├── .gitignore
├── Dockerfile
├── LICENSE
├── README.md
├── engines
    ├── __init__.py
    ├── engine.py
    └── enumarator_base.py
├── requirements.txt
├── scan_flags.py
├── subbrute
    ├── __init__.py
    ├── names.txt
    ├── resolvers.txt
    └── subbrute.py
├── sublist3r.py
├── subscann3r.py
└── util
    ├── __init__.py
    ├── logger.py
    ├── port_scanner.py
    └── util.py


/.gitignore:
--------------------------------------------------------------------------------
1 | *.pyc
2 | .idea/*


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.4-alpine
2 | RUN apk add --no-cache git bash
3 | RUN git clone https://github.com/Plazmaz/Sublist3r.git
4 | WORKDIR /Sublist3r/
5 | RUN pip install -r requirements.txt
6 | ENTRYPOINT ["/bin/bash"]
7 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                     GNU GENERAL PUBLIC LICENSE
  2 |                        Version 2, June 1991
  3 | 
  4 |  Copyright (C) 1989, 1991 Free Software Foundation, Inc., <http://fsf.org/>
  5 |  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  6 |  Everyone is permitted to copy and distribute verbatim copies
  7 |  of this license document, but changing it is not allowed.
  8 | 
  9 |                             Preamble
 10 | 
 11 |   The licenses for most software are designed to take away your
 12 | freedom to share and change it.  By contrast, the GNU General Public
 13 | License is intended to guarantee your freedom to share and change free
 14 | software--to make sure the software is free for all its users.  This
 15 | General Public License applies to most of the Free Software
 16 | Foundation's software and to any other program whose authors commit to
 17 | using it.  (Some other Free Software Foundation software is covered by
 18 | the GNU Lesser General Public License instead.)  You can apply it to
 19 | your programs, too.
 20 | 
 21 |   When we speak of free software, we are referring to freedom, not
 22 | price.  Our General Public Licenses are designed to make sure that you
 23 | have the freedom to distribute copies of free software (and charge for
 24 | this service if you wish), that you receive source code or can get it
 25 | if you want it, that you can change the software or use pieces of it
 26 | in new free programs; and that you know you can do these things.
 27 | 
 28 |   To protect your rights, we need to make restrictions that forbid
 29 | anyone to deny you these rights or to ask you to surrender the rights.
 30 | These restrictions translate to certain responsibilities for you if you
 31 | distribute copies of the software, or if you modify it.
 32 | 
 33 |   For example, if you distribute copies of such a program, whether
 34 | gratis or for a fee, you must give the recipients all the rights that
 35 | you have.  You must make sure that they, too, receive or can get the
 36 | source code.  And you must show them these terms so they know their
 37 | rights.
 38 | 
 39 |   We protect your rights with two steps: (1) copyright the software, and
 40 | (2) offer you this license which gives you legal permission to copy,
 41 | distribute and/or modify the software.
 42 | 
 43 |   Also, for each author's protection and ours, we want to make certain
 44 | that everyone understands that there is no warranty for this free
 45 | software.  If the software is modified by someone else and passed on, we
 46 | want its recipients to know that what they have is not the original, so
 47 | that any problems introduced by others will not reflect on the original
 48 | authors' reputations.
 49 | 
 50 |   Finally, any free program is threatened constantly by software
 51 | patents.  We wish to avoid the danger that redistributors of a free
 52 | program will individually obtain patent licenses, in effect making the
 53 | program proprietary.  To prevent this, we have made it clear that any
 54 | patent must be licensed for everyone's free use or not licensed at all.
 55 | 
 56 |   The precise terms and conditions for copying, distribution and
 57 | modification follow.
 58 | 
 59 |                     GNU GENERAL PUBLIC LICENSE
 60 |    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 61 | 
 62 |   0. This License applies to any program or other work which contains
 63 | a notice placed by the copyright holder saying it may be distributed
 64 | under the terms of this General Public License.  The "Program", below,
 65 | refers to any such program or work, and a "work based on the Program"
 66 | means either the Program or any derivative work under copyright law:
 67 | that is to say, a work containing the Program or a portion of it,
 68 | either verbatim or with modifications and/or translated into another
 69 | language.  (Hereinafter, translation is included without limitation in
 70 | the term "modification".)  Each licensee is addressed as "you".
 71 | 
 72 | Activities other than copying, distribution and modification are not
 73 | covered by this License; they are outside its scope.  The act of
 74 | running the Program is not restricted, and the output from the Program
 75 | is covered only if its contents constitute a work based on the
 76 | Program (independent of having been made by running the Program).
 77 | Whether that is true depends on what the Program does.
 78 | 
 79 |   1. You may copy and distribute verbatim copies of the Program's
 80 | source code as you receive it, in any medium, provided that you
 81 | conspicuously and appropriately publish on each copy an appropriate
 82 | copyright notice and disclaimer of warranty; keep intact all the
 83 | notices that refer to this License and to the absence of any warranty;
 84 | and give any other recipients of the Program a copy of this License
 85 | along with the Program.
 86 | 
 87 | You may charge a fee for the physical act of transferring a copy, and
 88 | you may at your option offer warranty protection in exchange for a fee.
 89 | 
 90 |   2. You may modify your copy or copies of the Program or any portion
 91 | of it, thus forming a work based on the Program, and copy and
 92 | distribute such modifications or work under the terms of Section 1
 93 | above, provided that you also meet all of these conditions:
 94 | 
 95 |     a) You must cause the modified files to carry prominent notices
 96 |     stating that you changed the files and the date of any change.
 97 | 
 98 |     b) You must cause any work that you distribute or publish, that in
 99 |     whole or in part contains or is derived from the Program or any
100 |     part thereof, to be licensed as a whole at no charge to all third
101 |     parties under the terms of this License.
102 | 
103 |     c) If the modified program normally reads commands interactively
104 |     when run, you must cause it, when started running for such
105 |     interactive use in the most ordinary way, to print or display an
106 |     announcement including an appropriate copyright notice and a
107 |     notice that there is no warranty (or else, saying that you provide
108 |     a warranty) and that users may redistribute the program under
109 |     these conditions, and telling the user how to view a copy of this
110 |     License.  (Exception: if the Program itself is interactive but
111 |     does not normally print such an announcement, your work based on
112 |     the Program is not required to print an announcement.)
113 | 
114 | These requirements apply to the modified work as a whole.  If
115 | identifiable sections of that work are not derived from the Program,
116 | and can be reasonably considered independent and separate works in
117 | themselves, then this License, and its terms, do not apply to those
118 | sections when you distribute them as separate works.  But when you
119 | distribute the same sections as part of a whole which is a work based
120 | on the Program, the distribution of the whole must be on the terms of
121 | this License, whose permissions for other licensees extend to the
122 | entire whole, and thus to each and every part regardless of who wrote it.
123 | 
124 | Thus, it is not the intent of this section to claim rights or contest
125 | your rights to work written entirely by you; rather, the intent is to
126 | exercise the right to control the distribution of derivative or
127 | collective works based on the Program.
128 | 
129 | In addition, mere aggregation of another work not based on the Program
130 | with the Program (or with a work based on the Program) on a volume of
131 | a storage or distribution medium does not bring the other work under
132 | the scope of this License.
133 | 
134 |   3. You may copy and distribute the Program (or a work based on it,
135 | under Section 2) in object code or executable form under the terms of
136 | Sections 1 and 2 above provided that you also do one of the following:
137 | 
138 |     a) Accompany it with the complete corresponding machine-readable
139 |     source code, which must be distributed under the terms of Sections
140 |     1 and 2 above on a medium customarily used for software interchange; or,
141 | 
142 |     b) Accompany it with a written offer, valid for at least three
143 |     years, to give any third party, for a charge no more than your
144 |     cost of physically performing source distribution, a complete
145 |     machine-readable copy of the corresponding source code, to be
146 |     distributed under the terms of Sections 1 and 2 above on a medium
147 |     customarily used for software interchange; or,
148 | 
149 |     c) Accompany it with the information you received as to the offer
150 |     to distribute corresponding source code.  (This alternative is
151 |     allowed only for noncommercial distribution and only if you
152 |     received the program in object code or executable form with such
153 |     an offer, in accord with Subsection b above.)
154 | 
155 | The source code for a work means the preferred form of the work for
156 | making modifications to it.  For an executable work, complete source
157 | code means all the source code for all modules it contains, plus any
158 | associated interface definition files, plus the scripts used to
159 | control compilation and installation of the executable.  However, as a
160 | special exception, the source code distributed need not include
161 | anything that is normally distributed (in either source or binary
162 | form) with the major components (compiler, kernel, and so on) of the
163 | operating system on which the executable runs, unless that component
164 | itself accompanies the executable.
165 | 
166 | If distribution of executable or object code is made by offering
167 | access to copy from a designated place, then offering equivalent
168 | access to copy the source code from the same place counts as
169 | distribution of the source code, even though third parties are not
170 | compelled to copy the source along with the object code.
171 | 
172 |   4. You may not copy, modify, sublicense, or distribute the Program
173 | except as expressly provided under this License.  Any attempt
174 | otherwise to copy, modify, sublicense or distribute the Program is
175 | void, and will automatically terminate your rights under this License.
176 | However, parties who have received copies, or rights, from you under
177 | this License will not have their licenses terminated so long as such
178 | parties remain in full compliance.
179 | 
180 |   5. You are not required to accept this License, since you have not
181 | signed it.  However, nothing else grants you permission to modify or
182 | distribute the Program or its derivative works.  These actions are
183 | prohibited by law if you do not accept this License.  Therefore, by
184 | modifying or distributing the Program (or any work based on the
185 | Program), you indicate your acceptance of this License to do so, and
186 | all its terms and conditions for copying, distributing or modifying
187 | the Program or works based on it.
188 | 
189 |   6. Each time you redistribute the Program (or any work based on the
190 | Program), the recipient automatically receives a license from the
191 | original licensor to copy, distribute or modify the Program subject to
192 | these terms and conditions.  You may not impose any further
193 | restrictions on the recipients' exercise of the rights granted herein.
194 | You are not responsible for enforcing compliance by third parties to
195 | this License.
196 | 
197 |   7. If, as a consequence of a court judgment or allegation of patent
198 | infringement or for any other reason (not limited to patent issues),
199 | conditions are imposed on you (whether by court order, agreement or
200 | otherwise) that contradict the conditions of this License, they do not
201 | excuse you from the conditions of this License.  If you cannot
202 | distribute so as to satisfy simultaneously your obligations under this
203 | License and any other pertinent obligations, then as a consequence you
204 | may not distribute the Program at all.  For example, if a patent
205 | license would not permit royalty-free redistribution of the Program by
206 | all those who receive copies directly or indirectly through you, then
207 | the only way you could satisfy both it and this License would be to
208 | refrain entirely from distribution of the Program.
209 | 
210 | If any portion of this section is held invalid or unenforceable under
211 | any particular circumstance, the balance of the section is intended to
212 | apply and the section as a whole is intended to apply in other
213 | circumstances.
214 | 
215 | It is not the purpose of this section to induce you to infringe any
216 | patents or other property right claims or to contest validity of any
217 | such claims; this section has the sole purpose of protecting the
218 | integrity of the free software distribution system, which is
219 | implemented by public license practices.  Many people have made
220 | generous contributions to the wide range of software distributed
221 | through that system in reliance on consistent application of that
222 | system; it is up to the author/donor to decide if he or she is willing
223 | to distribute software through any other system and a licensee cannot
224 | impose that choice.
225 | 
226 | This section is intended to make thoroughly clear what is believed to
227 | be a consequence of the rest of this License.
228 | 
229 |   8. If the distribution and/or use of the Program is restricted in
230 | certain countries either by patents or by copyrighted interfaces, the
231 | original copyright holder who places the Program under this License
232 | may add an explicit geographical distribution limitation excluding
233 | those countries, so that distribution is permitted only in or among
234 | countries not thus excluded.  In such case, this License incorporates
235 | the limitation as if written in the body of this License.
236 | 
237 |   9. The Free Software Foundation may publish revised and/or new versions
238 | of the General Public License from time to time.  Such new versions will
239 | be similar in spirit to the present version, but may differ in detail to
240 | address new problems or concerns.
241 | 
242 | Each version is given a distinguishing version number.  If the Program
243 | specifies a version number of this License which applies to it and "any
244 | later version", you have the option of following the terms and conditions
245 | either of that version or of any later version published by the Free
246 | Software Foundation.  If the Program does not specify a version number of
247 | this License, you may choose any version ever published by the Free Software
248 | Foundation.
249 | 
250 |   10. If you wish to incorporate parts of the Program into other free
251 | programs whose distribution conditions are different, write to the author
252 | to ask for permission.  For software which is copyrighted by the Free
253 | Software Foundation, write to the Free Software Foundation; we sometimes
254 | make exceptions for this.  Our decision will be guided by the two goals
255 | of preserving the free status of all derivatives of our free software and
256 | of promoting the sharing and reuse of software generally.
257 | 
258 |                             NO WARRANTY
259 | 
260 |   11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
268 | REPAIR OR CORRECTION.
269 | 
270 |   12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
278 | POSSIBILITY OF SUCH DAMAGES.
279 | 
280 |                      END OF TERMS AND CONDITIONS
281 | 
282 |             How to Apply These Terms to Your New Programs
283 | 
284 |   If you develop a new program, and you want it to be of the greatest
285 | possible use to the public, the best way to achieve this is to make it
286 | free software which everyone can redistribute and change under these terms.
287 | 
288 |   To do so, attach the following notices to the program.  It is safest
289 | to attach them to the start of each source file to most effectively
290 | convey the exclusion of warranty; and each file should have at least
291 | the "copyright" line and a pointer to where the full notice is found.
292 | 
293 |     {description}
294 |     Copyright (C) {year}  {fullname}
295 | 
296 |     This program is free software; you can redistribute it and/or modify
297 |     it under the terms of the GNU General Public License as published by
298 |     the Free Software Foundation; either version 2 of the License, or
299 |     (at your option) any later version.
300 | 
301 |     This program is distributed in the hope that it will be useful,
302 |     but WITHOUT ANY WARRANTY; without even the implied warranty of
303 |     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
304 |     GNU General Public License for more details.
305 | 
306 |     You should have received a copy of the GNU General Public License along
307 |     with this program; if not, write to the Free Software Foundation, Inc.,
308 |     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
309 | 
310 | Also add information on how to contact you by electronic and paper mail.
311 | 
312 | If the program is interactive, make it output a short notice like this
313 | when it starts in an interactive mode:
314 | 
315 |     Gnomovision version 69, Copyright (C) year name of author
316 |     Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
317 |     This is free software, and you are welcome to redistribute it
318 |     under certain conditions; type `show c' for details.
319 | 
320 | The hypothetical commands `show w' and `show c' should show the appropriate
321 | parts of the General Public License.  Of course, the commands you use may
322 | be called something other than `show w' and `show c'; they could even be
323 | mouse-clicks or menu items--whatever suits your program.
324 | 
325 | You should also get your employer (if you work as a programmer) or your
326 | school, if any, to sign a "copyright disclaimer" for the program, if
327 | necessary.  Here is a sample; alter the names:
328 | 
329 |   Yoyodyne, Inc., hereby disclaims all copyright interest in the program
330 |   `Gnomovision' (which makes passes at compilers) written by James Hacker.
331 | 
332 |   {signature of Ty Coon}, 1 April 1989
333 |   Ty Coon, President of Vice
334 | 
335 | This General Public License does not permit incorporating your program into
336 | proprietary programs.  If your program is a subroutine library, you may
337 | consider it more useful to permit linking proprietary applications with the
338 | library.  If this is what you want to do, use the GNU Lesser General
339 | Public License instead of this License.
340 | 
341 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # This is not the official repo for sublist3r, this version contains extra features (notably subdomain takeover checks).
  2 | ## The original version: https://github.com/aboul3la/Sublist3r
  3 | 
  4 | ## About Sublist3r 
  5 | 
  6 | Sublist3r is python tool that is designed to enumerate subdomains of websites through OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.
  7 | 
  8 | [subbrute](https://github.com/TheRook/subbrute) was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.
  9 | 
 10 | ## Screenshots
 11 | 
 12 | ![Sublist3r](http://www.secgeek.net/images/Sublist3r.png "Sublist3r in action")
 13 | 
 14 | 
 15 | ## Installation
 16 | 
 17 | ```
 18 | git clone https://github.com/Plazmaz/Sublist3r.git
 19 | ```
 20 | 
 21 | ## Recommended Python Version:
 22 | 
 23 | Sublist3r currently supports **Python 2** and **Python 3**.
 24 | 
 25 | * The recommended version for Python 2 is **2.7.x**
 26 | * The recommened version for Python 3 is **3.4.x**
 27 | 
 28 | ## Dependencies:
 29 | 
 30 | Sublist3r depends on the `requests`, `dnspython` and `argparse` python modules.
 31 | 
 32 | These dependencies can be installed using the requirements file:
 33 | 
 34 | - Installation on Windows:
 35 | ```
 36 | c:\python27\python.exe -m pip install -r requirements.txt
 37 | ```
 38 | - Installation on Linux
 39 | ```
 40 | sudo pip install -r requirements.txt
 41 | ```
 42 | 
 43 | Alternatively, each module can be installed independently as shown below.
 44 | 
 45 | #### Requests Module (http://docs.python-requests.org/en/latest/)
 46 | 
 47 | - Install for Windows:
 48 | ```
 49 | c:\python27\python.exe -m pip install requests
 50 | ```
 51 | 
 52 | - Install for Ubuntu/Debian:
 53 | ```
 54 | sudo apt-get install python-requests
 55 | ```
 56 | 
 57 | - Install for Centos/Redhat:
 58 | ```
 59 | sudo yum install python-requests
 60 | ```
 61 | 
 62 | - Install using pip on Linux:
 63 | ```
 64 | sudo pip install requests
 65 | ```
 66 | 
 67 | #### dnspython Module (http://www.dnspython.org/)
 68 | 
 69 | - Install for Windows:
 70 | ```
 71 | c:\python27\python.exe -m pip install dnspython
 72 | ```
 73 | 
 74 | - Install for Ubuntu/Debian:
 75 | ```
 76 | sudo apt-get install python-dnspython
 77 | ```
 78 | 
 79 | - Install using pip:
 80 | ```
 81 | sudo pip install dnspython
 82 | ```
 83 | 
 84 | #### argparse Module
 85 | 
 86 | - Install for Ubuntu/Debian:
 87 | ```
 88 | sudo apt-get install python-argparse
 89 | ```
 90 | 
 91 | - Install for Centos/Redhat:
 92 | ```
 93 | sudo yum install python-argparse
 94 | ``` 
 95 | 
 96 | - Install using pip:
 97 | ```
 98 | sudo pip install argparse
 99 | ```
100 | 
101 | **for coloring in windows install the following libraries**
102 | ```
103 | c:\python27\python.exe -m pip install win_unicode_console colorama
104 | ```
105 | 
106 | ## Usage
107 | 
108 | Short Form    | Long Form         | Description
109 | ------------- | ------------------|-------------
110 | -d            | --domain          | Domain name to enumerate subdomains of
111 | -b            | --bruteforce      | Enable the subbrute bruteforce module
112 | -p            | --ports           | Scan the found subdomains against specific tcp ports
113 | -v            | --verbose         | Enable the verbose mode and display results in realtime
114 | -t            | --threads         | Number of threads to use for subbrute bruteforce
115 | -e            | --engines         | Specify a comma-separated list of search engines
116 | -o            | --output          | Save the results to text file
117 | -h            | --help            | show the help message and exit
118 | -to           | --takover-check   | [New] Scan subdomains for unregistered services such as Github Pages
119 | 
120 | ### Examples
121 | 
122 | * To list all the basic options and switches use -h switch:
123 | 
124 | ```python sublist3r.py -h```
125 | 
126 | * To enumerate subdomains of specific domain:
127 | 
128 | ``python sublist3r.py -d example.com``
129 | 
130 | * To enumerate subdomains of specific domain and show only subdomains which have open ports 80 and 443 :
131 | 
132 | ``python sublist3r.py -d example.com -p 80,443``
133 | 
134 | * To enumerate subdomains of specific domain and show the results in realtime:
135 | 
136 | ``python sublist3r.py -v -d example.com``
137 | 
138 | * To enumerate subdomains and enable the bruteforce module:
139 | 
140 | ``python sublist3r.py -b -d example.com``
141 | 
142 | * To enumerate subdomains and use specific engines such Google, Yahoo and Virustotal engines
143 | 
144 | ``python sublist3r.py -e google,yahoo,virustotal -d example.com``
145 | 
146 | 
147 | ## Using Sublist3r as a module in your python scripts
148 | 
149 | **Example**
150 | 
151 | ```python
152 | import sublist3r 
153 | subdomains = sublist3r.main(domain, no_threads, savefile, ports, silent, verbose, enable_bruteforce, takeover_check, engines)
154 | ```
155 | The main function will return a set of unique subdomains found by Sublist3r
156 | 
157 | **Function Usage:**
158 | * **domain**: The domain you want to enumerate subdomains of.
159 | * **savefile**: save the output into text file.
160 | * **ports**: specify a comma-sperated list of the tcp ports to scan.
161 | * **silent**: set sublist3r to work in silent mode during the execution (helpful when you don't need a lot of noise).
162 | * **verbose**: display the found subdomains in real time.
163 | * **enable_bruteforce**: enable the bruteforce module.
164 | * **takeover_check**: enable subdomain takeover checks.
165 | * **engines**: (Optional) to choose specific engines.
166 | 
167 | Example to enumerate subdomains of Yahoo.com:
168 | ```python
169 | import sublist3r 
170 | subdomains = sublist3r.main('yahoo.com', 40, 'yahoo_subdomains.txt', ports= None, silent=False, verbose= False, enable_bruteforce= False, takeover_check=False, engines=None)
171 | ```
172 | 
173 | ## License
174 | 
175 | Sublist3r is licensed under the GNU GPL license. take a look at the [LICENSE](https://github.com/aboul3la/Sublist3r/blob/master/LICENSE) for more information.
176 | 
177 | 
178 | ## Credits
179 | 
180 | * [TheRook](https://github.com/TheRook) - The bruteforce module was based on his script **subbrute**. 
181 | * [Bitquark](https://github.com/bitquark) - The Subbrute's wordlist was based on his research **dnspop**. 
182 | 
183 | ## Thanks
184 | 
185 | * Special Thanks to [Ibrahim Mosaad](https://twitter.com/ibrahim_mosaad) for his great contributions that helped in improving the tool.
186 | 
187 | ## Version
188 | **Current version is 1.0**
189 | 


--------------------------------------------------------------------------------
/engines/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Plazmaz/Sublist3r/71fe2578032c3064a619f5dac6652f0c229c2c72/engines/__init__.py


--------------------------------------------------------------------------------
/engines/engine.py:
--------------------------------------------------------------------------------
  1 | import hashlib
  2 | import multiprocessing
  3 | import re
  4 | import threading
  5 | 
  6 | import sys
  7 | from collections import Counter
  8 | import random
  9 | 
 10 | import dns
 11 | import time
 12 | import json
 13 | from engines.enumarator_base import EnumeratorBase
 14 | import requests
 15 | 
 16 | # Python 2.x and 3.x compatiablity
 17 | from util.logger import Logger
 18 | 
 19 | if sys.version > '3':
 20 |     import urllib.parse as urlparse
 21 |     import urllib.parse as urllib
 22 | else:
 23 |     import urlparse
 24 |     import urllib
 25 | 
 26 | 
 27 | class EnumratorBaseThreaded(multiprocessing.Process, EnumeratorBase):
 28 |     def __init__(self, base_url, engine_name, domain, subdomains=None, q=None, lock=threading.Lock(),
 29 |                  silent=False, logger=None):
 30 |         subdomains = subdomains or []
 31 |         EnumeratorBase.__init__(self, base_url, engine_name, domain, subdomains, silent, logger)
 32 |         multiprocessing.Process.__init__(self)
 33 |         self.lock = lock
 34 |         self.logger = logger
 35 |         self.q = q
 36 |         return
 37 | 
 38 |     def run(self):
 39 |         domain_list = self.enumerate()
 40 |         for domain in domain_list:
 41 |             self.q.append(domain)
 42 | 
 43 | 
 44 | class GoogleEnum(EnumratorBaseThreaded):
 45 |     def __init__(self, domain, subdomains=None, q=None, silent=False, logger=None):
 46 |         subdomains = subdomains or []
 47 |         base_url = "https://google.com/search?q={query}&btnG=Search&hl=en-US&biw=&bih=&gbv=1&start={page_no}&filter=0"
 48 |         self.engine_name = "Google"
 49 |         self.MAX_DOMAINS = 11
 50 |         self.MAX_PAGES = 200
 51 |         super(GoogleEnum, self).__init__(base_url, self.engine_name, domain, subdomains, silent=silent, logger=logger)
 52 |         self.q = q
 53 |         return
 54 | 
 55 |     def extract_domains(self, resp):
 56 |         link_regx = re.compile('<cite.*?>(.*?)</cite>')
 57 |         try:
 58 |             links_list = link_regx.findall(resp)
 59 |             for link in links_list:
 60 |                 link = re.sub('<span.*>', '', link)
 61 |                 if not link.startswith('http'):
 62 |                     link = "http://" + link
 63 |                 subdomain = urlparse.urlparse(link).netloc
 64 |                 if subdomain and subdomain not in self.subdomains and subdomain != self.domain:
 65 |                     if self.logger.is_verbose:
 66 |                         self.print_("%s%s: %s%s" % (self.logger.R, self.engine_name, self.logger.W, subdomain))
 67 |                     self.subdomains.append(subdomain.strip())
 68 |         except Exception:
 69 |             pass
 70 |         return links_list
 71 | 
 72 |     def check_response_errors(self, resp):
 73 |         if type(resp) == type(1):
 74 |             return False
 75 |         if 'Our systems have detected unusual traffic' in resp:
 76 |             self.print_(self.logger.R + "[!] Error: Google probably now is blocking our requests" + self.logger.W)
 77 |             self.print_(self.logger.R + "[~] Finished now the Google Enumeration ..." + self.logger.W)
 78 |             return False
 79 |         return True
 80 | 
 81 |     def should_sleep(self):
 82 |         time.sleep(5)
 83 |         return
 84 | 
 85 |     def generate_query(self):
 86 |         if self.subdomains:
 87 |             fmt = 'site:{domain} -www.{domain} -{found}'
 88 |             found = ' -'.join(self.subdomains[:self.MAX_DOMAINS - 2])
 89 |             query = fmt.format(domain=self.domain, found=found)
 90 |         else:
 91 |             query = "site:{domain} -www.{domain}".format(domain=self.domain)
 92 |         return query
 93 | 
 94 | 
 95 | class YahooEnum(EnumratorBaseThreaded):
 96 |     def __init__(self, domain, subdomains=None, q=None, silent=False, logger=None):
 97 |         subdomains = subdomains or []
 98 |         base_url = "https://search.yahoo.com/search?p={query}&b={page_no}"
 99 |         self.engine_name = "Yahoo"
100 |         self.MAX_DOMAINS = 10
101 |         self.MAX_PAGES = 0
102 |         super(YahooEnum, self).__init__(base_url, self.engine_name, domain, subdomains, q=q, silent=silent,
103 |                                         logger=logger)
104 |         self.q = q
105 |         return
106 | 
107 |     def extract_domains(self, resp):
108 |         link_regx2 = re.compile('<span class=" fz-.*? fw-m fc-12th wr-bw.*?">(.*?)</span>')
109 |         link_regx = re.compile('<span class="txt"><span class=" cite fw-xl fz-15px">(.*?)</span>')
110 |         links_list = []
111 |         try:
112 |             links = link_regx.findall(resp)
113 |             links2 = link_regx2.findall(resp)
114 |             links_list = links + links2
115 |             for link in links_list:
116 |                 link = re.sub("<(\/)?b>", "", link)
117 |                 if not link.startswith('http'):
118 |                     link = "http://" + link
119 |                 subdomain = urlparse.urlparse(link).netloc
120 |                 if not subdomain.endswith(self.domain):
121 |                     continue
122 |                 if subdomain and subdomain not in self.subdomains and subdomain != self.domain:
123 |                     if self.logger.is_verbose:
124 |                         self.print_("%s%s: %s%s" % (self.logger.R, self.engine_name, self.logger.W, subdomain))
125 |                     self.subdomains.append(subdomain.strip())
126 |         except Exception:
127 |             pass
128 | 
129 |         return links_list
130 | 
131 |     def should_sleep(self):
132 |         return
133 | 
134 |     def get_page(self, num):
135 |         return num + 10
136 | 
137 |     def generate_query(self):
138 |         if self.subdomains:
139 |             fmt = 'site:{domain} -domain:www.{domain} -domain:{found}'
140 |             found = ' -domain:'.join(self.subdomains[:77])
141 |             query = fmt.format(domain=self.domain, found=found)
142 |         else:
143 |             query = "site:{domain}".format(domain=self.domain)
144 |         return query
145 | 
146 | 
147 | class AskEnum(EnumratorBaseThreaded):
148 |     def __init__(self, domain, subdomains=None, q=None, silent=False, logger=None):
149 |         subdomains = subdomains or []
150 |         base_url = 'http://www.ask.com/web?q={query}&page={page_no}&qid=8D6EE6BF52E0C04527E51F64F22C4534&o=0&l=dir&qsrc=998&qo=pagination'
151 |         self.engine_name = "Ask"
152 |         self.MAX_DOMAINS = 11
153 |         self.MAX_PAGES = 0
154 |         
155 |         super(AskEnum, self).__init__(base_url, self.engine_name, domain, subdomains, silent=silent,
156 |                                          logger=logger)
157 |         self.q = q
158 |         return
159 | 
160 |     def extract_domains(self, resp):
161 |         link_regx = re.compile('<p class="web-result-url">(.*?)</p>')
162 |         try:
163 |             links_list = []
164 |             links_list = link_regx.findall(resp)
165 |             for link in links_list:
166 |                 if not link.startswith('http'):
167 |                     link = "http://" + link
168 |                 subdomain = urlparse.urlparse(link).netloc
169 |                 if subdomain not in self.subdomains and subdomain != self.domain:
170 |                     if self.logger.is_verbose:
171 |                         self.print_("%s%s: %s%s" % (self.logger.R, self.engine_name, self.logger.W, subdomain))
172 |                     self.subdomains.append(subdomain.strip())
173 |         except Exception:
174 |             pass
175 | 
176 |         return links_list
177 | 
178 |     def get_page(self, num):
179 |         return num + 1
180 | 
181 |     def generate_query(self):
182 |         if self.subdomains:
183 |             fmt = 'site:{domain} -www.{domain} -{found}'
184 |             found = ' -'.join(self.subdomains[:self.MAX_DOMAINS])
185 |             query = fmt.format(domain=self.domain, found=found)
186 |         else:
187 |             query = "site:{domain} -www.{domain}".format(domain=self.domain)
188 | 
189 |         return query
190 | 
191 | 
192 | class BingEnum(EnumratorBaseThreaded):
193 |     def __init__(self, domain, subdomains=None, q=None, silent=False, logger=None):
194 |         subdomains = subdomains or []
195 |         base_url = 'https://www.bing.com/search?q={query}&go=Submit&first={page_no}'
196 |         self.engine_name = "Bing"
197 |         self.MAX_DOMAINS = 30
198 |         self.MAX_PAGES = 0
199 |         super(BingEnum, self).__init__(base_url, self.engine_name, domain, subdomains, silent=silent,
200 |                                          logger=logger)
201 |         self.q = q
202 |         return
203 | 
204 |     def extract_domains(self, resp):
205 |         link_regx = re.compile('<li class="b_algo"><h2><a href="(.*?)"')
206 |         link_regx2 = re.compile('<div class="b_title"><h2><a href="(.*?)"')
207 |         try:
208 |             links = link_regx.findall(resp)
209 |             links2 = link_regx2.findall(resp)
210 |             links_list = links + links2
211 | 
212 |             for link in links_list:
213 |                 link = re.sub('<(\/)?strong>|<span.*?>|<|>', '', link)
214 |                 if not link.startswith('http'):
215 |                     link = "http://" + link
216 |                 subdomain = urlparse.urlparse(link).netloc
217 |                 if subdomain not in self.subdomains and subdomain != self.domain:
218 |                     if self.logger.is_verbose:
219 |                         self.print_("%s%s: %s%s" % (self.logger.R, self.engine_name, self.logger.W, subdomain))
220 |                     self.subdomains.append(subdomain.strip())
221 |         except Exception:
222 |             pass
223 | 
224 |         return links_list
225 | 
226 |     def generate_query(self):
227 |         if self.subdomains:
228 |             fmt = 'domain:{domain} -www.{domain} -{found}'
229 |             found = ' -'.join(self.subdomains[:self.MAX_DOMAINS])
230 |             query = fmt.format(domain=self.domain, found=found)
231 |         else:
232 |             query = "domain:{domain} -www.{domain}".format(domain=self.domain)
233 |         return query
234 | 
235 | 
236 | class BaiduEnum(EnumratorBaseThreaded):
237 |     def __init__(self, domain, subdomains=None, q=None, silent=False, logger=None):
238 |         subdomains = subdomains or []
239 |         base_url = 'https://www.baidu.com/s?pn={page_no}&wd={query}&oq={query}'
240 |         self.engine_name = "Baidu"
241 |         self.MAX_DOMAINS = 2
242 |         self.MAX_PAGES = 760
243 |         super(BaiduEnum, self).__init__(base_url, self.engine_name, domain, subdomains, silent=silent,
244 |                                          logger=logger)
245 |         self.querydomain = self.domain
246 |         self.q = q
247 |         return
248 | 
249 |     def extract_domains(self, resp):
250 |         found_newdomain = False
251 |         subdomain_list = []
252 |         link_regx = re.compile('<a.*?class="c-showurl".*?>(.*?)</a>')
253 |         try:
254 |             links = link_regx.findall(resp)
255 |             for link in links:
256 |                 link = re.sub('<.*?>|>|<|&nbsp;', '', link)
257 |                 if not link.startswith('http'):
258 |                     link = "http://" + link
259 |                 subdomain = urlparse.urlparse(link).netloc
260 |                 if subdomain.endswith(self.domain):
261 |                     subdomain_list.append(subdomain)
262 |                     if subdomain not in self.subdomains and subdomain != self.domain:
263 |                         found_newdomain = True
264 |                         if self.logger.is_verbose:
265 |                             self.print_("%s%s: %s%s" % (self.logger.R, self.engine_name, self.logger.W, subdomain))
266 |                         self.subdomains.append(subdomain.strip())
267 |         except Exception:
268 |             pass
269 |         if not found_newdomain and subdomain_list:
270 |             self.querydomain = self.findsubs(subdomain_list)
271 |         return links
272 | 
273 |     def findsubs(self, subdomains):
274 |         count = Counter(subdomains)
275 |         subdomain1 = max(count, key=count.get)
276 |         count.pop(subdomain1, "None")
277 |         subdomain2 = max(count, key=count.get) if count else ''
278 |         return (subdomain1, subdomain2)
279 | 
280 |     def check_response_errors(self, resp):
281 |         return True
282 | 
283 |     def should_sleep(self):
284 |         time.sleep(random.randint(2, 5))
285 |         return
286 | 
287 |     def generate_query(self):
288 |         if self.subdomains and self.querydomain != self.domain:
289 |             found = ' -site:'.join(self.querydomain)
290 |             query = "site:{domain} -site:www.{domain} -site:{found} ".format(domain=self.domain, found=found)
291 |         else:
292 |             query = "site:{domain} -site:www.{domain}".format(domain=self.domain)
293 |         return query
294 | 
295 | 
296 | class NetcraftEnum(EnumratorBaseThreaded):
297 |     def __init__(self, domain, subdomains=None, q=None, silent=False, logger=None):
298 |         subdomains = subdomains or []
299 |         self.base_url = 'https://searchdns.netcraft.com/?restriction=site+ends+with&host={domain}'
300 |         self.engine_name = "Netcraft"
301 |         self.lock = threading.Lock()
302 |         super(NetcraftEnum, self).__init__(self.base_url, self.engine_name, domain, subdomains, q=q, silent=silent,
303 |                                            logger=logger)
304 |         self.q = q
305 |         return
306 | 
307 |     def req(self, url, cookies=None):
308 |         cookies = cookies or {}
309 |         try:
310 |             resp = self.session.get(url, headers=self.headers, timeout=self.timeout, cookies=cookies)
311 |         except Exception as e:
312 |             self.print_(e, 'netcraft modules')
313 |             resp = None
314 |         return resp
315 | 
316 |     def get_next(self, resp):
317 |         link_regx = re.compile('<A href="(.*?)"><b>Next page</b></a>')
318 |         link = link_regx.findall(resp)
319 |         link = re.sub('host=.*?%s' % self.domain, 'host=%s' % self.domain, link[0])
320 |         url = 'http://searchdns.netcraft.com' + link
321 |         return url
322 | 
323 |     def create_cookies(self, cookie):
324 |         cookies = dict()
325 |         cookies_list = cookie[0:cookie.find(';')].split("=")
326 |         cookies[cookies_list[0]] = cookies_list[1]
327 |         cookies['netcraft_js_verification_response'] = hashlib.sha1(urllib.unquote(cookies_list[1])).hexdigest()
328 |         return cookies
329 | 
330 |     def get_cookies(self, headers):
331 |         if 'set-cookie' in headers:
332 |             cookies = self.create_cookies(headers['set-cookie'])
333 |         else:
334 |             cookies = {}
335 |         return cookies
336 | 
337 |     def enumerate(self):
338 |         start_url = self.base_url.format(domain='example.com')
339 |         resp = self.req(start_url)
340 |         cookies = self.get_cookies(resp.headers)
341 |         url = self.base_url.format(domain=self.domain)
342 |         while True:
343 |             resp = self.get_response(self.req(url, cookies))
344 |             self.extract_domains(resp)
345 |             if 'Next page' not in resp:
346 |                 return self.subdomains
347 |                 break
348 |             url = self.get_next(resp)
349 | 
350 |     def extract_domains(self, resp):
351 |         link_regx = re.compile('<a href="http://toolbar.netcraft.com/site_report\?url=(.*)">')
352 |         try:
353 |             links_list = link_regx.findall(resp)
354 |             for link in links_list:
355 |                 subdomain = urlparse.urlparse(link).netloc
356 |                 if not subdomain.endswith(self.domain):
357 |                     continue
358 |                 if subdomain and subdomain not in self.subdomains and subdomain != self.domain:
359 |                     if self.logger.is_verbose:
360 |                         self.print_("%s%s: %s%s" % (self.logger.R, self.engine_name, self.logger.W, subdomain))
361 |                     self.subdomains.append(subdomain.strip())
362 |         except Exception:
363 |             pass
364 |         return links_list
365 | 
366 | 
367 | class DNSdumpster(EnumratorBaseThreaded):
368 |     def __init__(self, domain, subdomains=None, q=None, silent=False, logger=None):
369 |         subdomains = subdomains or []
370 |         base_url = 'https://dnsdumpster.com/'
371 |         self.live_subdomains = []
372 |         self.engine_name = "DNSdumpster"
373 |         self.threads = 70
374 |         self.lock = threading.BoundedSemaphore(value=self.threads)
375 |         self.q = q
376 |         super(DNSdumpster, self).__init__(base_url, self.engine_name, domain, subdomains, q=q, silent=silent,
377 |                                           logger=logger)
378 |         return
379 | 
380 |     def check_host(self, host):
381 |         is_valid = False
382 |         Resolver = dns.resolver.Resolver()
383 |         Resolver.nameservers = ['8.8.8.8', '8.8.4.4']
384 |         self.lock.acquire()
385 |         try:
386 |             ip = Resolver.query(host, 'A')[0].to_text()
387 |             if ip:
388 |                 if self.logger.is_verbose:
389 |                     self.print_("%s%s: %s%s" % (self.logger.R, self.engine_name, self.logger.W, host))
390 |                 is_valid = True
391 |                 self.live_subdomains.append(host)
392 |         except:
393 |             pass
394 |         self.lock.release()
395 |         return is_valid
396 | 
397 |     def req(self, req_method, url, params=None):
398 |         params = params or {}
399 |         headers = dict(self.headers)
400 |         headers['Referer'] = 'https://dnsdumpster.com'
401 |         try:
402 |             if req_method == 'GET':
403 |                 resp = self.session.get(url, headers=headers, timeout=self.timeout)
404 |             else:
405 |                 resp = self.session.post(url, data=params, headers=headers, timeout=self.timeout)
406 |         except Exception as e:
407 |             self.print_(e)
408 |             resp = None
409 |         return self.get_response(resp)
410 | 
411 |     def get_csrftoken(self, resp):
412 |         csrf_regex = re.compile("<input type='hidden' name='csrfmiddlewaretoken' value='(.*?)' />", re.S)
413 |         token = csrf_regex.findall(resp)[0]
414 |         return token.strip()
415 | 
416 |     def enumerate(self, **kwargs):
417 |         resp = self.req('GET', self.base_url)
418 |         token = self.get_csrftoken(resp)
419 |         params = {'csrfmiddlewaretoken': token, 'targetip': self.domain}
420 |         post_resp = self.req('POST', self.base_url, params)
421 |         self.extract_domains(post_resp)
422 |         for subdomain in self.subdomains:
423 |             t = threading.Thread(target=self.check_host, args=(subdomain,))
424 |             t.start()
425 |             t.join()
426 |         return self.live_subdomains
427 | 
428 |     def extract_domains(self, resp):
429 |         tbl_regex = re.compile('<a name="hostanchor"><\/a>Host Records.*?<table.*?>(.*?)</table>', re.S)
430 |         link_regex = re.compile('<td class="col-md-4">(.*?)<br>', re.S)
431 |         links = []
432 |         try:
433 |             results_tbl = tbl_regex.findall(resp)[0]
434 |         except IndexError:
435 |             results_tbl = ''
436 |         links_list = link_regex.findall(results_tbl)
437 |         links = list(set(links_list))
438 |         for link in links:
439 |             subdomain = link.strip()
440 |             if not subdomain.endswith(self.domain):
441 |                 continue
442 |             if subdomain and subdomain not in self.subdomains and subdomain != self.domain:
443 |                 self.subdomains.append(subdomain.strip())
444 |         return links
445 | 
446 | 
447 | class Virustotal(EnumratorBaseThreaded):
448 |     def __init__(self, domain, subdomains=None, q=None, silent=False, logger=None):
449 |         subdomains = subdomains or []
450 |         base_url = 'https://www.virustotal.com/en/domain/{domain}/information/'
451 |         self.engine_name = "Virustotal"
452 |         self.lock = threading.Lock()
453 |         self.q = q
454 |         super(Virustotal, self).__init__(base_url, self.engine_name, domain, subdomains, q=q, silent=silent,
455 |                                          logger=logger)
456 |         return
457 | 
458 |     # the main send_req need to be rewritten
459 |     def send_req(self, url):
460 |         try:
461 |             resp = self.session.get(url, headers=self.headers, timeout=self.timeout)
462 |         except Exception as e:
463 |             self.print_(e)
464 |             resp = None
465 | 
466 |         return self.get_response(resp)
467 | 
468 |     # once the send_req is rewritten we don't need to call this function, the stock one should be ok
469 |     def enumerate(self):
470 |         url = self.base_url.format(domain=self.domain)
471 |         resp = self.send_req(url)
472 |         self.extract_domains(resp)
473 |         return self.subdomains
474 | 
475 |     def extract_domains(self, resp):
476 |         link_regx = re.compile('<div class="enum.*?">.*?<a target="_blank" href=".*?">(.*?)</a>', re.S)
477 |         try:
478 |             links = link_regx.findall(resp)
479 |             for link in links:
480 |                 subdomain = link.strip()
481 |                 if not subdomain.endswith(self.domain):
482 |                     continue
483 |                 if subdomain not in self.subdomains and subdomain != self.domain:
484 |                     if self.logger.is_verbose:
485 |                         self.print_("%s%s: %s%s" % (self.logger.R, self.engine_name, self.logger.W, subdomain))
486 |                     self.subdomains.append(subdomain.strip())
487 |         except Exception:
488 |             pass
489 | 
490 | 
491 | class ThreatCrowd(EnumratorBaseThreaded):
492 |     def __init__(self, domain, subdomains=None, q=None, silent=False, logger=None):
493 |         subdomains = subdomains or []
494 |         base_url = 'https://www.threatcrowd.org/searchApi/v2/domain/report/?domain={domain}'
495 |         self.engine_name = "ThreatCrowd"
496 |         self.lock = threading.Lock()
497 |         self.q = q
498 |         super(ThreatCrowd, self).__init__(base_url, self.engine_name, domain, subdomains, q=q, silent=silent,
499 |                                           logger=logger)
500 |         return
501 | 
502 |     def req(self, url):
503 |         try:
504 |             resp = self.session.get(url, headers=self.headers, timeout=self.timeout)
505 |         except Exception:
506 |             resp = None
507 | 
508 |         return self.get_response(resp)
509 | 
510 |     def enumerate(self):
511 |         url = self.base_url.format(domain=self.domain)
512 |         resp = self.req(url)
513 |         self.extract_domains(resp)
514 |         return self.subdomains
515 | 
516 |     def extract_domains(self, resp):
517 |         try:
518 |             links = json.loads(resp)['subdomains']
519 |             for link in links:
520 |                 subdomain = link.strip()
521 |                 if not subdomain.endswith(self.domain):
522 |                     continue
523 |                 if subdomain not in self.subdomains and subdomain != self.domain:
524 |                     if self.logger.is_verbose:
525 |                         self.print_("%s%s: %s%s" % (self.logger.R, self.engine_name, self.logger.W, subdomain))
526 |                     self.subdomains.append(subdomain.strip())
527 |         except Exception as e:
528 |             pass
529 | 
530 | 
531 | class CrtSearch(EnumratorBaseThreaded):
532 |     def __init__(self, domain, subdomains=None, q=None, silent=False, logger=None):
533 |         subdomains = subdomains or []
534 |         base_url = 'https://crt.sh/?q=%25.{domain}'
535 |         self.engine_name = "SSL Certificates"
536 |         self.lock = threading.Lock()
537 |         self.q = q
538 |         super(CrtSearch, self).__init__(base_url, self.engine_name, domain, subdomains, q=q, silent=silent,
539 |                                         logger=logger)
540 |         return
541 | 
542 |     def req(self, url):
543 |         try:
544 |             resp = self.session.get(url, headers=self.headers, timeout=self.timeout)
545 |         except Exception:
546 |             resp = None
547 | 
548 |         return self.get_response(resp)
549 | 
550 |     def enumerate(self):
551 |         url = self.base_url.format(domain=self.domain)
552 |         resp = self.req(url)
553 |         if resp:
554 |             self.extract_domains(resp)
555 |         return self.subdomains
556 | 
557 |     def extract_domains(self, resp):
558 |         link_regx = re.compile('<TD>(.*?)</TD>')
559 |         try:
560 |             links = link_regx.findall(resp)
561 |             for link in links:
562 |                 subdomain = link.strip()
563 |                 if not subdomain.endswith(self.domain) or '*' in subdomain:
564 |                     continue
565 | 
566 |                 if '@' in subdomain:
567 |                     subdomain = subdomain[subdomain.find('@') + 1:]
568 | 
569 |                 if subdomain not in self.subdomains and subdomain != self.domain:
570 |                     if self.logger.is_verbose:
571 |                         self.print_("%s%s: %s%s" % (self.logger.R, self.engine_name, self.logger.W, subdomain))
572 |                     self.subdomains.append(subdomain.strip())
573 |         except Exception as e:
574 |             pass
575 | 
576 | 
577 | class PassiveDNS(EnumratorBaseThreaded):
578 |     def __init__(self, domain, subdomains=None, q=None, silent=False, logger=None):
579 |         subdomains = subdomains or []
580 |         base_url = 'https://api.sublist3r.com/search.php?domain={domain}'
581 |         self.engine_name = "PassiveDNS"
582 |         self.lock = threading.Lock()
583 |         self.q = q
584 |         super(PassiveDNS, self).__init__(base_url, self.engine_name, domain, subdomains, q=q, silent=silent,
585 |                                          logger=logger)
586 |         return
587 | 
588 |     def req(self, url):
589 |         try:
590 |             resp = self.session.get(url, headers=self.headers, timeout=self.timeout)
591 |         except Exception as e:
592 |             resp = None
593 | 
594 |         return self.get_response(resp)
595 | 
596 |     def enumerate(self):
597 |         url = self.base_url.format(domain=self.domain)
598 |         resp = self.req(url)
599 |         if not resp:
600 |             return self.subdomains
601 | 
602 |         self.extract_domains(resp)
603 |         return self.subdomains
604 | 
605 |     def extract_domains(self, resp):
606 |         try:
607 |             subdomains = json.loads(resp)
608 |             for subdomain in subdomains:
609 |                 if subdomain not in self.subdomains and subdomain != self.domain:
610 |                     if self.verbose:
611 |                         self.print_("%s%s: %s%s" % (self.logger.R, self.engine_name, self.logger.W, subdomain))
612 |                     self.subdomains.append(subdomain.strip())
613 |         except Exception as e:
614 |             pass
615 | 
616 | 
617 | class HackerTarget(EnumratorBaseThreaded):
618 |     def __init__(self, domain, subdomains=None, q=None, silent=False, logger=None):
619 |         subdomains = subdomains or []
620 |         base_url = 'https://api.hackertarget.com/hostsearch/?q={domain}'
621 |         self.engine_name = "HackerTarget"
622 |         self.lock = threading.Lock()
623 |         self.q = q
624 |         super(HackerTarget, self).__init__(base_url, self.engine_name, domain, subdomains, q=q, silent=silent,
625 |                                            logger=logger)
626 |         return
627 | 
628 |     def req(self, url):
629 |         try:
630 |             resp = self.session.get(url, headers=self.headers, timeout=self.timeout)
631 |         except Exception as e:
632 |             resp = None
633 | 
634 |         return self.get_response(resp)
635 | 
636 |     def enumerate(self):
637 |         url = self.base_url.format(domain=self.domain)
638 |         resp = self.req(url)
639 |         if not resp:
640 |             return self.subdomains
641 | 
642 |         self.extract_domains(resp)
643 |         return self.subdomains
644 | 
645 |     def extract_domains(self, resp):
646 |         try:
647 |             for subdomain in resp.split('\n'):
648 |                 subdomain = subdomain.split(',')[0]
649 |                 if subdomain not in self.subdomains and subdomain != self.domain:
650 |                     if self.verbose:
651 |                         self.print_("%s%s: %s%s" % (self.logger.R, self.engine_name, self.logger.W, subdomain))
652 |                     self.subdomains.append(subdomain.strip())
653 |         except Exception as e:
654 |             pass
655 | 
656 | 
657 | class DnsDB(EnumratorBaseThreaded):
658 |     def __init__(self, domain, subdomains=None, q=None, silent=False, logger=None):
659 |         subdomains = subdomains or []
660 |         base_url = 'https://www.dnsdb.org/f/{domain}.dnsdb.org/'
661 |         self.engine_name = "DnsDB"
662 |         self.lock = threading.Lock()
663 |         self.q = q
664 |         super(DnsDB, self).__init__(base_url, self.engine_name, domain, subdomains, q=q, silent=silent, logger=logger)
665 |         return
666 | 
667 |     def req(self, url):
668 |         try:
669 |             resp = self.session.get(url, headers=self.headers, timeout=self.timeout)
670 |         except Exception as e:
671 |             resp = None
672 | 
673 |         return self.get_response(resp)
674 | 
675 |     def enumerate(self):
676 |         url = self.base_url.format(domain=self.domain)
677 |         resp = self.req(url)
678 |         if not resp:
679 |             return self.subdomains
680 | 
681 |         self.extract_domains(resp)
682 |         return self.subdomains
683 | 
684 |     def extract_domains(self, resp):
685 |         try:
686 |             subdomains = re.findall(r"(?<=href=\").+?(?=\")|(?<=href=\').+?(?=\')", resp)
687 |             for subdomain in subdomains:
688 |                 subdomain = subdomain.replace('https://', '').replace('.dnsdb.org/', '')
689 |                 if subdomain not in self.subdomains and subdomain != self.domain:
690 |                     if self.verbose:
691 |                         self.print_("%s%s: %s%s" % (self.logger.R, self.engine_name, self.logger.W, subdomain))
692 |                     self.subdomains.append(subdomain.strip())
693 |         except Exception as e:
694 |             pass
695 | 
696 | 
697 | class GoogleTER(EnumratorBaseThreaded):
698 |     def __init__(self, domain, subdomains=None, q=None, silent=False, logger=None):
699 |         subdomains = subdomains or []
700 |         base_url = 'https://www.google.com/transparencyreport/jsonp/ct/search?domain= \
701 |                    {domain}&incl_exp=false&incl_sub=true&c='
702 |         self.engine_name = "GoogleTER"
703 |         self.lock = threading.Lock()
704 |         self.q = q
705 |         self.Token = ""
706 |         super(GoogleTER, self).__init__(base_url, self.engine_name, domain, subdomains, q=q, silent=silent,
707 |                                         logger=logger)
708 |         return
709 | 
710 |     def req(self, url):
711 |         headers = {
712 |             'User-Agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 \
713 |                           Safari/537.36',
714 |             'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
715 |             'Accept-Language': 'en-GB,en;q=0.5',
716 |             'Accept-Encoding': 'gzip, deflate',
717 |         }
718 | 
719 |         try:
720 |             resp = self.session.get(url, headers=headers, timeout=self.timeout)
721 |         except Exception as e:
722 |             self.print_(e)
723 |             resp = None
724 |         return self.get_response(resp)
725 | 
726 |     def enumerate(self):
727 |         url = self.base_url.format(domain=self.domain)
728 |         while True:
729 |             resp = self.req(url)
730 |             if not type(resp) == type(1):
731 |                 self.extract_domains(resp)
732 |                 if "nextPageToken" not in resp:
733 |                     return self.subdomains
734 |                 url = self.base_url.format(domain=self.domain) + "&token=" + self.Token.replace("=", "%3D")
735 | 
736 |     def extract_domains(self, resp):
737 |         _jsonp_begin = r'/* API response */('
738 |         _jsonp_end = r'));'
739 |         try:
740 | 
741 |             googleresult = json.loads(resp[len(_jsonp_begin):-len(_jsonp_end)])
742 |             for subs in googleresult["results"]:
743 | 
744 |                 if self.domain in googleresult:
745 |                     continue
746 |                 subdomain = subs["subject"]
747 |                 if subdomain.startswith("*."):
748 |                     subdomain = subdomain.replace("*.", "")
749 |                 if subdomain not in self.subdomains and subdomain != self.domain and subdomain.endswith(self.domain):
750 |                     if self.verbose:
751 |                         self.print_("%s%s: %s%s" % (self.logger.R, self.engine_name, self.logger.W, subdomain))
752 |                     self.subdomains.append(subdomain.strip())
753 |             self.Token = googleresult["nextPageToken"]
754 |         except Exception:
755 |             pass
756 | 
757 | 
758 | class Engines:
759 |     supported_engines = {'baidu': BaiduEnum,
760 |                          'yahoo': YahooEnum,
761 |                          'google': GoogleEnum,
762 |                          'bing': BingEnum,
763 |                          'ask': AskEnum,
764 |                          'netcraft': NetcraftEnum,
765 |                          'dnsdumpster': DNSdumpster,
766 |                          'virustotal': Virustotal,
767 |                          'threatcrowd': ThreatCrowd,
768 |                          'ssl': CrtSearch,
769 |                          'passivedns': PassiveDNS,
770 |                          'googleter': GoogleTER,
771 |                          'hackertarget': HackerTarget,
772 |                          'dnsdb': DnsDB
773 |                          }
774 | 


--------------------------------------------------------------------------------
/engines/enumarator_base.py:
--------------------------------------------------------------------------------
  1 | import threading
  2 | 
  3 | import requests
  4 | import sys
  5 | 
  6 | from util.logger import Logger
  7 | 
  8 | # Python 2.x and 3.x compatiablity
  9 | if sys.version > '3':
 10 |     import urllib.parse as urlparse
 11 |     import urllib.parse as urllib
 12 | else:
 13 |     import urlparse
 14 |     import urllib
 15 | 
 16 | 
 17 | class EnumeratorBase(object):
 18 |     def __init__(self, base_url, engine_name, domain, subdomains=None,
 19 |                  silent=False,
 20 |                  logger=None):
 21 |         subdomains = subdomains or []
 22 |         self.domain = urlparse.urlparse(domain).netloc
 23 |         self.session = requests.Session()
 24 |         self.subdomains = []
 25 |         self.timeout = 25
 26 |         self.base_url = base_url
 27 |         self.engine_name = engine_name
 28 |         self.silent = silent
 29 |         self.logger = logger
 30 |         self.headers = {
 31 |             'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36',
 32 |             'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
 33 |             'Accept-Language': 'en-US,en;q=0.8',
 34 |             'Accept-Encoding': 'gzip',
 35 |         }
 36 |         self.print_banner()
 37 | 
 38 |     def print_(self, text):
 39 |         if not self.silent:
 40 |             print(text)
 41 |         return
 42 | 
 43 |     def print_banner(self):
 44 |         """ subclass can override this if they want a fancy banner :)"""
 45 |         self.print_(self.logger.G + "[-] Searching now in %s.." % self.engine_name + self.logger.W)
 46 |         return
 47 | 
 48 |     def send_req(self, query, page_no=1):
 49 | 
 50 |         url = self.base_url.format(query=query, page_no=page_no)
 51 |         try:
 52 |             resp = self.session.get(url, headers=self.headers, timeout=self.timeout)
 53 |         except Exception:
 54 |             resp = None
 55 |         return self.get_response(resp)
 56 | 
 57 |     def get_response(self, response):
 58 |         if response is None:
 59 |             return 0
 60 |         return response.text if hasattr(response, "text") else response.content
 61 | 
 62 |     def check_max_subdomains(self, count):
 63 |         if self.MAX_DOMAINS == 0:
 64 |             return False
 65 |         return count >= self.MAX_DOMAINS
 66 | 
 67 |     def check_max_pages(self, num):
 68 |         if self.MAX_PAGES == 0:
 69 |             return False
 70 |         return num >= self.MAX_PAGES
 71 | 
 72 |     # override
 73 |     def extract_domains(self, resp):
 74 |         """ chlid class should override this function """
 75 |         return
 76 | 
 77 |     # override
 78 |     def check_response_errors(self, resp):
 79 |         """ chlid class should override this function
 80 |         The function should return True if there are no errors and False otherwise
 81 |         """
 82 |         return True
 83 | 
 84 |     def should_sleep(self):
 85 |         """Some enumrators require sleeping to avoid bot detections like Google enumerator"""
 86 |         return
 87 | 
 88 |     def generate_query(self):
 89 |         """ chlid class should override this function """
 90 |         return
 91 | 
 92 |     def get_page(self, num):
 93 |         """ chlid class that user different pagnation counter should override this function """
 94 |         return num + 10
 95 | 
 96 |     def enumerate(self, altquery=False):
 97 |         flag = True
 98 |         page_no = 0
 99 |         prev_links = []
100 |         retries = 0
101 | 
102 |         while flag:
103 |             query = self.generate_query()
104 |             count = query.count(self.domain)  # finding the number of subdomains found so far
105 | 
106 |             # if they we reached the maximum number of subdomains in search query
107 |             # then we should go over the pages
108 |             if self.check_max_subdomains(count):
109 |                 page_no = self.get_page(page_no)
110 | 
111 |             if self.check_max_pages(page_no):  # maximum pages for Google to avoid getting blocked
112 |                 return self.subdomains
113 |             resp = self.send_req(query, page_no)
114 | 
115 |             # check if there is any error occured
116 |             if not self.check_response_errors(resp):
117 |                 return self.subdomains
118 |             links = self.extract_domains(resp)
119 | 
120 |             # if the previous page hyperlinks was the similar to the current one, then maybe we have reached the last page
121 |             if links == prev_links:
122 |                 retries += 1
123 |                 page_no = self.get_page(page_no)
124 | 
125 |                 # make another retry maybe it isn't the last page
126 |                 if retries >= 3:
127 |                     return self.subdomains
128 | 
129 |             prev_links = links
130 |             self.should_sleep()
131 | 
132 |         return self.subdomains
133 | 


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | argparse
2 | dnspython
3 | requests
4 | 


--------------------------------------------------------------------------------
/scan_flags.py:
--------------------------------------------------------------------------------
 1 | class ScanParams:
 2 |     def __init__(self, silent=False, verbose=False, brute_force=False, takeover_check=False, thread_count=20,
 3 |                  engines=None, ports="", savefile=""):
 4 |         self.Silent = silent
 5 |         self.Verbose = verbose
 6 |         self.Engines = engines
 7 |         self.BruteForce = brute_force
 8 |         self.ThreadCount = thread_count
 9 |         self.TakeoverCheck = takeover_check
10 |         self.Engines = engines
11 |         self.Ports = ports
12 |         self.SaveFile = savefile
13 | 


--------------------------------------------------------------------------------
/subbrute/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Plazmaz/Sublist3r/71fe2578032c3064a619f5dac6652f0c229c2c72/subbrute/__init__.py


--------------------------------------------------------------------------------
/subbrute/resolvers.txt:
--------------------------------------------------------------------------------
   1 | 141.1.27.249 
   2 | 194.190.225.2 
   3 | 194.225.16.5 
   4 | 91.185.6.10 
   5 | 194.2.0.50 
   6 | 66.187.16.5 
   7 | 83.222.161.130 
   8 | 69.60.160.196 
   9 | 194.150.118.3 
  10 | 84.8.2.11 
  11 | 195.175.39.40 
  12 | 193.239.159.37 
  13 | 205.152.6.20 
  14 | 82.151.90.1 
  15 | 144.76.202.253 
  16 | 103.3.46.254 
  17 | 5.144.17.119 
  18 | 195.129.12.122 
  19 | 211.35.96.6 
  20 | 202.138.120.4 
  21 | 209.130.139.2 
  22 | 64.81.127.2 
  23 | 202.199.160.206 
  24 | 195.66.68.2 
  25 | 103.3.76.7 
  26 | 202.219.177.121 
  27 | 216.143.135.12 
  28 | 141.211.144.17 
  29 | 101.203.168.123 
  30 | 217.73.17.110 
  31 | 205.242.187.234 
  32 | 62.192.160.39 
  33 | 187.115.52.101 
  34 | 122.155.167.38 
  35 | 203.229.169.69 
  36 | 69.25.1.1 
  37 | 121.52.87.38 
  38 | 209.51.161.58 
  39 | 80.72.146.2 
  40 | 195.245.76.6 
  41 | 149.156.64.210 
  42 | 195.74.128.6 
  43 | 81.15.197.10 
  44 | 213.0.77.5 
  45 | 212.89.130.180 
  46 | 91.194.112.10 
  47 | 203.146.237.222 
  48 | 1.2.4.8 
  49 | 200.118.2.88 
  50 | 213.131.178.10 
  51 | 203.63.8.27 
  52 | 62.168.59.67 
  53 | 200.175.3.232 
  54 | 205.151.222.250 
  55 | 213.115.244.69 
  56 | 81.200.80.11 
  57 | 195.206.7.98 
  58 | 213.201.230.20 
  59 | 63.146.122.11 
  60 | 188.94.19.10 
  61 | 114.114.114.119 
  62 | 203.189.89.29 
  63 | 190.9.57.2 
  64 | 193.52.218.19 
  65 | 62.183.50.230 
  66 | 129.7.1.6 
  67 | 202.248.37.74 
  68 | 141.211.125.15 
  69 | 91.195.202.131 
  70 | 146.94.1.3 
  71 | 35.8.2.41 
  72 | 206.13.29.12 
  73 | 63.218.44.186 
  74 | 83.242.139.11 
  75 | 217.117.111.1 
  76 | 66.250.7.154 
  77 | 213.157.176.3 
  78 | 38.98.10.132 
  79 | 84.21.31.230 
  80 | 213.144.3.210 
  81 | 89.140.140.8 
  82 | 195.67.27.18 
  83 | 200.62.64.1 
  84 | 212.57.190.166 
  85 | 82.115.163.2 
  86 | 207.91.130.4 
  87 | 213.235.248.245 
  88 | 67.90.152.122 
  89 | 79.140.66.38 
  90 | 208.67.220.220 
  91 | 195.189.131.1 
  92 | 212.30.96.211 
  93 | 202.14.67.4 
  94 | 205.134.162.209 
  95 | 213.169.55.10 
  96 | 217.169.242.2 
  97 | 212.24.98.97 
  98 | 209.55.0.110 
  99 | 15.227.128.50 
 100 | 159.90.200.8 
 101 | 216.244.192.3 
 102 | 212.16.72.254 
 103 | 195.54.152.2 
 104 | 147.29.10.6 
 105 | 69.67.254.2 
 106 | 110.170.117.15 
 107 | 217.76.240.2 
 108 | 202.43.178.244 
 109 | 101.255.64.74 
 110 | 85.185.6.35 
 111 | 72.37.141.91 
 112 | 129.219.13.81 
 113 | 204.95.160.2 
 114 | 103.9.124.89 
 115 | 210.248.255.82 
 116 | 205.151.222.251 
 117 | 212.214.82.198 
 118 | 82.212.67.100 
 119 | 108.61.213.134 
 120 | 213.55.96.166 
 121 | 121.194.2.2 
 122 | 93.188.152.3 
 123 | 198.6.1.3 
 124 | 64.215.98.148 
 125 | 193.252.247.52 
 126 | 164.124.101.82 
 127 | 82.182.37.49 
 128 | 212.37.208.3 
 129 | 213.184.242.6 
 130 | 212.236.250.4 
 131 | 193.89.221.2 
 132 | 194.39.185.10 
 133 | 70.36.0.5 
 134 | 91.189.0.5 
 135 | 217.71.105.254 
 136 | 203.238.227.100 
 137 | 203.109.129.68 
 138 | 115.68.45.3 
 139 | 193.109.4.5 
 140 | 134.60.1.111 
 141 | 78.143.192.10 
 142 | 212.97.32.2 
 143 | 212.57.190.166 
 144 | 200.175.3.30 
 145 | 193.27.80.34 
 146 | 165.194.1.1 
 147 | 194.25.0.60 
 148 | 203.189.89.36 
 149 | 216.66.22.2 
 150 | 213.143.96.1 
 151 | 213.184.0.42 
 152 | 62.24.228.202 
 153 | 91.214.72.34 
 154 | 194.169.244.33 
 155 | 192.116.16.26 
 156 | 95.85.9.86 
 157 | 91.188.0.5 
 158 | 211.60.155.5 
 159 | 209.145.176.20 
 160 | 210.131.113.123 
 161 | 217.113.48.1 
 162 | 131.191.7.12 
 163 | 64.105.163.106 
 164 | 203.189.89.82 
 165 | 69.7.192.2 
 166 | 110.76.151.254 
 167 | 212.9.160.1 
 168 | 216.184.96.5 
 169 | 61.63.0.66 
 170 | 103.20.188.35 
 171 | 195.234.101.234 
 172 | 62.231.76.49 
 173 | 208.72.120.204 
 174 | 209.213.64.2 
 175 | 213.211.50.2 
 176 | 83.137.41.9 
 177 | 195.113.144.194 
 178 | 66.163.0.173 
 179 | 109.69.8.34 
 180 | 202.180.160.1 
 181 | 216.81.128.132 
 182 | 103.9.124.145 
 183 | 92.43.224.1 
 184 | 63.105.204.164 
 185 | 212.96.1.70 
 186 | 213.157.196.130 
 187 | 81.173.113.30 
 188 | 216.185.64.6 
 189 | 212.26.6.11 
 190 | 64.79.224.3 
 191 | 62.243.190.9 
 192 | 194.1.154.37 
 193 | 193.186.162.3 
 194 | 212.66.0.1 
 195 | 195.175.39.39 
 196 | 198.6.1.5 
 197 | 62.77.85.100 
 198 | 178.212.102.76 
 199 | 217.151.0.50 
 200 | 212.53.35.20 
 201 | 101.255.64.62 
 202 | 203.189.88.148 
 203 | 213.157.0.193 
 204 | 217.30.50.100 
 205 | 178.151.86.169 
 206 | 193.33.114.2 
 207 | 193.228.86.5 
 208 | 195.170.55.1 
 209 | 148.160.20.195 
 210 | 194.132.119.151 
 211 | 64.181.43.34 
 212 | 203.133.1.8 
 213 | 83.233.78.163 
 214 | 62.76.76.62 
 215 | 64.105.202.138 
 216 | 217.197.84.69 
 217 | 212.34.194.211 
 218 | 202.91.8.219 
 219 | 122.0.0.13 
 220 | 216.17.128.2 
 221 | 195.166.192.1 
 222 | 200.95.144.4 
 223 | 202.116.128.1 
 224 | 193.255.146.53 
 225 | 202.65.159.4 
 226 | 216.47.160.13 
 227 | 117.102.224.26 
 228 | 64.85.177.11 
 229 | 168.88.66.6 
 230 | 195.234.101.234 
 231 | 83.177.163.51 
 232 | 84.45.85.23 
 233 | 101.255.64.114 
 234 | 198.60.22.2 
 235 | 66.165.173.235 
 236 | 50.9.119.3 
 237 | 195.177.240.3 
 238 | 194.169.205.1 
 239 | 151.236.6.156 
 240 | 194.28.223.2 
 241 | 195.158.239.4 
 242 | 178.161.146.10 
 243 | 64.94.1.33 
 244 | 216.81.96.68 
 245 | 63.251.161.33 
 246 | 199.44.194.2 
 247 | 159.90.200.7 
 248 | 217.18.206.22 
 249 | 101.255.64.227 
 250 | 217.77.223.114 
 251 | 122.155.167.8 
 252 | 194.246.126.68 
 253 | 93.91.146.150 
 254 | 205.211.206.141 
 255 | 82.99.212.18 
 256 | 80.66.0.30 
 257 | 212.37.208.4 
 258 | 203.189.89.209 
 259 | 209.252.33.101 
 260 | 212.85.128.2 
 261 | 196.29.40.3 
 262 | 61.31.233.1 
 263 | 213.157.0.194 
 264 | 203.115.225.25 
 265 | 195.140.236.250 
 266 | 62.243.190.7 
 267 | 193.232.69.22 
 268 | 87.204.12.134 
 269 | 209.183.48.21 
 270 | 85.185.144.136 
 271 | 206.126.32.101 
 272 | 217.149.17.1 
 273 | 111.223.252.193 
 274 | 200.85.0.105 
 275 | 194.145.147.195 
 276 | 194.226.48.12 
 277 | 216.186.27.15 
 278 | 216.21.128.22 
 279 | 77.241.112.23 
 280 | 89.146.204.5 
 281 | 207.190.94.129 
 282 | 211.78.130.10 
 283 | 210.23.64.1 
 284 | 95.86.129.42 
 285 | 200.85.44.70 
 286 | 83.170.69.2 
 287 | 193.231.173.2 
 288 | 193.142.218.3 
 289 | 157.157.90.193 
 290 | 213.88.195.147 
 291 | 83.97.97.3 
 292 | 194.150.168.168 
 293 | 212.42.165.37 
 294 | 217.168.40.198 
 295 | 66.216.18.222 
 296 | 194.141.45.4 
 297 | 198.82.247.34 
 298 | 216.254.141.2 
 299 | 213.241.193.250 
 300 | 202.130.97.65 
 301 | 193.33.236.1 
 302 | 42.62.176.38 
 303 | 195.186.4.110 
 304 | 69.88.0.17 
 305 | 69.26.129.2 
 306 | 212.76.68.200 
 307 | 210.23.129.34 
 308 | 198.6.1.195 
 309 | 202.203.192.33 
 310 | 66.118.80.5 
 311 | 213.233.161.69 
 312 | 206.13.31.12 
 313 | 84.241.98.36 
 314 | 218.232.110.36 
 315 | 67.17.215.132 
 316 | 193.169.32.1 
 317 | 78.38.253.138 
 318 | 177.19.48.144 
 319 | 188.114.194.2 
 320 | 209.0.205.50 
 321 | 139.130.4.4 
 322 | 80.254.79.157 
 323 | 202.46.1.2 
 324 | 195.216.64.144 
 325 | 201.163.145.101 
 326 | 212.36.24.3 
 327 | 210.29.96.33 
 328 | 89.107.210.172 
 329 | 194.113.160.68 
 330 | 195.189.130.1 
 331 | 213.178.66.111 
 332 | 62.148.228.2 
 333 | 216.47.160.12 
 334 | 195.5.125.3 
 335 | 186.107.119.118 
 336 | 209.145.150.10 
 337 | 209.195.95.95 
 338 | 187.115.53.162 
 339 | 62.243.190.8 
 340 | 77.59.224.11 
 341 | 91.189.0.2 
 342 | 93.191.32.131 
 343 | 62.3.32.17 
 344 | 209.244.0.4 
 345 | 212.31.253.69 
 346 | 62.122.184.81 
 347 | 213.144.108.117 
 348 | 80.84.72.20 
 349 | 208.112.89.187 
 350 | 217.24.112.2 
 351 | 206.51.143.55 
 352 | 213.128.194.2 
 353 | 212.118.241.1 
 354 | 81.189.212.129 
 355 | 81.222.80.2 
 356 | 165.21.83.88 
 357 | 87.105.250.3 
 358 | 212.87.29.6 
 359 | 68.179.203.94 
 360 | 213.144.3.210 
 361 | 180.211.129.42 
 362 | 200.49.160.35 
 363 | 38.119.98.220 
 364 | 104.45.88.179 
 365 | 219.96.224.90 
 366 | 193.252.247.52 
 367 | 82.145.163.1 
 368 | 93.157.14.65 
 369 | 212.181.124.8 
 370 | 154.15.245.2 
 371 | 200.35.174.126 
 372 | 193.43.17.4 
 373 | 204.174.120.45 
 374 | 212.19.128.4 
 375 | 203.130.2.3 
 376 | 117.102.224.118 
 377 | 213.152.142.12 
 378 | 217.174.252.116 
 379 | 202.43.176.14 
 380 | 89.235.9.9 
 381 | 194.20.0.24 
 382 | 213.171.220.209 
 383 | 203.130.2.4 
 384 | 91.207.164.4 
 385 | 84.200.69.80 
 386 | 195.128.252.4 
 387 | 119.160.208.252 
 388 | 212.31.32.131 
 389 | 204.119.0.2 
 390 | 114.114.114.114 
 391 | 62.58.3.11 
 392 | 209.191.129.65 
 393 | 202.141.224.34 
 394 | 80.74.253.18 
 395 | 212.18.15.3 
 396 | 67.214.64.6 
 397 | 193.43.108.3 
 398 | 208.79.56.204 
 399 | 208.70.22.22 
 400 | 218.49.29.140 
 401 | 195.189.72.2 
 402 | 88.147.158.1 
 403 | 66.9.182.1 
 404 | 212.98.160.65 
 405 | 213.88.151.150 
 406 | 195.68.193.10 
 407 | 203.112.2.5 
 408 | 58.97.113.158 
 409 | 203.119.36.106 
 410 | 63.171.232.38 
 411 | 194.52.202.98 
 412 | 212.94.162.33 
 413 | 195.137.189.203 
 414 | 199.5.47.164 
 415 | 114.114.115.115 
 416 | 83.166.8.18 
 417 | 202.14.67.14 
 418 | 82.144.181.1 
 419 | 195.149.104.186 
 420 | 85.174.190.2 
 421 | 212.58.111.1 
 422 | 195.228.254.165 
 423 | 205.152.37.23 
 424 | 194.117.245.2 
 425 | 91.98.110.15 
 426 | 213.0.77.8 
 427 | 212.122.224.10 
 428 | 194.152.241.2 
 429 | 85.158.50.50 
 430 | 64.91.92.22 
 431 | 202.43.178.245 
 432 | 85.233.82.86 
 433 | 210.44.112.66 
 434 | 200.49.160.31 
 435 | 217.8.180.98 
 436 | 208.67.222.222 
 437 | 217.159.0.17 
 438 | 69.60.160.203 
 439 | 207.241.160.34 
 440 | 94.142.161.73 
 441 | 151.164.1.8 
 442 | 216.17.128.1 
 443 | 217.15.17.2 
 444 | 212.91.184.2 
 445 | 63.251.161.1 
 446 | 220.227.60.12 
 447 | 202.120.111.3 
 448 | 195.14.50.21 
 449 | 209.87.64.70 
 450 | 195.178.60.2 
 451 | 41.211.233.10 
 452 | 217.69.160.18 
 453 | 217.64.163.1 
 454 | 208.69.84.9 
 455 | 81.17.66.14 
 456 | 209.90.160.220 
 457 | 200.175.3.68 
 458 | 213.244.72.31 
 459 | 95.128.246.2 
 460 | 66.92.64.2 
 461 | 217.22.209.254 
 462 | 193.26.6.130 
 463 | 200.66.96.1 
 464 | 83.242.140.10 
 465 | 153.19.1.254 
 466 | 8.3.48.20 
 467 | 152.99.78.136 
 468 | 79.141.81.250 
 469 | 206.165.6.11 
 470 | 148.243.65.16 
 471 | 213.159.193.54 
 472 | 195.153.19.10 
 473 | 8.8.4.4
 474 | 188.227.48.254 
 475 | 80.79.179.2 
 476 | 203.189.89.15 
 477 | 203.90.78.65 
 478 | 217.107.10.254 
 479 | 218.49.29.141 
 480 | 195.96.208.1 
 481 | 207.248.224.71 
 482 | 89.191.149.2 
 483 | 213.151.109.1 
 484 | 216.52.126.1 
 485 | 212.66.129.98 
 486 | 77.88.8.2 
 487 | 8.8.8.8
 488 | 203.189.89.134 
 489 | 61.199.193.162 
 490 | 93.186.161.211 
 491 | 83.143.8.220 
 492 | 194.54.66.242 
 493 | 82.202.131.1 
 494 | 194.158.206.206 
 495 | 62.16.86.100 
 496 | 195.137.162.149 
 497 | 193.89.221.124 
 498 | 219.163.55.74 
 499 | 62.37.228.20 
 500 | 193.151.93.3 
 501 | 193.22.119.195 
 502 | 151.236.29.92 
 503 | 217.30.49.100 
 504 | 217.28.113.13 
 505 | 78.159.224.224 
 506 | 122.155.12.215 
 507 | 212.66.1.1 
 508 | 212.116.76.76 
 509 | 64.13.115.12 
 510 | 62.140.239.1 
 511 | 82.96.193.12 
 512 | 212.9.64.12 
 513 | 213.183.57.55 
 514 | 193.243.128.91 
 515 | 212.51.17.1 
 516 | 62.141.38.230 
 517 | 206.248.95.194 
 518 | 194.226.211.11 
 519 | 74.82.46.6 
 520 | 213.184.16.1 
 521 | 216.66.80.98 
 522 | 158.43.192.1 
 523 | 195.244.25.3 
 524 | 213.136.40.32 
 525 | 217.28.98.62 
 526 | 212.230.255.1 
 527 | 213.135.67.1 
 528 | 212.118.0.2 
 529 | 141.211.125.17 
 530 | 195.214.240.136 
 531 | 202.83.20.101 
 532 | 193.111.34.18 
 533 | 217.149.155.180 
 534 | 142.77.2.85 
 535 | 130.180.228.2 
 536 | 89.233.250.137 
 537 | 106.51.255.133 
 538 | 91.194.211.134 
 539 | 195.42.215.17 
 540 | 64.105.199.76 
 541 | 202.91.8.234 
 542 | 193.45.139.20 
 543 | 213.128.216.115 
 544 | 217.66.226.8 
 545 | 211.67.112.1 
 546 | 129.219.17.5 
 547 | 217.72.1.2 
 548 | 213.251.133.164 
 549 | 202.30.143.11 
 550 | 213.183.65.31 
 551 | 208.3.14.1 
 552 | 207.17.190.5 
 553 | 94.25.63.2 
 554 | 217.79.225.8 
 555 | 83.234.220.253 
 556 | 198.6.1.1 
 557 | 87.204.12.130 
 558 | 200.88.127.23 
 559 | 81.209.202.46 
 560 | 210.2.4.8 
 561 | 195.35.110.4 
 562 | 213.141.72.250 
 563 | 24.154.1.5 
 564 | 194.145.147.194 
 565 | 95.215.150.15 
 566 | 205.134.162.209 
 567 | 83.170.64.2 
 568 | 81.28.128.34 
 569 | 202.86.8.100 
 570 | 207.44.226.173 
 571 | 89.248.162.3 
 572 | 82.216.111.122 
 573 | 187.115.52.91 
 574 | 200.194.67.214 
 575 | 203.109.129.67 
 576 | 194.50.10.2 
 577 | 88.82.105.19 
 578 | 213.140.34.65 
 579 | 200.123.192.244 
 580 | 141.50.161.12 
 581 | 217.31.160.30 
 582 | 192.190.173.40 
 583 | 82.96.81.10 
 584 | 37.235.1.174 
 585 | 187.115.52.78 
 586 | 207.17.190.7 
 587 | 209.172.128.2 
 588 | 219.252.48.67 
 589 | 62.149.132.2 
 590 | 91.203.188.1 
 591 | 82.209.190.82 
 592 | 194.8.53.1 
 593 | 198.6.1.4 
 594 | 200.175.3.69 
 595 | 212.40.5.51 
 596 | 195.26.96.2 
 597 | 203.115.81.38 
 598 | 8.3.48.30 
 599 | 194.158.206.205 
 600 | 212.87.132.53 
 601 | 194.169.244.34 
 602 | 63.251.129.33 
 603 | 69.16.169.11 
 604 | 31.47.189.170 
 605 | 190.11.32.42 
 606 | 202.130.97.65 
 607 | 203.189.88.211 
 608 | 193.226.61.1 
 609 | 204.117.214.10 
 610 | 83.69.77.2 
 611 | 81.199.3.7 
 612 | 35.8.2.45 
 613 | 84.55.62.75 
 614 | 213.158.72.1 
 615 | 94.247.200.3 
 616 | 210.94.0.7 
 617 | 89.160.27.232 
 618 | 120.50.44.141 
 619 | 201.217.16.89 
 620 | 196.41.225.11 
 621 | 62.196.2.70 
 622 | 203.253.64.1 
 623 | 148.233.151.8 
 624 | 194.141.44.130 
 625 | 62.8.96.38 
 626 | 202.51.96.5 
 627 | 46.246.94.136 
 628 | 91.194.178.5 
 629 | 212.112.39.25 
 630 | 203.210.142.132 
 631 | 213.73.14.227 
 632 | 209.130.136.2 
 633 | 149.250.222.22 
 634 | 212.69.161.100 
 635 | 91.202.12.10 
 636 | 213.129.120.3 
 637 | 88.80.64.200 
 638 | 220.233.0.1 
 639 | 216.184.96.6 
 640 | 212.15.128.1 
 641 | 211.41.128.71 
 642 | 194.14.0.6 
 643 | 212.94.34.34 
 644 | 216.229.0.25 
 645 | 216.143.135.11 
 646 | 216.143.135.12 
 647 | 203.189.89.1 
 648 | 195.161.115.3 
 649 | 195.166.192.8 
 650 | 8.15.12.5 
 651 | 202.62.124.238 
 652 | 212.40.5.50 
 653 | 216.254.95.2 
 654 | 62.58.3.11 
 655 | 217.219.236.8 
 656 | 80.190.248.146 
 657 | 89.186.66.6 
 658 | 194.54.128.232 
 659 | 194.145.240.6 
 660 | 62.149.33.134 
 661 | 69.28.148.102 
 662 | 79.141.83.250 
 663 | 203.41.44.20 
 664 | 208.38.1.15 
 665 | 82.76.253.115 
 666 | 91.196.8.2 
 667 | 205.152.144.23 
 668 | 200.9.115.2 
 669 | 62.33.47.253 
 670 | 188.114.193.254 
 671 | 202.248.0.34 
 672 | 91.207.40.2 
 673 | 210.131.113.123 
 674 | 202.73.36.135 
 675 | 142.47.133.81 
 676 | 204.116.57.2 
 677 | 185.46.7.100 
 678 | 217.115.16.2 
 679 | 66.92.159.2 
 680 | 217.31.204.130 
 681 | 185.16.40.143 
 682 | 220.128.173.228 
 683 | 212.51.17.1 
 684 | 81.23.144.250 
 685 | 193.28.97.130 
 686 | 89.107.16.2 
 687 | 88.82.84.129 
 688 | 91.98.132.60 
 689 | 194.169.239.10 
 690 | 42.62.178.65 
 691 | 199.166.6.2 
 692 | 62.3.32.16 
 693 | 193.33.200.22 
 694 | 90.189.109.2 
 695 | 213.33.82.1 
 696 | 199.103.16.5 
 697 | 141.85.128.1 
 698 | 209.216.160.2 
 699 | 110.76.151.1 
 700 | 193.230.161.4 
 701 | 213.253.137.17 
 702 | 222.124.249.115 
 703 | 81.24.128.146 
 704 | 194.18.231.5 
 705 | 5.144.19.8 
 706 | 62.20.17.205 
 707 | 194.98.65.165 
 708 | 194.102.106.1 
 709 | 4.2.2.6 
 710 | 101.255.64.134 
 711 | 158.43.128.1 
 712 | 212.58.3.2 
 713 | 89.233.43.71 
 714 | 193.16.209.2 
 715 | 77.88.8.8 
 716 | 62.73.100.4 
 717 | 81.189.214.162 
 718 | 158.43.128.72 
 719 | 115.68.100.103 
 720 | 69.146.17.3 
 721 | 200.85.39.206 
 722 | 64.91.92.21 
 723 | 200.40.230.36 
 724 | 90.183.74.1 
 725 | 84.1.240.34 
 726 | 83.243.39.61 
 727 | 202.248.20.133 
 728 | 81.27.135.50 
 729 | 195.84.194.3 
 730 | 195.182.110.132 
 731 | 203.189.88.213 
 732 | 80.190.200.10 
 733 | 207.178.128.21 
 734 | 212.94.162.33 
 735 | 195.170.97.254 
 736 | 77.247.176.114 
 737 | 82.145.160.140 
 738 | 152.99.1.10 
 739 | 212.192.128.3 
 740 | 142.77.2.36 
 741 | 42.62.176.30 
 742 | 195.225.36.16 
 743 | 84.241.100.31 
 744 | 217.78.80.74 
 745 | 166.70.25.18 
 746 | 216.21.129.22 
 747 | 205.171.2.65 
 748 | 195.46.48.22 
 749 | 147.235.250.2 
 750 | 130.85.1.3 
 751 | 91.203.177.4 
 752 | 178.151.86.169 
 753 | 201.217.19.225 
 754 | 204.119.0.2 
 755 | 88.255.242.6 
 756 | 91.135.110.132 
 757 | 190.22.34.170 
 758 | 213.244.5.67 
 759 | 117.102.224.154 
 760 | 91.149.108.10 
 761 | 194.246.127.11 
 762 | 194.67.74.2 
 763 | 64.119.60.9 
 764 | 216.184.96.4 
 765 | 216.52.169.1 
 766 | 83.136.56.52 
 767 | 194.239.164.25 
 768 | 216.116.96.3 
 769 | 84.32.80.20 
 770 | 216.66.38.58 
 771 | 206.253.194.65 
 772 | 61.31.1.1 
 773 | 217.21.96.1 
 774 | 91.198.154.133 
 775 | 212.5.218.3 
 776 | 78.31.96.2 
 777 | 194.225.128.22 
 778 | 76.73.18.50 
 779 | 129.250.35.251 
 780 | 161.53.128.16 
 781 | 203.189.88.54 
 782 | 89.208.10.10 
 783 | 87.104.254.39 
 784 | 66.250.192.11 
 785 | 218.223.32.1 
 786 | 213.178.66.2 
 787 | 82.199.102.38 
 788 | 193.22.110.251 
 789 | 212.19.149.226 
 790 | 213.144.108.117 
 791 | 199.249.18.1 
 792 | 69.67.97.18 
 793 | 8.2.208.2 
 794 | 212.96.130.140 
 795 | 217.199.217.200 
 796 | 195.67.127.137 
 797 | 212.203.33.12 
 798 | 64.91.3.46 
 799 | 213.178.0.33 
 800 | 121.52.87.56 
 801 | 216.116.96.2 
 802 | 212.59.199.6 
 803 | 216.185.192.1 
 804 | 110.76.151.241 
 805 | 203.156.104.21 
 806 | 61.56.211.185 
 807 | 194.72.9.61 
 808 | 209.0.205.11 
 809 | 93.158.117.138 
 810 | 84.200.70.40 
 811 | 101.255.64.154 
 812 | 212.85.112.32 
 813 | 211.78.130.11 
 814 | 81.23.144.250 
 815 | 84.237.112.3 
 816 | 83.137.193.83 
 817 | 193.111.200.191 
 818 | 207.230.202.28 
 819 | 80.94.48.254 
 820 | 66.242.160.5 
 821 | 79.137.227.122 
 822 | 217.116.53.13 
 823 | 200.58.161.25 
 824 | 66.203.72.10 
 825 | 212.51.16.1 
 826 | 93.88.151.138 
 827 | 200.12.63.10 
 828 | 203.242.200.15 
 829 | 203.189.88.152 
 830 | 64.132.61.131 
 831 | 81.92.96.22 
 832 | 139.134.5.51 
 833 | 89.223.7.242 
 834 | 95.158.129.2 
 835 | 62.133.163.171 
 836 | 202.44.55.193 
 837 | 91.144.248.227 
 838 | 81.17.72.70 
 839 | 193.110.157.2 
 840 | 203.189.88.54 
 841 | 193.230.161.3 
 842 | 64.72.224.34 
 843 | 85.115.224.18 
 844 | 193.77.33.18 
 845 | 203.189.88.214 
 846 | 212.214.82.194 
 847 | 216.66.80.30 
 848 | 194.120.55.3 
 849 | 81.199.48.244 
 850 | 212.66.1.1 
 851 | 83.97.97.2 
 852 | 202.180.64.2 
 853 | 67.214.159.198 
 854 | 213.157.0.194 
 855 | 77.241.24.5 
 856 | 195.190.17.6 
 857 | 217.77.176.10 
 858 | 72.11.150.74 
 859 | 66.252.170.3 
 860 | 94.155.91.8 
 861 | 200.175.3.59 
 862 | 194.12.224.34 
 863 | 213.147.64.1 
 864 | 84.241.98.37 
 865 | 207.178.128.20 
 866 | 202.180.64.9 
 867 | 187.73.241.67 
 868 | 195.67.15.102 
 869 | 78.133.155.218 
 870 | 194.183.88.41 
 871 | 212.9.160.1 
 872 | 208.48.253.106 
 873 | 193.242.114.129 
 874 | 85.219.142.1 
 875 | 101.255.64.42 
 876 | 82.96.86.20 
 877 | 200.62.64.65 
 878 | 220.68.64.1 
 879 | 216.52.254.33 
 880 | 66.81.0.252 
 881 | 193.151.32.40 
 882 | 63.251.62.1 
 883 | 203.133.1.7 
 884 | 202.148.202.4 
 885 | 193.95.93.243 
 886 | 212.82.226.212 
 887 | 212.58.3.7 
 888 | 62.20.57.226 
 889 | 216.58.97.20 
 890 | 170.56.58.53 
 891 | 193.201.185.3 
 892 | 62.177.42.174 
 893 | 212.69.161.100 
 894 | 64.212.106.85 
 895 | 83.243.39.59 
 896 | 62.233.128.17 
 897 | 204.52.135.2 
 898 | 217.78.80.70 
 899 | 213.164.38.66 
 900 | 62.129.252.215 
 901 | 50.116.23.211 
 902 | 80.94.32.240 
 903 | 200.85.35.158 
 904 | 200.175.3.58 
 905 | 129.250.35.250 
 906 | 91.220.187.3 
 907 | 202.136.162.11 
 908 | 115.85.69.162 
 909 | 212.11.191.72 
 910 | 213.172.33.34 
 911 | 213.30.253.65 
 912 | 202.148.202.3 
 913 | 213.27.209.8 
 914 | 198.6.1.2 
 915 | 160.44.1.4 
 916 | 216.237.221.42 
 917 | 194.88.202.11 
 918 | 212.19.96.2 
 919 | 212.233.128.1 
 920 | 141.211.144.15 
 921 | 93.99.200.1 
 922 | 62.20.76.35 
 923 | 201.217.17.74 
 924 | 101.255.64.90 
 925 | 80.64.32.2 
 926 | 114.130.11.66 
 927 | 122.255.96.132 
 928 | 203.119.8.106 
 929 | 69.7.192.1 
 930 | 216.52.129.1 
 931 | 194.6.216.5 
 932 | 203.250.129.214 
 933 | 103.9.124.154 
 934 | 193.231.80.7 
 935 | 85.249.45.253 
 936 | 208.122.23.23 
 937 | 210.80.58.66 
 938 | 196.207.15.42 
 939 | 217.69.169.25 
 940 | 200.113.185.227 
 941 | 63.238.52.1 
 942 | 64.119.80.100 
 943 | 204.9.123.122 
 944 | 206.124.64.1 
 945 | 193.232.65.2 
 946 | 193.111.238.5 
 947 | 209.161.175.30 
 948 | 166.102.165.32 
 949 | 212.94.32.32 
 950 | 129.7.1.1 
 951 | 160.220.137.2 
 952 | 95.173.193.3 
 953 | 139.0.27.186 
 954 | 66.119.93.10 
 955 | 103.22.248.62 
 956 | 206.248.79.244 
 957 | 121.52.87.128 
 958 | 91.143.20.6 
 959 | 82.99.211.195 
 960 | 66.92.224.2 
 961 | 193.254.232.1 
 962 | 216.131.95.20 
 963 | 115.85.69.162 
 964 | 83.143.154.234 
 965 | 206.124.1.254 
 966 | 101.255.64.241 
 967 | 207.164.234.193 
 968 | 222.124.8.50 
 969 | 147.29.37.19 
 970 | 199.2.252.10 
 971 | 194.152.248.42 
 972 | 83.69.77.6 
 973 | 174.34.129.34 
 974 | 207.130.95.40 
 975 | 193.175.51.10 
 976 | 87.197.40.58 
 977 | 193.6.10.1 
 978 | 209.63.0.18 
 979 | 212.50.131.153 
 980 | 80.94.52.254 
 981 | 62.95.15.107 
 982 | 80.78.162.2 
 983 | 67.17.215.133 
 984 | 213.139.190.3 
 985 | 213.129.120.6 
 986 | 217.168.144.127 
 987 | 66.51.206.100 
 988 | 193.200.68.230 
 989 | 217.196.1.5 
 990 | 212.71.98.250 
 991 | 64.13.48.12 
 992 | 170.51.255.100 
 993 | 194.242.50.66 
 994 | 216.235.1.3 
 995 | 173.44.32.2 
 996 | 128.199.248.105 
 997 | 195.167.98.3 
 998 | 119.252.20.75 
 999 | 212.111.28.5 
1000 | 217.21.48.1 
1001 | 62.91.2.20 
1002 | 206.74.254.2 
1003 | 81.199.3.7 
1004 | 165.87.13.129 
1005 | 194.8.53.1 
1006 | 64.140.243.112 
1007 | 147.235.251.3 
1008 | 212.82.225.7 
1009 | 187.115.52.83 
1010 | 101.255.64.150 
1011 | 216.254.141.13 
1012 | 213.27.209.53 
1013 | 79.141.82.250 
1014 | 194.213.193.5 
1015 | 148.233.151.6 
1016 | 200.85.60.210 
1017 | 193.231.236.25 
1018 | 62.177.42.174 
1019 | 190.11.32.199 
1020 | 207.179.3.25 
1021 | 202.130.97.66 
1022 | 199.101.98.178 
1023 | 91.185.2.10 
1024 | 217.18.90.105 
1025 | 195.182.224.11 
1026 | 69.28.97.4 
1027 | 209.97.224.3 
1028 | 94.124.19.16 
1029 | 194.169.235.2 
1030 | 87.229.99.1 
1031 | 88.80.64.201 
1032 | 62.181.119.131 
1033 | 147.29.10.55 
1034 | 194.73.96.50 
1035 | 84.32.80.20 
1036 | 216.146.35.230 
1037 | 190.146.118.41 
1038 | 110.76.151.17 
1039 | 58.96.3.34 
1040 | 193.16.255.2 
1041 | 61.19.252.238 
1042 | 208.92.9.21 
1043 | 85.88.19.11 
1044 | 83.241.175.98 
1045 | 203.146.237.237 
1046 | 64.91.89.2 
1047 | 194.141.12.1 
1048 | 194.54.181.90 
1049 | 193.41.252.146 
1050 | 201.131.4.9 
1051 | 62.33.183.254 
1052 | 119.160.208.251 
1053 | 217.18.80.105 
1054 | 202.86.216.1 
1055 | 62.109.182.2 
1056 | 64.105.189.26 
1057 | 72.52.104.74 
1058 | 81.92.97.12 
1059 | 87.255.68.242 
1060 | 134.48.1.32 
1061 | 216.218.226.238 
1062 | 85.214.132.203 
1063 | 62.97.84.4 
1064 | 210.220.163.82 
1065 | 103.239.165.34 
1066 | 213.218.117.85 
1067 | 203.248.252.2 
1068 | 65.183.98.90 
1069 | 168.95.1.1 
1070 | 209.213.223.18 
1071 | 200.88.127.22 
1072 | 217.32.105.66 
1073 | 62.20.15.234 
1074 | 149.211.153.51 
1075 | 193.111.144.145 
1076 | 203.89.226.26 
1077 | 203.80.96.10 
1078 | 193.78.240.12 
1079 | 109.69.8.51 
1080 | 78.142.133.43 
1081 | 212.94.162.1 
1082 | 77.240.144.164 
1083 | 213.234.128.211 
1084 | 91.209.108.17 
1085 | 64.207.64.5 
1086 | 213.137.73.254 
1087 | 205.172.19.79 
1088 | 83.219.241.2 
1089 | 88.82.105.18 
1090 | 209.55.1.220 
1091 | 193.58.251.251 
1092 | 206.253.33.130 
1093 | 141.56.31.3 
1094 | 161.53.129.139 
1095 | 158.39.46.248 
1096 | 122.210.229.161 
1097 | 203.253.31.1 
1098 | 195.60.70.5 
1099 | 202.38.128.58 
1100 | 62.134.11.4 
1101 | 207.178.128.21 
1102 | 195.166.13.4 
1103 | 192.43.161.22 
1104 | 200.69.193.2 
1105 | 203.153.214.14 
1106 | 81.24.128.146 
1107 | 208.78.24.238 
1108 | 211.172.241.54 
1109 | 185.46.7.110 
1110 | 198.188.2.69 
1111 | 66.93.87.2 
1112 | 194.33.15.3 
1113 | 193.34.129.253 
1114 | 91.212.56.5 
1115 | 81.90.168.3 
1116 | 216.198.139.68 
1117 | 193.231.249.1 
1118 | 195.70.237.42 
1119 | 65.74.130.6 
1120 | 91.210.24.22 
1121 | 65.163.107.11 
1122 | 202.181.224.2 
1123 | 195.70.248.1 
1124 | 208.122.23.22 
1125 | 210.227.119.194 
1126 | 79.99.224.24 
1127 | 168.243.165.225 
1128 | 202.83.30.5 
1129 | 212.24.98.98 
1130 | 194.176.190.2 
1131 | 77.59.224.10 
1132 | 80.190.200.55 
1133 | 91.135.230.231 
1134 | 212.209.194.170 
1135 | 65.220.16.14 
1136 | 66.207.160.111 
1137 | 66.28.0.45 
1138 | 216.185.192.2 
1139 | 216.54.201.11 
1140 | 68.179.203.94 
1141 | 216.52.94.1 
1142 | 193.33.220.3 
1143 | 194.145.198.226 
1144 | 212.14.253.242 
1145 | 62.108.161.200 
1146 | 66.81.1.252 
1147 | 217.65.192.1 
1148 | 122.155.167.70 
1149 | 195.170.96.2 
1150 | 198.6.1.146 
1151 | 168.213.3.10 
1152 | 64.85.177.10 
1153 | 66.165.177.69 
1154 | 85.94.224.1 
1155 | 193.111.144.161 
1156 | 64.61.99.2 
1157 | 85.235.199.199 
1158 | 193.33.174.3 
1159 | 149.156.64.210 
1160 | 115.68.62.222 
1161 | 119.160.208.252 
1162 | 216.58.97.21 
1163 | 194.158.230.53 
1164 | 202.138.120.6 
1165 | 218.192.240.2 
1166 | 152.99.200.6 
1167 | 202.152.162.66 
1168 | 173.241.133.178 
1169 | 194.132.32.32 
1170 | 193.231.238.1
1171 | 195.182.192.10 
1172 | 212.66.160.2 
1173 | 89.255.99.131 
1174 | 212.85.128.2 
1175 | 65.74.130.5 
1176 | 63.251.62.33 
1177 | 200.56.224.11 
1178 | 103.3.76.82 
1179 | 212.108.200.77 
1180 | 194.250.223.1 
1181 | 194.172.160.4 
1182 | 195.140.236.253 
1183 | 209.142.182.250 
1184 | 106.186.17.181 
1185 | 58.150.55.34 
1186 | 103.9.124.154 
1187 | 206.123.64.245 
1188 | 87.104.254.135 
1189 | 64.13.131.34 
1190 | 148.243.65.17 
1191 | 103.226.55.129 
1192 | 81.180.201.99 
1193 | 50.21.174.18 
1194 | 216.175.203.51 
1195 | 66.163.0.161 
1196 | 66.146.0.1 
1197 | 216.162.32.20 
1198 | 89.208.120.10 
1199 | 202.43.176.13 
1200 | 77.241.25.3 
1201 | 212.40.0.10 
1202 | 206.53.177.3 
1203 | 75.94.255.12 
1204 | 93.90.82.50 
1205 | 64.187.29.134 
1206 | 217.144.144.211 
1207 | 195.46.48.21 
1208 | 4.2.2.1 
1209 | 62.165.33.250 
1210 | 212.87.130.92 
1211 | 205.151.69.200 
1212 | 198.6.1.142 
1213 | 66.63.192.2 
1214 | 82.198.129.146 
1215 | 209.142.152.253 
1216 | 103.9.124.90 
1217 | 213.211.50.1 
1218 | 212.31.32.130 
1219 | 64.105.179.138 
1220 | 190.248.153.98 
1221 | 94.247.200.3 
1222 | 206.13.30.12 
1223 | 92.42.200.66 
1224 | 212.73.65.40 
1225 | 64.135.2.250 
1226 | 69.28.97.4 
1227 | 195.110.17.40 
1228 | 158.43.240.3 
1229 | 82.96.40.83 
1230 | 164.2.255.241 
1231 | 206.124.0.254 
1232 | 216.52.94.33 
1233 | 200.221.11.101 
1234 | 216.52.161.33 
1235 | 198.100.146.51 
1236 | 203.189.88.133 
1237 | 193.7.169.9 
1238 | 212.118.241.33 
1239 | 200.175.0.91 
1240 | 164.33.1.4 
1241 | 89.160.63.190 
1242 | 212.41.4.1 
1243 | 198.6.1.122 
1244 | 65.39.139.53 
1245 | 64.254.99.13 
1246 | 64.132.94.250 
1247 | 195.182.192.2 
1248 | 81.7.200.80 
1249 | 202.45.84.59 
1250 | 212.118.241.33 
1251 | 91.206.72.2 
1252 | 206.252.187.110 
1253 | 164.124.101.51 
1254 | 38.112.17.138 
1255 | 195.24.228.3 
1256 | 195.221.20.10 
1257 | 87.204.28.12 
1258 | 217.198.161.1 
1259 | 146.185.134.104 
1260 | 193.142.115.131 
1261 | 203.99.253.1 
1262 | 81.18.242.100 
1263 | 66.165.164.250 
1264 | 103.3.213.210 
1265 | 80.67.169.12 
1266 | 193.17.213.10 
1267 | 159.230.4.130 
1268 | 203.189.88.156 
1269 | 199.80.64.202 
1270 | 212.230.255.129 
1271 | 194.102.93.2 
1272 | 93.88.148.138 
1273 | 201.217.18.178 
1274 | 77.109.138.45 
1275 | 41.221.5.11 
1276 | 203.189.88.212 
1277 | 216.66.80.26 
1278 | 12.127.16.67 
1279 | 202.44.204.63 
1280 | 203.189.88.11 
1281 | 218.44.242.98 
1282 | 85.94.224.2 
1283 | 193.231.112.1 
1284 | 195.110.16.40 
1285 | 77.87.152.9 
1286 | 94.155.90.7 
1287 | 193.89.248.1 
1288 | 207.91.5.32 
1289 | 149.6.140.30 
1290 | 208.66.232.66 
1291 | 91.206.213.2 
1292 | 213.157.176.2 
1293 | 62.105.17.252 
1294 | 213.23.108.129 
1295 | 205.162.201.2 
1296 | 193.28.100.200 
1297 | 203.193.139.150 
1298 | 212.102.225.2 
1299 | 220.233.0.3 
1300 | 217.117.0.38 
1301 | 194.6.240.1 
1302 | 173.241.133.189 
1303 | 193.205.136.1 
1304 | 4.2.2.4 
1305 | 212.245.158.66 
1306 | 193.16.48.66 
1307 | 193.201.185.2 
1308 | 212.1.118.3 
1309 | 82.198.129.138 
1310 | 193.239.60.19 
1311 | 212.53.34.1 
1312 | 209.87.79.232 
1313 | 213.88.195.146 
1314 | 216.52.41.1 
1315 | 78.159.232.232 
1316 | 89.255.96.3 
1317 | 195.251.119.23 
1318 | 82.199.32.36 
1319 | 165.166.142.42 
1320 | 38.112.17.142 
1321 | 62.91.2.20 
1322 | 142.46.1.130 
1323 | 81.12.49.100 
1324 | 4.79.132.219 
1325 | 91.197.164.11 
1326 | 79.132.192.2 
1327 | 203.189.88.11 
1328 | 203.115.130.74 
1329 | 202.62.224.2 
1330 | 217.18.206.12 
1331 | 206.124.64.253 
1332 | 195.198.214.72 
1333 | 69.28.239.8 
1334 | 84.32.112.202 
1335 | 83.166.8.18 
1336 | 195.153.19.5 
1337 | 203.189.89.241 
1338 | 85.172.0.250 
1339 | 77.239.96.2 
1340 | 59.12.239.70 
1341 | 203.189.89.131 
1342 | 212.84.181.99 
1343 | 82.96.65.2 
1344 | 216.52.190.33 
1345 | 202.174.131.19 
1346 | 213.157.196.132 
1347 | 37.221.170.105 
1348 | 190.249.175.122 
1349 | 64.79.224.27 
1350 | 83.240.154.200 
1351 | 216.147.131.34 
1352 | 200.85.61.90 
1353 | 216.106.184.6 
1354 | 204.97.212.10 
1355 | 194.146.136.1 
1356 | 194.145.198.6 
1357 | 81.180.206.137 
1358 | 218.102.23.228 
1359 | 194.158.230.54 
1360 | 85.132.32.41 
1361 | 212.28.34.90 
1362 | 101.255.64.82 
1363 | 67.214.64.27 
1364 | 211.172.208.2 
1365 | 81.92.226.181 
1366 | 210.34.0.18 
1367 | 163.152.1.1 
1368 | 91.200.113.1 
1369 | 195.177.223.3 
1370 | 217.170.1.1 
1371 | 77.88.8.88 
1372 | 62.77.85.98 
1373 | 67.100.88.27 
1374 | 103.20.188.83 
1375 | 198.6.1.6 
1376 | 213.172.33.35 
1377 | 206.80.254.4 
1378 | 193.226.128.129 
1379 | 62.108.161.161 
1380 | 217.196.1.6 
1381 | 66.112.235.200 
1382 | 194.105.32.2 
1383 | 122.155.13.155 
1384 | 83.228.65.52 
1385 | 66.118.80.4 
1386 | 209.142.136.85 
1387 | 74.222.30.2 
1388 | 193.34.129.253 
1389 | 168.243.165.226 
1390 | 164.115.2.132 
1391 | 80.80.111.254 
1392 | 195.198.127.20
1393 | 188.34.0.4 
1394 | 62.119.70.3 
1395 | 194.242.50.65 
1396 | 195.88.84.100 
1397 | 217.65.100.7 
1398 | 193.252.247.53 
1399 | 82.96.193.10 
1400 | 195.234.230.67 
1401 | 218.232.110.37 
1402 | 213.73.91.35 
1403 | 119.18.159.222 
1404 | 200.57.7.61 
1405 | 64.105.199.74 
1406 | 216.81.128.132 
1407 | 195.206.96.47 
1408 | 213.33.82.2 
1409 | 93.188.152.3 
1410 | 89.249.224.1 
1411 | 195.66.89.4 
1412 | 216.138.119.6 
1413 | 89.19.193.1 
1414 | 200.221.11.100 
1415 | 91.188.0.35 
1416 | 202.86.216.2 
1417 | 199.249.19.2 
1418 | 194.25.15.11 
1419 | 204.101.45.5 
1420 | 217.72.168.34 
1421 | 78.47.34.12 
1422 | 83.142.192.2 
1423 | 193.204.192.2 
1424 | 195.128.252.7 
1425 | 195.12.4.247 
1426 | 61.208.115.242 
1427 | 194.187.164.20 
1428 | 101.255.64.138 
1429 | 91.98.128.112 
1430 | 122.155.12.91 
1431 | 212.49.128.65 
1432 | 42.62.176.150 
1433 | 213.88.195.148 
1434 | 194.164.181.2 
1435 | 193.95.93.77 
1436 | 190.186.50.31 
1437 | 142.46.128.130 
1438 | 69.28.136.102 
1439 | 194.113.160.68 
1440 | 195.112.96.34 
1441 | 203.153.214.26 
1442 | 194.45.12.2 
1443 | 101.255.64.58 
1444 | 194.88.203.6 
1445 | 212.5.220.252 
1446 | 62.56.230.100 
1447 | 194.237.202.250 
1448 | 210.34.48.34 
1449 | 195.20.193.11 
1450 | 213.157.196.131 
1451 | 203.198.7.66 
1452 | 202.138.120.87 
1453 | 62.22.102.5 
1454 | 221.139.13.130 
1455 | 69.25.1.33 
1456 | 195.186.1.110 
1457 | 212.233.128.2 
1458 | 93.91.224.2 
1459 | 80.149.86.20 
1460 | 37.235.1.177 
1461 | 194.2.0.20 
1462 | 195.66.68.2 
1463 | 209.68.1.11 
1464 | 91.203.188.1 
1465 | 216.54.2.11 
1466 | 207.91.250.34 
1467 | 203.189.89.65 
1468 | 203.153.214.14 
1469 | 80.88.171.16 
1470 | 208.90.237.9 
1471 | 216.81.96.67 
1472 | 89.107.129.15 
1473 | 194.1.148.1 
1474 | 209.197.128.2 
1475 | 77.246.144.5 
1476 | 211.78.130.11 
1477 | 192.43.161.22 
1478 | 83.243.39.59 
1479 | 62.40.32.34 
1480 | 195.16.73.1 
1481 | 166.70.25.18 
1482 | 213.157.0.193 
1483 | 62.77.94.72 
1484 | 77.41.229.2 
1485 | 203.112.2.4 
1486 | 62.94.0.41 
1487 | 81.21.112.130 
1488 | 88.131.89.37 
1489 | 62.36.225.150 
1490 | 207.248.224.72 
1491 | 200.95.144.3 
1492 | 62.149.128.2 
1493 | 216.218.221.6 
1494 | 64.94.33.33 
1495 | 101.203.168.123 
1496 | 212.58.3.8 
1497 | 81.200.5.165 
1498 | 212.15.86.12 
1499 | 115.68.45.3 
1500 | 103.3.46.105 
1501 | 216.147.131.33 
1502 | 203.124.230.100 
1503 | 61.8.0.113 
1504 | 195.129.12.114 
1505 | 205.236.148.130 
1506 | 209.51.161.14 
1507 | 12.127.17.72 
1508 | 203.189.89.210 
1509 | 164.115.2.132 
1510 | 209.142.152.254 
1511 | 194.102.44.130 
1512 | 94.199.201.199 
1513 | 217.115.16.3 
1514 | 77.109.139.29 
1515 | 202.43.160.50 
1516 | 90.183.74.2 
1517 | 164.124.101.47 
1518 | 88.255.96.196 
1519 | 203.112.194.243 
1520 | 86.59.41.180 
1521 | 82.141.136.2 
1522 | 194.67.74.3 
1523 | 115.68.62.210 
1524 | 203.189.89.117 
1525 | 91.192.56.2 
1526 | 193.102.59.190 
1527 | 216.136.95.2 
1528 | 89.207.72.138 
1529 | 208.196.63.2 
1530 | 111.223.252.161 
1531 | 193.16.208.114 
1532 | 203.2.193.67 
1533 | 207.230.192.254 
1534 | 160.7.240.20 
1535 | 195.22.192.252 
1536 | 83.137.41.8 
1537 | 194.187.148.1 
1538 | 72.11.150.10 
1539 | 60.32.112.42 
1540 | 216.52.41.33 
1541 | 212.54.160.7 
1542 | 193.41.10.1 
1543 | 202.125.132.154 
1544 | 65.107.59.67 
1545 | 194.73.96.62 
1546 | 203.196.0.6 
1547 | 69.28.104.5 
1548 | 207.15.68.36 
1549 | 66.80.130.18 
1550 | 122.155.3.119 
1551 | 209.244.0.53 
1552 | 212.230.255.129 
1553 | 212.41.3.147 
1554 | 165.194.1.1 
1555 | 216.37.1.19 
1556 | 122.155.12.41 
1557 | 213.253.136.17 
1558 | 80.66.1.42 
1559 | 195.186.1.111 
1560 | 69.54.70.15 
1561 | 198.32.2.10
1562 | 212.38.95.254 
1563 | 187.110.170.74 
1564 | 217.77.176.11 
1565 | 201.131.4.5 
1566 | 193.43.108.62 
1567 | 211.61.13.227 
1568 | 194.116.170.66 
1569 | 5.144.12.202 
1570 | 194.30.163.5 
1571 | 213.178.66.112 
1572 | 195.137.246.17 
1573 | 78.143.192.20 
1574 | 207.164.234.129 
1575 | 95.215.149.5 
1576 | 94.236.199.8 
1577 | 82.209.213.60 
1578 | 61.60.224.5 
1579 | 94.23.222.19 
1580 | 206.253.33.131 
1581 | 211.61.13.126 
1582 | 202.133.99.11 
1583 | 213.253.193.2 
1584 | 194.149.156.140 
1585 | 193.78.240.12 
1586 | 58.68.121.230 
1587 | 210.180.98.69 
1588 | 216.52.65.1 
1589 | 216.27.175.2 
1590 | 193.230.230.1 
1591 | 211.41.128.70 
1592 | 211.78.130.10 
1593 | 62.37.225.56 
1594 | 62.165.32.250 
1595 | 211.161.46.84 
1596 | 83.143.12.246 
1597 | 220.110.92.202 
1598 | 4.2.2.2 
1599 | 209.216.160.131 
1600 | 193.138.78.117 
1601 | 209.143.22.182 
1602 | 203.89.226.24 
1603 | 217.29.16.250 
1604 | 66.182.208.5 
1605 | 201.217.51.45 
1606 | 217.173.198.3 
1607 | 147.29.37.20 
1608 | 69.24.112.10 
1609 | 88.82.84.129 
1610 | 195.243.214.4 
1611 | 195.54.152.3 
1612 | 193.171.4.60 
1613 | 81.20.240.34 
1614 | 69.24.112.11 
1615 | 93.88.16.66 
1616 | 221.186.85.74 
1617 | 80.254.77.39 
1618 | 193.228.86.5 
1619 | 194.25.0.52 
1620 | 91.98.234.4 
1621 | 89.187.240.60 
1622 | 129.219.17.200 
1623 | 194.77.8.1 
1624 | 62.122.208.68 
1625 | 74.84.4.139 
1626 | 160.220.137.2 
1627 | 203.189.88.151 
1628 | 193.231.236.30 
1629 | 63.238.52.2 
1630 | 87.250.77.204 
1631 | 91.98.30.222 
1632 | 69.67.97.18 
1633 | 168.215.165.186 
1634 | 205.152.132.23 
1635 | 119.252.20.75 
1636 | 208.59.89.20 
1637 | 208.54.220.20 
1638 | 66.7.160.122 
1639 | 61.63.0.66 
1640 | 64.94.1.1 
1641 | 85.114.105.3 
1642 | 146.66.19.238 
1643 | 217.77.223.114 
1644 | 200.53.250.1 
1645 | 66.232.139.10 
1646 | 193.86.86.2 
1647 | 121.52.206.130 
1648 | 216.52.254.1 
1649 | 115.68.100.102 
1650 | 70.36.0.6 
1651 | 212.65.160.43 
1652 | 193.42.81.68 
1653 | 212.112.39.22 
1654 | 87.230.13.136 
1655 | 194.126.181.47 
1656 | 64.212.106.84 
1657 | 193.47.72.17 
1658 | 24.248.137.39 
1659 | 83.149.244.194 
1660 | 91.214.72.33 
1661 | 111.223.252.225 
1662 | 89.107.210.171 
1663 | 141.1.1.1 
1664 | 62.33.203.33 
1665 | 194.218.25.250 
1666 | 80.73.1.1 
1667 | 23.226.230.72 
1668 | 195.178.123.130 
1669 | 165.194.128.1 
1670 | 213.128.194.2 
1671 | 95.158.128.2 
1672 | 212.203.32.11 
1673 | 208.71.147.74 
1674 | 69.28.239.9 
1675 | 210.80.58.3 
1676 | 203.77.161.12 
1677 | 202.28.162.1 
1678 | 62.128.1.42 
1679 | 46.163.72.207 
1680 | 67.214.159.199 
1681 | 202.62.31.18 
1682 | 207.248.57.10 
1683 | 24.154.1.4 
1684 | 65.210.29.34 
1685 | 192.76.144.66 
1686 | 217.64.167.1 
1687 | 14.139.223.100 
1688 | 41.221.6.38 
1689 | 66.218.245.13 
1690 | 192.172.250.8 
1691 | 194.44.211.194 
1692 | 195.251.123.232 
1693 | 213.0.76.5 
1694 | 117.102.224.230 
1695 | 212.4.96.22 
1696 | 89.187.240.59 
1697 | 64.135.1.20 
1698 | 189.90.16.20 
1699 | 201.161.6.46 
1700 | 42.62.176.74 
1701 | 203.242.200.5 
1702 | 64.81.159.2 
1703 | 208.67.220.222 
1704 | 195.186.4.111 
1705 | 80.94.32.240 
1706 | 213.8.145.133 
1707 | 194.187.100.2 
1708 | 212.9.161.2 
1709 | 194.126.130.6 
1710 | 209.161.175.29 
1711 | 66.203.66.203 
1712 | 158.43.240.4 
1713 | 91.239.100.100 
1714 | 202.0.107.125 
1715 | 211.78.130.3 
1716 | 216.52.97.33 
1717 | 212.67.131.4 
1718 | 211.175.82.66 
1719 | 203.124.230.21 
1720 | 80.64.32.2
1721 | 193.230.183.201 
1722 | 217.151.0.195 
1723 | 208.67.222.220 
1724 | 124.107.135.126 
1725 | 103.20.188.82 
1726 | 61.19.130.42 
1727 | 64.119.60.5 
1728 | 149.250.222.21 
1729 | 195.69.65.98 
1730 | 210.104.1.3 
1731 | 213.235.248.228 
1732 | 194.153.232.17 
1733 | 164.124.101.2 
1734 | 194.149.146.2 
1735 | 83.143.12.249 
1736 | 66.119.93.4 
1737 | 62.37.225.57 
1738 | 217.20.96.100 
1739 | 91.211.16.6 
1740 | 122.0.0.12 
1741 | 64.91.3.60 
1742 | 81.25.152.2 
1743 | 205.236.148.131 
1744 | 142.103.1.1 
1745 | 193.178.124.1 
1746 | 168.215.210.50 
1747 | 80.74.160.11 
1748 | 211.237.65.31 
1749 | 173.241.133.190 
1750 | 219.250.36.130 
1751 | 203.189.88.10 
1752 | 211.237.65.21 
1753 | 216.131.94.5 
1754 | 216.52.1.1 
1755 | 103.20.184.62 
1756 | 83.142.9.30
1757 | 195.145.22.37 
1758 | 207.15.68.164 
1759 | 200.57.2.108 
1760 | 216.52.1.33 
1761 | 217.27.240.20 
1762 | 216.194.28.33 
1763 | 213.241.193.250 
1764 | 77.72.17.17 
1765 | 220.233.0.4 
1766 | 205.172.19.193 
1767 | 85.119.72.2 
1768 | 217.107.11.35 
1769 | 195.114.173.153 
1770 | 121.152.231.196 
1771 | 194.149.133.11 
1772 | 62.29.160.228 
1773 | 206.80.254.68 
1774 | 216.181.31.11 
1775 | 208.86.117.40 
1776 | 211.63.64.11 
1777 | 202.180.64.9 
1778 | 195.66.156.26 
1779 | 189.38.95.96 
1780 | 62.231.100.14 
1781 | 208.48.253.106 
1782 | 81.180.201.98 
1783 | 219.252.2.100 
1784 | 217.14.128.50 
1785 | 212.216.172.222 
1786 | 195.149.138.3 
1787 | 193.58.204.59 
1788 | 213.235.248.228 
1789 | 213.16.104.61 
1790 | 195.27.1.1 
1791 | 50.116.28.138 
1792 | 211.115.194.2 
1793 | 217.144.6.6 
1794 | 194.54.148.129 
1795 | 212.85.32.3 
1796 | 164.124.107.9 
1797 | 61.70.87.96 
1798 | 203.176.144.20 
1799 | 168.213.3.11 
1800 | 206.104.144.62 
1801 | 85.88.19.10 
1802 | 212.59.199.2 
1803 | 111.223.252.27 
1804 | 194.105.156.2 
1805 | 81.90.168.3 
1806 | 193.46.84.2 
1807 | 207.15.68.36 
1808 | 195.146.81.130 
1809 | 82.216.111.121 
1810 | 151.11.85.5 
1811 | 217.20.82.4 
1812 | 216.22.81.60 
1813 | 62.94.0.42 
1814 | 208.116.30.21 
1815 | 94.247.200.2 
1816 | 203.239.131.1 
1817 | 211.115.194.3 
1818 | 83.228.65.52 
1819 | 193.95.93.77 
1820 | 216.106.1.2 
1821 | 72.52.104.74 
1822 | 212.110.122.132 
1823 | 64.105.97.90 
1824 | 62.133.163.171 
1825 | 204.9.122.102 
1826 | 66.165.183.87 
1827 | 194.20.8.1 
1828 | 193.15.251.65 
1829 | 62.128.1.53 
1830 | 193.148.29.100 
1831 | 212.85.32.2 
1832 | 203.124.250.70 
1833 | 72.46.0.2 
1834 | 209.142.136.220 
1835 | 193.148.29.103 
1836 | 203.115.71.66 
1837 | 217.156.106.1
1838 | 114.114.115.119 
1839 | 213.159.0.55 
1840 | 212.62.98.10 
1841 | 193.7.168.1 
1842 | 209.206.136.8 
1843 | 217.148.122.40 
1844 | 66.9.5.15 
1845 | 42.62.176.125 
1846 | 193.111.212.5 
1847 | 196.29.40.4 
1848 | 67.214.64.7 
1849 | 63.171.232.39 
1850 | 63.105.204.164 
1851 | 212.73.209.34 
1852 | 88.216.8.69 
1853 | 80.78.208.2 
1854 | 85.249.40.8 
1855 | 203.113.11.37 
1856 | 62.233.181.26 
1857 | 187.115.53.163 
1858 | 193.41.59.151 
1859 | 202.62.120.4 
1860 | 203.189.88.154 
1861 | 139.175.55.244 
1862 | 193.34.170.162 
1863 | 210.204.251.22 
1864 | 85.124.252.33 
1865 | 213.158.72.44
1866 | 218.248.240.23 
1867 | 89.186.66.7 
1868 | 77.72.192.3 
1869 | 77.73.104.3 
1870 | 193.226.145.2 
1871 | 64.56.129.2 
1872 | 194.95.141.1 
1873 | 77.72.178.77 
1874 | 80.92.178.98 
1875 | 63.246.63.142 
1876 | 64.135.1.22 
1877 | 213.211.50.2 
1878 | 49.0.124.46 
1879 | 213.27.209.55 
1880 | 82.115.23.3 
1881 | 216.52.65.33 
1882 | 87.241.63.4 
1883 | 178.254.21.113 
1884 | 69.51.76.26 
1885 | 195.138.160.3 
1886 | 46.246.46.246 
1887 | 81.27.133.50 
1888 | 61.72.225.1 
1889 | 65.203.109.2 
1890 | 203.153.41.28 
1891 | 194.183.88.40 
1892 | 85.132.32.42 
1893 | 192.121.170.170 
1894 | 209.251.33.2 
1895 | 74.207.242.213 
1896 | 194.126.159.20 
1897 | 193.189.114.254 
1898 | 194.250.223.2 
1899 | 103.20.188.82 
1900 | 89.185.75.244 
1901 | 213.133.224.2 
1902 | 213.159.0.70 
1903 | 190.41.153.24 
1904 | 212.214.229.170 
1905 | 66.218.44.5 
1906 | 195.7.64.3 
1907 | 195.18.161.132 
1908 | 207.249.163.155 
1909 | 203.176.144.12 
1910 | 216.244.192.32 
1911 | 213.146.65.11 
1912 | 83.151.112.193 
1913 | 66.92.64.2 
1914 | 93.157.233.3 
1915 | 77.88.8.1 
1916 | 195.67.15.73 
1917 | 121.52.87.65 
1918 | 194.20.8.4 
1919 | 217.20.240.5 
1920 | 82.212.67.101 
1921 | 203.189.89.210 
1922 | 217.24.113.214 
1923 | 193.254.22.13 
1924 | 62.129.252.252 
1925 | 76.10.192.201 
1926 | 193.101.111.10 
1927 | 62.192.128.60 
1928 | 193.43.181.62 
1929 | 194.242.50.65 
1930 | 64.105.172.26 
1931 | 193.109.53.2 
1932 | 37.19.5.135 
1933 | 94.153.224.74 
1934 | 91.199.139.1 
1935 | 101.255.64.86 
1936 | 165.87.201.244 
1937 | 217.159.1.126 
1938 | 62.116.30.200 
1939 | 195.129.12.83 
1940 | 221.151.200.206 
1941 | 119.252.167.229 
1942 | 168.126.63.1 
1943 | 200.85.61.90 
1944 | 117.102.224.190 
1945 | 195.67.160.3 
1946 | 212.73.154.2 
1947 | 131.155.140.130 
1948 | 216.218.221.6 
1949 | 208.38.1.15
1950 | 66.28.0.45 
1951 | 212.9.64.11 
1952 | 63.251.129.33 
1953 | 35.8.98.43 
1954 | 221.156.218.31 
1955 | 94.155.91.4 
1956 | 203.113.25.71 
1957 | 211.61.13.227 
1958 | 195.13.38.3 
1959 | 80.78.66.66 
1960 | 193.22.119.22 
1961 | 194.42.108.135 
1962 | 193.67.79.39 
1963 | 62.72.87.4 
1964 | 80.93.177.182 
1965 | 206.13.28.12 
1966 | 8.5.244.5 
1967 | 209.183.52.21 
1968 | 35.8.2.42 
1969 | 81.18.97.50 
1970 | 178.212.102.76 
1971 | 213.239.204.35 
1972 | 212.98.160.50 
1973 | 194.126.130.7 
1974 | 200.123.192.251 
1975 | 87.103.133.167 
1976 | 196.2.45.101 
1977 | 212.24.97.97 
1978 | 173.241.133.172 
1979 | 212.211.132.4 
1980 | 85.119.74.2 
1981 | 101.255.64.210 
1982 | 64.91.92.21 
1983 | 85.119.136.158 
1984 | 212.96.128.140 
1985 | 207.230.202.29 
1986 | 193.2.64.45 
1987 | 187.115.52.142 
1988 | 137.82.1.1 
1989 | 101.255.64.34 
1990 | 194.1.185.122 
1991 | 194.179.109.10 
1992 | 217.28.96.190 
1993 | 217.17.34.68 
1994 | 87.106.220.85 
1995 | 12.173.168.201 
1996 | 217.198.160.130 
1997 | 194.179.1.100 
1998 | 89.140.186.3 
1999 | 195.99.66.220 
2000 | 165.21.100.88 
2001 | 149.211.153.50 
2002 | 81.189.121.68 
2003 | 209.142.152.253 
2004 | 195.2.195.1 
2005 | 203.229.169.1 
2006 | 66.28.0.61 
2007 | 69.16.170.11 
2008 | 81.95.128.218 
2009 | 209.143.0.10 
2010 | 193.27.192.98 
2011 | 194.75.147.212 
2012 | 217.148.0.17 
2013 | 81.196.170.20 
2014 | 168.188.1.1 
2015 | 


--------------------------------------------------------------------------------
/subbrute/subbrute.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | #
  3 | #SubBrute v1.2
  4 | #A (very) fast subdomain enumeration tool.
  5 | #
  6 | #Maintained by rook
  7 | #Contributors:
  8 | #JordanMilne, KxCode, rc0r, memoryprint, ppaulojr  
  9 | #
 10 | import re
 11 | import optparse
 12 | import os
 13 | import signal
 14 | import sys
 15 | import uuid
 16 | import random
 17 | import ctypes
 18 | import dns.resolver
 19 | import dns.rdatatype
 20 | import json
 21 | 
 22 | #Python 2.x and 3.x compatiablity
 23 | #We need the Queue library for exception handling
 24 | try:
 25 |     import queue as Queue
 26 | except:
 27 |     import Queue
 28 | 
 29 | #The 'multiprocessing' library does not rely upon a Global Interpreter Lock (GIL)
 30 | import multiprocessing
 31 | 
 32 | #Microsoft compatiablity
 33 | if  sys.platform.startswith('win'):
 34 |     #Drop-in replacement,  subbrute + multiprocessing throws exceptions on windows.
 35 |     import threading
 36 |     multiprocessing.Process = threading.Thread
 37 | 
 38 | class verify_nameservers(multiprocessing.Process):
 39 | 
 40 |     def __init__(self, target, record_type, resolver_q, resolver_list, wildcards):
 41 |         multiprocessing.Process.__init__(self, target = self.run)
 42 |         self.daemon = True
 43 |         signal_init()
 44 | 
 45 |         self.time_to_die = False
 46 |         self.resolver_q = resolver_q
 47 |         self.wildcards = wildcards
 48 |         #Do we need wildcards for other types of records?
 49 |         #This needs testing!
 50 |         self.record_type = "A"
 51 |         if record_type == "AAAA":
 52 |             self.record_type = record_type
 53 |         self.resolver_list = resolver_list
 54 |         resolver = dns.resolver.Resolver()
 55 |         #The domain provided by the user.
 56 |         self.target = target
 57 |         #1 website in the world,  modify the following line when this status changes.
 58 |         #www.google.cn,  I'm looking at you ;)
 59 |         self.most_popular_website = "www.google.com"
 60 |         #We shouldn't need the backup_resolver, but we we can use them if need be.
 61 |         #We must have a resolver,  and localhost can work in some environments.
 62 |         self.backup_resolver = resolver.nameservers + ['127.0.0.1', '8.8.8.8', '8.8.4.4']
 63 |         #Ideally a nameserver should respond in less than 1 sec.
 64 |         resolver.timeout = 1
 65 |         resolver.lifetime = 1
 66 |         try:
 67 |             #Lets test the letancy of our connection.
 68 |             #Google's DNS server should be an ideal time test.
 69 |             resolver.nameservers = ['8.8.8.8']
 70 |             resolver.query(self.most_popular_website, self.record_type)
 71 |         except:
 72 |             #Our connection is slower than a junebug in molasses
 73 |             resolver = dns.resolver.Resolver()
 74 |         self.resolver = resolver
 75 | 
 76 |     def end(self):
 77 |         self.time_to_die = True
 78 | 
 79 |     #This process cannot block forever,  it  needs to check if its time to die.
 80 |     def add_nameserver(self, nameserver):
 81 |         keep_trying = True
 82 |         while not self.time_to_die and keep_trying:
 83 |             try:
 84 |                 self.resolver_q.put(nameserver, timeout = 1)
 85 |                 trace("Added nameserver:", nameserver)
 86 |                 keep_trying = False
 87 |             except Exception as e:
 88 |                 if type(e) == Queue.Full or str(type(e)) == "<class 'queue.Full'>":
 89 |                     keep_trying = True
 90 | 
 91 |     def verify(self, nameserver_list):
 92 |         added_resolver = False
 93 |         for server in nameserver_list:
 94 |             if self.time_to_die:
 95 |                 #We are done here.
 96 |                 break
 97 |             server = server.strip()
 98 |             if server:
 99 |                 self.resolver.nameservers = [server]
100 |                 try:
101 |                     #test_result = self.resolver.query(self.most_popular_website, "A")
102 |                     #should throw an exception before this line.
103 |                     if True:#test_result:
104 |                         #Only add the nameserver to the queue if we can detect wildcards. 
105 |                         if(self.find_wildcards(self.target)):# and self.find_wildcards(".com")
106 |                             #wildcards have been added to the set, it is now safe to be added to the queue.
107 |                             #blocking queue,  this process will halt on put() when the queue is full:
108 |                             self.add_nameserver(server)
109 |                             added_resolver = True
110 |                         else:
111 |                             trace("Rejected nameserver - wildcard:", server)
112 |                 except Exception as e:
113 |                     #Rejected server :(
114 |                     trace("Rejected nameserver - unreliable:", server, type(e)) 
115 |         return added_resolver
116 | 
117 |     def run(self):
118 |         #Every user will get a different set of resovlers, this helps redistribute traffic.
119 |         random.shuffle(self.resolver_list)
120 |         if not self.verify(self.resolver_list):
121 |             #This should never happen,  inform the user.
122 |             sys.stderr.write('Warning: No nameservers found, trying fallback list.\n')
123 |             #Try and fix it for the user:
124 |             self.verify(self.backup_resolver)
125 |         #End of the resolvers list.
126 |         try:
127 |             self.resolver_q.put(False, timeout = 1)
128 |         except:
129 |             pass
130 | 
131 |     #Only add the nameserver to the queue if we can detect wildcards. 
132 |     #Returns False on error.
133 |     def find_wildcards(self, host):
134 |         #We want sovle the following three problems:
135 |         #1)The target might have a wildcard DNS record.
136 |         #2)The target maybe using geolocaiton-aware DNS.
137 |         #3)The DNS server we are testing may respond to non-exsistant 'A' records with advertizements.
138 |         #I have seen a CloudFlare Enterprise customer with the first two conditions.
139 |         try:
140 |             #This is case #3,  these spam nameservers seem to be more trouble then they are worth.
141 |              wildtest = self.resolver.query(uuid.uuid4().hex + ".com", "A")
142 |              if len(wildtest):
143 |                 trace("Spam DNS detected:", host)
144 |                 return False
145 |         except:
146 |             pass
147 |         test_counter = 8
148 |         looking_for_wildcards = True
149 |         while looking_for_wildcards and test_counter >= 0 :
150 |             looking_for_wildcards = False
151 |             #Don't get lost, this nameserver could be playing tricks.
152 |             test_counter -= 1            
153 |             try:
154 |                 testdomain = "%s.%s" % (uuid.uuid4().hex, host)
155 |                 wildtest = self.resolver.query(testdomain, self.record_type)
156 |                 #This 'A' record may contain a list of wildcards.
157 |                 if wildtest:
158 |                     for w in wildtest:
159 |                         w = str(w)
160 |                         if w not in self.wildcards:
161 |                             #wildcards were detected.
162 |                             self.wildcards[w] = None
163 |                             #We found atleast one wildcard, look for more.
164 |                             looking_for_wildcards = True
165 |             except Exception as e:
166 |                 if type(e) == dns.resolver.NXDOMAIN or type(e) == dns.name.EmptyLabel:
167 |                     #not found
168 |                     return True
169 |                 else:
170 |                     #This resolver maybe flakey, we don't want it for our tests.
171 |                     trace("wildcard exception:", self.resolver.nameservers, type(e)) 
172 |                     return False 
173 |         #If we hit the end of our depth counter and,
174 |         #there are still wildcards, then reject this nameserver because it smells bad.
175 |         return (test_counter >= 0)
176 | 
177 | class lookup(multiprocessing.Process):
178 | 
179 |     def __init__(self, in_q, out_q, resolver_q, domain, wildcards, spider_blacklist):
180 |         multiprocessing.Process.__init__(self, target = self.run)
181 |         signal_init()
182 |         self.required_nameservers = 16
183 |         self.in_q = in_q
184 |         self.out_q = out_q
185 |         self.resolver_q = resolver_q        
186 |         self.domain = domain
187 |         self.wildcards = wildcards
188 |         self.spider_blacklist = spider_blacklist
189 |         self.resolver = dns.resolver.Resolver()
190 |         #Force pydns to use our nameservers
191 |         self.resolver.nameservers = []
192 | 
193 |     def get_ns(self):
194 |         ret = []
195 |         try:
196 |             ret = [self.resolver_q.get_nowait()]
197 |             if ret == False:
198 |                 #Queue is empty,  inform the rest.
199 |                 self.resolver_q.put(False)
200 |                 ret = []
201 |         except:
202 |             pass      
203 |         return ret  
204 | 
205 |     def get_ns_blocking(self):
206 |         ret = []
207 |         ret = [self.resolver_q.get()]
208 |         if ret == False:
209 |             trace("get_ns_blocking - Resolver list is empty.")
