Skip to content

Instantly share code, notes, and snippets.

@roobixx

roobixx/san_scan.py

Last active June 19, 2019 20:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save roobixx/2b285fe6807fbc3898e8efb26ad12c81 to your computer and use it in GitHub Desktop.
Save roobixx/2b285fe6807fbc3898e8efb26ad12c81 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
san_scan.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
import ssl
from socket import *
from requests.packages.urllib3.contrib import pyopenssl as reqs
setdefaulttimeout(1)
port_num = "24800"
addr = "$IP"
dns_list = []
def https_cert_subject_alt_names(host, port):
"""Read subject domains in https cert from remote server"""
x509 = reqs.OpenSSL.crypto.load_certificate(
reqs.OpenSSL.crypto.FILETYPE_PEM,
reqs.ssl.get_server_certificate((host, port))
)
return reqs.get_subj_alt_name(x509)
if __name__ == '__main__':
for i in range(1,255):
ip = addr + str(i)
try:
domains = https_cert_subject_alt_names(ip, port_num)
print("*** Found: " + ip + ":" + port_num)
num = 0
while num < len(domains):
print(domains[num][1])
if domains[num][1] not in dns_list:
dns_list.append(domains[num][1])
num += 1
except (timeout):
pass
print("*** DNS Entries ***")
dns = 0
while dns < len(dns_list):
print(dns_list[dns])
dns +=1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment