Skip to content

Instantly share code, notes, and snippets.

@PaulSec

PaulSec/findsubdomains.py

Last active March 9, 2019 11:44
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 4 You must be signed in to fork a gist
  • Save PaulSec/edaad503e96d970c7650240d95c5486f to your computer and use it in GitHub Desktop.
Save PaulSec/edaad503e96d970c7650240d95c5486f to your computer and use it in GitHub Desktop.
Download ZIP
Python utility for https://findsubdomains.com/
Raw
findsubdomains.py
import requests
import sys
from bs4 import BeautifulSoup
import json
import re
def sanitize_data(data):
return data.replace('\r\n', '').replace('\n', '').replace(' ', '').replace(' ', '')
if len(sys.argv) < 2:
print("Usage: python findsubdomains.py <domain>")
sys.exit(-1)
domain = sys.argv[1]
url = "https://findsubdomains.com/subdomains-of/{}".format(domain)
req = requests.get(url)
###########################
#### Statistics part
###########################
stats = {}
for line in req.content.split('\n'):
if "window.aggreateInfo['countries']" in line:
json_text = re.search(r'window.aggreateInfo\[\'countries\'\]\s\=\s(.+)', line, flags=re.DOTALL | re.MULTILINE).group(1)[:-1]
countries = json.loads(json_text)
stats['countries'] = countries
elif "window.aggreateInfo['ip']" in line:
json_text = re.search(r'window.aggreateInfo\[\'ip\'\]\s\=\s(.+)', line, flags=re.DOTALL | re.MULTILINE).group(1)[:-1]
ip_addresses = json.loads(json_text)
stats['ip_addresses'] = ip_addresses
elif "window.aggreateInfo['asblocks']" in line:
json_text = re.search(r'window.aggreateInfo\[\'asblocks\'\]\s\=\s(.+)', line, flags=re.DOTALL | re.MULTILINE).group(1)[:-1]
asblocks = json.loads(json_text)
stats['asblocks'] = asblocks
###########################
#### Domains enumeration part
###########################
soup = BeautifulSoup(req.content, 'html.parser')
data = []
rows = soup.findAll('tr')
for row in rows:
tmp_data = {}
try:
domain = row.find('td')['title']
tds = row.findAll('td')
domain = row.find('td')['title']
tds = row.findAll('td')
try:
ip = tds[1].find('a').text
except:
ip = ''
try:
osh = tds[2].find('a').text.replace(' ', '')
except:
osh = ''
try:
region = tds[3].find('div', attrs={'class': 'geo-description'}).text
except:
region = ''
try:
asn = sanitize_data(tds[4].text)
except:
asn = ''
try:
organization = sanitize_data(tds[5].find('div').text)
except:
organization = ''
tmp_data['ip'] = ip
tmp_data['osh'] = osh
tmp_data['region'] = region
tmp_data['asn'] = asn
tmp_data['organization'] = organization
tmp_data['domain'] = domain
data.append(tmp_data)
except Exception as err:
pass
###########################
#### Subnets part
###########################
subnet = soup.find('div', attrs={'class': 'subnets-list-body'})
uls = subnet.findAll('ul', attrs={'class': 'js-subnets-list-branch'})
res = {}
for ul in uls:
ip = sanitize_data(ul.find('div', attrs={'class': 'ip'}).text)
qty = sanitize_data(ul.find('div', attrs={'class': 'qty'}).text)
lis = ul.findAll('li', attrs={'class': 'subnets-list-item'})
for li in lis:
domain = sanitize_data(li.find('div', attrs={'class': 'js-domain-name'}).text)
if ip not in res:
res[ip] = {"qty": qty, "domains": []}
if domain not in res[ip]['domains']:
res[ip]['domains'].append(domain)
final_res = {'statistics': stats, 'subnets': res, 'dns': data}
print(json.dumps(final_res))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment