Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Quick and Dirty script to use the Censys API to query subdomains of a target domain
__author__ = 'bharta1'
import sys
import requests
import os
API_URL = "https://www.censys.io/api/v1"
UID = os.environ['CensysUID']
SECRET = os.environ['CensysSecret']
WEBSITE = os.environ['TARGETS']
subdomain_list = []
params = {'query' : WEBSITE}
res = requests.post(API_URL + "/search/ipv4", json = params, auth=(UID, SECRET))
if res.status_code != 200:
print "error occurred: %s" % res.json()["error"]
sys.exit(1)
payload = res.json()
for r in payload['results']:
ip = r["ip"]
protolist = r["protocols"]
for p in protolist:
port = p.split("/")[0]
protocol = p.split("/")[1]
res2 = requests.get(API_URL + ("/view/ipv4/%s" % ip), auth=(UID, SECRET))
payload2 = res2.json()
if port in payload2.keys():
if protocol == "https":
for name in payload2[port][protocol]['tls']['certificate']['parsed']['names']:
subdomain_list.append(name)
res = requests.post(API_URL + "/search/certificates", json = params, auth=(UID, SECRET))
if res.status_code != 200:
print "error occurred: %s" % res.json()["error"]
sys.exit(1)
payload = res.json()
for r in payload['results']:
str = r["parsed.subject_dn"]
subdomain_list.append(str[0].split("CN=")[1])
for subdomain in list(set(subdomain_list)):
print subdomain
@anshumanbh

This comment has been minimized.

Copy link
Owner Author

anshumanbh commented Sep 16, 2016

Make sure you have the environment variables set. You need your Censys UID, Secret and the Target website. To run this, just type:

python censys.py

@ak1t4

This comment has been minimized.

Copy link

ak1t4 commented Apr 20, 2017

Traceback (most recent call last):
File "subdomains-censys.py", line 33, in
for name in payload2[port][protocol]['tls']['certificate']['parsed']['names']:
KeyError: 'tls'

@alonek1

This comment has been minimized.

Copy link

alonek1 commented Sep 26, 2017

Traceback (most recent call last):
File "subdomains-censys.py", line 33, in
for name in payload2[port][protocol]['tls']['certificate']['parsed']['names']:
KeyError: 'tls'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.