
crt = Crtsh() | |
cert_l = crt.search(target) | |
l_targets = [] | |
for c in tqdm(cert_l): | |
l_targets+=get_cert(crt, c) | |
l_res = [d for d in l_targets if validators.domain(d)] | |
return l_res | |
if __name__ == '__main__': | |
if len(sys.argv) != 2: | |
print(" Usage: " + sys.argv[0] + " domain") | |
sys.exit() | |
target = sys.argv[1] | |
res = search_certs(target) | |
res = list(set(res)) # sort unique | |
r_text = "Target: " + target + " -> " + str(len(res)) + " elements" | |
print(r_text) | |
print("-"*len(r_text)) | |
for elem in res: | |
print(elem) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment