Skip to content

Instantly share code, notes, and snippets.

@Aetsu

Aetsu/get_crobat_domains.py

Created October 6, 2020 18:10
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save Aetsu/5a7cf3d5d2a6c89cc5a9f01214f903d5 to your computer and use it in GitHub Desktop.
Save Aetsu/5a7cf3d5d2a6c89cc5a9f01214f903d5 to your computer and use it in GitHub Desktop.
Download ZIP
Discover new domains/subdomains with sonar.omnisint.io API
Raw
get_crobat_domains.py
# pip3 install requests argparse
# @author: @aetsu
import logging
import requests
import json
import urllib3
import socket
import sys
import argparse
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
class CrobatApi:
def __init__(self):
self.server_url = 'https://sonar.omnisint.io'
def do_get_request(self, api_path, timeout=10):
parsed_json = {}
s = requests.Session()
try:
response = s.get(
self.server_url + '/' + api_path, timeout=timeout, verify=False)
if response.status_code == 200:
parsed_json = json.loads(response.text)
elif response.status_code == 400:
logging.info(
'(GET) - (' + self.server_url + api_path + ') <response.status_code:' + str(response.status_code) + '>')
elif response.status_code == 404:
logging.info(
'(GET) - (' + self.server_url + api_path + ') <response.status_code:' + str(response.status_code) + '>')
except:
logging.error(
'(GET) - (' + self.server_url + api_path + ')')
parsed_json = {"error": self.server_url + api_path}
return parsed_json
def get_subdomains_from_domain(self, domain):
'''
/subdomains/{domain} - All subdomains for a given domain
'''
domain_list = self.do_get_request('subdomains/' + domain)
return domain_list
def get_subdomains_from_tlds(self, domain):
'''
/tlds/{domain} - All tlds found for a given domain
'''
domain_list = self.do_get_request('tlds/' + domain)
return domain_list
def get_subdomains_from_all_tlds(self, domain):
'''
/all/{domain} - All results across all tlds for a given domain
'''
d_aux = self.do_get_request('all/' + domain)
domain_list = []
for elem in d_aux:
try:
domain_list.append(elem['name'])
except Exception as e:
logging.error(
'(get_subdomains_from_all_tlds) - <' + str(e) + '>')
return domain_list
def get_subdomains_from_reverse(self, ip):
'''
/reverse/{ip} - Reverse DNS lookup on IP address
'''
l_aux = self.do_get_request('reverse/' + ip)
domain_list = []
if l_aux is not None:
for elem in l_aux:
try:
socket.inet_aton(elem)
except socket.error:
domain_list.append(elem)
return domain_list
def get_subdomains_from_reverse_mask(self, ip_maks):
'''
/reverse/{ip}/{mask} - Reverse DNS lookup of a CIDR range
'''
d_aux = self.do_get_request('reverse/' + ip_maks)
domain_list = []
for k, v in d_aux.items():
for elem in v:
try:
socket.inet_aton(elem)
except socket.error:
domain_list.append(elem)
return domain_list
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument("-sd", help="All subdomains for a given domain")
parser.add_argument("-tlds", help="All tlds found for a given domain")
parser.add_argument("-all", help="All results across all tlds for a given domain")
parser.add_argument("-reverse", help="Reverse DNS lookup on IP address")
parser.add_argument("-reverse_mask", help="Reverse DNS lookup of a CIDR range")
args = parser.parse_args()
res = []
crobat = CrobatApi()
if args.sd:
target = args.sd
res = crobat.get_subdomains_from_domain(target)
elif args.tlds:
target = args.tlds
res = crobat.get_subdomains_from_tlds(target)
elif args.all:
target = args.all
res = crobat.get_subdomains_from_all_tlds(target)
elif args.reverse:
target = args.reverse
res = crobat.get_subdomains_from_reverse(target)
elif args.reverse_mask:
target = args.reverse_mask
res = crobat.get_subdomains_from_reverse_mask(target)
else:
parser.print_help()
sys.exit()
if res is not None:
r_text = "Target: " + target + " -> " + str(len(res)) + " elements"
print(r_text)
print("-"*len(r_text))
for elem in res:
print(elem)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment