Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Identify IPv4 hosts behind CloudFlare using certificate data
#!/usr/bin/env python3
import censys.certificates
import censys.ipv4
from sys import argv
UID = "**CHANGE**"
SECRET = "**CHANGE**"
def is_cloudflare(dn):
if "cloudflaressl.com" in dn or "cloudflare.com" in dn:
return True
return False
def find_certificates(target):
print("Certificates:")
certificates = censys.certificates.CensysCertificates(UID, SECRET)
fingerprints = []
fields = ["parsed.names", "parsed.extensions.subject_alt_name.dns_names",
"parsed.fingerprint_sha256", "parsed.subject_dn"]
for cert in certificates.search("%s and tags: trusted" % target, fields=fields):
if not is_cloudflare(cert["parsed.subject_dn"]) and target in cert["parsed.names"]:
fingerprints.append(cert["parsed.fingerprint_sha256"])
print("\tHost: %s\n\tFingerprint: %s" % (' '.join(cert["parsed.names"]), cert["parsed.fingerprint_sha256"]))
return fingerprints
def find_hosts(target):
print("Hosts: %s" % target)
hosts = censys.ipv4.CensysIPv4(UID, SECRET)
fields = ["ip"]
for host in hosts.search(target):
print("\tFound host: %s" % (host["ip"]))
def main():
if len(argv) != 2:
print("Usage: %s <host>" % argv[0])
else:
target = argv[1]
fingerprints = find_certificates(target)
for fp in fingerprints:
find_hosts(fp)
if __name__=="__main__":
main()
@hartleybrody

This comment has been minimized.

Copy link

hartleybrody commented Oct 3, 2017

Can you clarify what's happening on line 32?

    fields = ["ip"]

Seems like you're setting a variable but not using it anywhere else in that scope.

Maybe it's some left over debug code? Wasn't sure if I was missing something :)

@hartleybrody

This comment has been minimized.

Copy link

hartleybrody commented Oct 3, 2017

I see you created a fields var on line 19 inside find_certificates() and pass that to the censys API, maybe you meant to do that inside find_hosts() as well?

@chokepoint

This comment has been minimized.

Copy link
Owner Author

chokepoint commented Oct 4, 2017

You're right, i meant to pass that along as well in find_hosts(). Good catch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.