210 |             #Queue is empty,  inform the rest.
211 |             self.resolver_q.put(False)
212 |             ret = []
213 |         return ret
214 | 
215 |     def check(self, host, record_type = "A", retries = 0):
216 |         trace("Checking:", host)
217 |         cname_record = []
218 |         retries = 0        
219 |         if len(self.resolver.nameservers) <= self.required_nameservers:
220 |             #This process needs more nameservers,  lets see if we have one avaible
221 |             self.resolver.nameservers += self.get_ns()
222 |         #Ok we should be good to go.
223 |         while True:
224 |             try:
225 |                 #Query the nameserver, this is not simple...
226 |                 if not record_type or record_type == "A":
227 |                     resp = self.resolver.query(host)
228 |                     #Crawl the response
229 |                     hosts = extract_hosts(str(resp.response), self.domain)
230 |                     for h in hosts:
231 |                         if h not in self.spider_blacklist:
232 |                             self.spider_blacklist[h]=None
233 |                             trace("Found host with spider:", h)
234 |                             self.in_q.put((h, record_type, 0))
235 |                     return resp
236 |                 if record_type == "CNAME":
237 |                     #A max 20 lookups
238 |                     for x in range(20):
239 |                         try:
240 |                             resp = self.resolver.query(host, record_type)
241 |                         except dns.resolver.NoAnswer:
242 |                             resp = False
243 |                             pass
244 |                         if resp and resp[0]:
245 |                             host = str(resp[0]).rstrip(".")
246 |                             cname_record.append(host)
247 |                         else:
248 |                             return cname_record                    
249 |                 else:
250 |                     #All other records:
251 |                     return self.resolver.query(host, record_type)
252 | 
253 |             except Exception as e:
254 |                 if type(e) == dns.resolver.NoNameservers:
255 |                     #We should never be here.
256 |                     #We must block,  another process should try this host.
257 |                     #do we need a limit?
258 |                     self.in_q.put((host, record_type, 0))
259 |                     self.resolver.nameservers += self.get_ns_blocking()
260 |                     return False
261 |                 elif type(e) == dns.resolver.NXDOMAIN:
262 |                     #"Non-existent domain name."
263 |                     return False
264 |                 elif type(e) == dns.resolver.NoAnswer:
265 |                     #"The response did not contain an answer."
266 |                     if retries >= 1:
267 |                         trace("NoAnswer retry")
268 |                         return False
269 |                     retries += 1
270 |                 elif type(e) == dns.resolver.Timeout:
271 |                     trace("lookup failure:", host, retries)
272 |                     #Check if it is time to give up.
273 |                     if retries >= 3:
274 |                         if retries > 3:
275 |                             #Sometimes 'internal use' subdomains will timeout for every request.
276 |                             #As far as I'm concerned, the authorative name server has told us this domain exists,
277 |                             #we just can't know the address value using this method.
278 |                             return ['Mutiple Query Timeout - External address resolution was restricted']
279 |                         else:
280 |                             #Maybe another process can take a crack at it.
281 |                             self.in_q.put((host, record_type, retries + 1))
282 |                         return False
283 |                     retries += 1
284 |                     #retry...
285 |                 elif type(e) == IndexError:
286 |                     #Some old versions of dnspython throw this error,
287 |                     #doesn't seem to affect the results,  and it was fixed in later versions.
288 |                     pass
289 |                 elif type(e) == TypeError:
290 |                     # We'll get here if the number procs > number of resolvers.
291 |                     # This is an internal error do we need a limit?
292 |                     self.in_q.put((host, record_type, 0))
293 |                     return False
294 |                 elif type(e) == dns.rdatatype.UnknownRdatatype:
295 |                     error("DNS record type not supported:", record_type)
296 |                 else:
297 |                     trace("Problem processing host:", host)
298 |                     #dnspython threw some strange exception...
299 |                     raise e
300 | 
301 |     def run(self):
302 |         #This process needs one resolver before it can start looking.
303 |         self.resolver.nameservers += self.get_ns_blocking()
304 |         while True:
305 |             found_addresses = []
306 |             work = self.in_q.get()
307 |             #Check if we have hit the end marker
308 |             while not work:
309 |                 #Look for a re-queued lookup
310 |                 try:
311 |                     work = self.in_q.get(blocking = False)
312 |                     #if we took the end marker of the queue we need to put it back
313 |                     if work:
314 |                         self.in_q.put(False)
315 |                 except:#Queue.Empty
316 |                     trace('End of work queue')
317 |                     #There isn't an item behind the end marker
318 |                     work = False
319 |                     break
320 |             #Is this the end all work that needs to be done?
321 |             if not work:
322 |                 #Perpetuate the end marker for all threads to see
323 |                 self.in_q.put(False)
324 |                 #Notify the parent that we have died of natural causes
325 |                 self.out_q.put(False)
326 |                 break
327 |             else:
328 |                 if len(work) == 3:
329 |                     #keep track of how many times this lookup has timedout.
330 |                     (hostname, record_type, timeout_retries) = work
331 |                     response = self.check(hostname, record_type, timeout_retries)
332 |                 else:
333 |                     (hostname, record_type) = work
334 |                     response = self.check(hostname, record_type) 
335 |                 sys.stdout.flush()
336 |                 trace(response)                  
337 |                 #self.wildcards is populated by the verify_nameservers() thread.
338 |                 #This variable doesn't need a muetex, because it has a queue. 
339 |                 #A queue ensure nameserver cannot be used before it's wildcard entries are found.
340 |                 reject = False
341 |                 if response:
342 |                     for a in response:
343 |                         a = str(a)
344 |                         if a in self.wildcards:
345 |                             trace("resovled wildcard:", hostname)
346 |                             reject= True
347 |                             #reject this domain.
348 |                             break;
349 |                         else:
350 |                             found_addresses.append(a)
351 |                     if not reject:
352 |                         #This request is filled, send the results back  
353 |                         result = (hostname, record_type, found_addresses)
354 |                         self.out_q.put(result)
355 | 
356 | #Extract relevant hosts
357 | #The dot at the end of a domain signifies the root,
358 | #and all TLDs are subs of the root.
359 | host_match = re.compile(r"((?<=[\s])[a-zA-Z0-9_-]+\.(?:[a-zA-Z0-9_-]+\.?)+(?=[\s]))")
360 | def extract_hosts(data, hostname):
361 |     #made a global to avoid re-compilation
362 |     global host_match
363 |     ret = []
364 |     hosts = re.findall(host_match, data)
365 |     for fh in hosts:
366 |         host = fh.rstrip(".")
367 |         #Is this host in scope?
368 |         if host.endswith(hostname):
369 |             ret.append(host)
370 |     return ret
371 | 
372 | #Return a list of unique sub domains,  sorted by frequency.
373 | #Only match domains that have 3 or more sections subdomain.domain.tld
374 | domain_match = re.compile("([a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*)+")
375 | def extract_subdomains(file_name):
376 |     #Avoid re-compilation
377 |     global domain_match
378 |     subs = {}
379 |     sub_file = open(file_name).read()
380 |     f_all = re.findall(domain_match, sub_file)
381 |     del sub_file
382 |     for i in f_all:
383 |         if i.find(".") >= 0:
384 |             p = i.split(".")[0:-1]
385 |             #gobble everything that might be a TLD
386 |             while p and len(p[-1]) <= 3:
387 |                 p = p[0:-1]
388 |             #remove the domain name
389 |             p = p[0:-1]
390 |             #do we have a subdomain.domain left?
391 |             if len(p) >= 1:
392 |                 trace(str(p), " : ", i)
393 |                 for q in p:
394 |                     if q :
395 |                         #domain names can only be lower case.
396 |                         q = q.lower()
397 |                         if q in subs:
398 |                             subs[q] += 1
399 |                         else:
400 |                             subs[q] = 1
401 |     #Free some memory before the sort...
402 |     del f_all
403 |     #Sort by freq in desc order
404 |     subs_sorted = sorted(subs.keys(), key = lambda x: subs[x], reverse = True)
405 |     return subs_sorted
406 | 
407 | def print_target(target, record_type = None, subdomains = "names.txt", resolve_list = "resolvers.txt", process_count = 16, output = False, json_output = False, found_subdomains=[],verbose=False):
408 |     subdomains_list = []
409 |     results_temp = []
410 |     run(target, record_type, subdomains, resolve_list, process_count)
411 |     for result in run(target, record_type, subdomains, resolve_list, process_count):
412 |         (hostname, record_type, response) = result
413 |         if not record_type:
414 |             result = hostname
415 |         else:
416 |             result = "%s,%s" % (hostname, ",".join(response).strip(","))
417 |         if result not in found_subdomains:
418 |             if verbose:
419 |                 print(result)
420 |             subdomains_list.append(result)
421 | 
422 |     return  set(subdomains_list)
423 | 
424 | def run(target, record_type = None, subdomains = "names.txt", resolve_list = "resolvers.txt", process_count = 16):
425 |     subdomains = check_open(subdomains)
426 |     resolve_list = check_open(resolve_list)
427 |     if (len(resolve_list) / 16) < process_count:
428 |         sys.stderr.write('Warning: Fewer than 16 resovlers per thread, consider adding more nameservers to resolvers.txt.\n')
429 |     if os.name == 'nt':
430 |         wildcards = {}
431 |         spider_blacklist = {}
432 |     else:
433 |         wildcards = multiprocessing.Manager().dict()
434 |         spider_blacklist = multiprocessing.Manager().dict()
435 |     in_q = multiprocessing.Queue()
436 |     out_q = multiprocessing.Queue()
437 |     #have a buffer of at most two new nameservers that lookup processes can draw from.
438 |     resolve_q = multiprocessing.Queue(maxsize = 2)
439 | 
440 |     #Make a source of fast nameservers avaiable for other processes.
441 |     verify_nameservers_proc = verify_nameservers(target, record_type, resolve_q, resolve_list, wildcards)
442 |     verify_nameservers_proc.start()
443 |     #The empty string 
444 |     in_q.put((target, record_type))
445 |     spider_blacklist[target]=None
446 |     #A list of subdomains is the input
447 |     for s in subdomains:
448 |         s = str(s).strip()
449 |         if s:
450 |             if s.find(","):
451 |                 #SubBrute should be forgiving, a comma will never be in a url
452 |                 #but the user might try an use a CSV file as input.
453 |                 s=s.split(",")[0]
454 |             if not s.endswith(target):
455 |                 hostname = "%s.%s" % (s, target)
456 |             else:
457 |                 #A user might feed an output list as a subdomain list.
458 |                 hostname = s
459 |             if hostname not in spider_blacklist:
460 |                 spider_blacklist[hostname]=None
461 |                 work = (hostname, record_type)
462 |                 in_q.put(work)
463 |     #Terminate the queue
464 |     in_q.put(False)
465 |     for i in range(process_count):
466 |         worker = lookup(in_q, out_q, resolve_q, target, wildcards, spider_blacklist)
467 |         worker.start()
468 |     threads_remaining = process_count
469 |     while True:
470 |         try:
471 |             #The output is valid hostnames
472 |             result = out_q.get(True, 10)
473 |             #we will get an empty exception before this runs. 
474 |             if not result:
475 |                 threads_remaining -= 1
476 |             else:
477 |                 #run() is a generator, and yields results from the work queue
478 |                 yield result
479 |         except Exception as e:
480 |             #The cx_freeze version uses queue.Empty instead of Queue.Empty :(
481 |             if type(e) == Queue.Empty or str(type(e)) == "<class 'queue.Empty'>":
482 |                 pass
483 |             else:
484 |                 raise(e)
485 |         #make sure everyone is complete
486 |         if threads_remaining <= 0:
487 |             break
488 |     trace("killing nameserver process")
489 |     #We no longer require name servers.
490 |     try:
491 |         killproc(pid = verify_nameservers_proc.pid)
492 |     except:
493 |         #Windows threading.tread
494 |         verify_nameservers_proc.end()
495 |     trace("End")
496 | 
497 | #exit handler for signals.  So ctrl+c will work. 
498 | #The 'multiprocessing' library each process is it's own process which side-steps the GIL
499 | #If the user wants to exit prematurely,  each process must be killed.
500 | def killproc(signum = 0, frame = 0, pid = False):
501 |     if not pid:
502 |         pid = os.getpid()
503 |     if sys.platform.startswith('win'):
504 |         try:
505 |             kernel32 = ctypes.windll.kernel32
506 |             handle = kernel32.OpenProcess(1, 0, pid)
507 |             kernel32.TerminateProcess(handle, 0)
508 |         except:
509 |             #Oah windows.
510 |             pass
511 |     else:
512 |         os.kill(pid, 9)
513 | 
514 | #Toggle debug output
515 | verbose = False
516 | def trace(*args, **kwargs):
517 |     if verbose:
518 |         for a in args:
519 |             sys.stderr.write(str(a))
520 |             sys.stderr.write(" ")
521 |         sys.stderr.write("\n")
522 | 
523 | def error(*args, **kwargs):
524 |     for a in args:
525 |         sys.stderr.write(str(a))
526 |         sys.stderr.write(" ")
527 |     sys.stderr.write("\n")
528 |     sys.exit(1)
529 | 
530 | def check_open(input_file):
531 |     ret = []
532 |     #If we can't find a resolver from an input file, then we need to improvise.
533 |     try:
534 |         ret = open(input_file).readlines()
535 |     except:
536 |         error("File not found:", input_file)
537 |     if not len(ret):
538 |         error("File is empty:", input_file)
539 |     return ret
540 | 
541 | #Every 'multiprocessing' process needs a signal handler.
542 | #All processes need to die, we don't want to leave zombies.
543 | def signal_init():
544 |     #Escliate signal to prevent zombies.
545 |     signal.signal(signal.SIGINT, killproc)
546 |     try:
547 |         signal.signal(signal.SIGTSTP, killproc)
548 |         signal.signal(signal.SIGQUIT, killproc)
549 |     except:
550 |         #Windows
551 |         pass
552 | 
553 | if __name__ == "__main__":
554 |     if getattr(sys, 'frozen', False):
555 |         # cx_freeze windows:
556 |         base_path = os.path.dirname(sys.executable)
557 |         multiprocessing.freeze_support()
558 |     else:
559 |         #everything else:
560 |         base_path = os.path.dirname(os.path.realpath(__file__))
561 |     parser = optparse.OptionParser("usage: %prog [options] target")
562 |     parser.add_option("-s", "--subs", dest = "subs", default = os.path.join(base_path, "names.txt"),
563 |               type = "string", help = "(optional) list of subdomains,  default = 'names.txt'")
564 |     parser.add_option("-r", "--resolvers", dest = "resolvers", default = os.path.join(base_path, "resolvers.txt"),
565 |               type = "string", help = "(optional) A list of DNS resolvers, if this list is empty it will OS's internal resolver default = 'resolvers.txt'")
566 |     parser.add_option("-t", "--targets_file", dest = "targets", default = "",
567 |               type = "string", help = "(optional) A file containing a newline delimited list of domains to brute force.")
568 |     parser.add_option("-o", "--output", dest = "output",  default = False, help = "(optional) Output to file (Greppable Format)")
569 |     parser.add_option("-j", "--json", dest="json", default = False, help="(optional) Output to file (JSON Format)")
570 |     parser.add_option("-a", "-A", action = 'store_true', dest = "ipv4", default = False,
571 |               help = "(optional) Print all IPv4 addresses for sub domains (default = off).")
572 |     parser.add_option("--type", dest = "type", default = False,
573 |               type = "string", help = "(optional) Print all reponses for an arbitrary DNS record type (CNAME, AAAA, TXT, SOA, MX...)")                  
574 |     parser.add_option("-c", "--process_count", dest = "process_count",
575 |               default = 16, type = "int",
576 |               help = "(optional) Number of lookup theads to run. default = 16")
577 |     parser.add_option("-f", "--filter_subs", dest = "filter", default = "",
578 |               type = "string", help = "(optional) A file containing unorganized domain names which will be filtered into a list of subdomains sorted by frequency.  This was used to build names.txt.")                 
579 |     parser.add_option("-v", "--verbose", action = 'store_true', dest = "verbose", default = False,
580 |               help = "(optional) Print debug information.")
581 |     (options, args) = parser.parse_args()
582 | 
583 |     
584 |     verbose = options.verbose
585 | 
586 |     if len(args) < 1 and options.filter == "" and options.targets == "":
587 |         parser.error("You must provie a target. Use -h for help.")
588 | 
589 |     if options.filter != "":
590 |         #cleanup this file and print it out
591 |         for d in extract_subdomains(options.filter):
592 |             print(d)
593 |         sys.exit()
594 | 
595 |     if options.targets != "":
596 |         targets = check_open(options.targets) #the domains
597 |     else:
598 |         targets = args #multiple arguments on the cli: ./subbrute.py google.com gmail.com yahoo.com    if (len(resolver_list) / 16) < options.process_count:
599 | 
600 |     output = False
601 |     if options.output:
602 |         try:
603 |              output = open(options.output, "w")
604 |         except:
605 |             error("Failed writing to file:", options.output)
606 | 
607 |     json_output = False
608 |     if options.json:
609 |         try:
610 |             json_output = open(options.json, "w")
611 |         except:
612 |             error("Failed writing to file:", options.json)
613 | 
614 |     record_type = False
615 |     if options.ipv4:
616 |         record_type="A"
617 |     if options.type:
618 |         record_type = str(options.type).upper()
619 | 
620 |     threads = []
621 |     for target in targets:
622 |         target = target.strip()
623 |         if target:
624 | 
625 |             #target => domain
626 |             #record_type => 
627 |             #options.subs => file the contain the subdomains list
628 |             #options.process_count => process count default = 16
629 |             #options.resolvers => the resolvers file
630 |             #options.output
631 |             #options.json
632 |             print(target, record_type, options.subs, options.resolvers, options.process_count, output, json_output)
633 |             print_target(target, record_type, options.subs, options.resolvers, options.process_count, output, json_output)
634 | 
635 | 
636 | 


--------------------------------------------------------------------------------
/sublist3r.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # coding: utf-8
 3 | # Sublist3r v1.0p (Plazmaz's Fork)
 4 | # By Ahmed Aboul-Ela - https://www.twitter.com/aboul3la
 5 | # Rewritten by Dylan Katz - https://www.twitter.com/Plazmaz
 6 | 
 7 | import argparse
 8 | # modules in standard library
 9 | import sys
10 | 
11 | # external modules
12 | from scan_flags import ScanParams
13 | # Python 2.x and 3.x compatiablity
14 | from subscann3r import SubScann3r
15 | 
16 | # In case you cannot install some of the required development packages
17 | # there's also an option to disable the SSL warning:
18 | from util.util import Util
19 | logger = Util.get_logger()
20 | 
21 | try:
22 |     import requests.packages.urllib3
23 | 
24 |     requests.packages.urllib3.disable_warnings()
25 | except:
26 |     pass
27 | 
28 | 
29 | def parser_error(errmsg):
30 |     logger.banner()
31 |     print("Usage: python " + sys.argv[0] + " [Options] use -h for help")
32 |     print(logger.R + "Error: " + errmsg + logger.W)
33 |     sys.exit()
34 | 
35 | 
36 | def parse_args():
37 |     # parse the arguments
38 |     parser = argparse.ArgumentParser(epilog='\tExample: \r\npython ' + sys.argv[0] + " -d google.com")
39 |     parser.error = parser_error
40 |     parser._optionals.title = "OPTIONS"
41 |     parser.add_argument('-d', '--domain', help="Domain name to enumerate it's subdomains", required=True)
42 |     parser.add_argument('-b', '--bruteforce', help='Enable the subbrute bruteforce module', nargs='?', default=False)
43 |     parser.add_argument('-p', '--ports', help='Scan the found subdomains against specified tcp ports')
44 |     parser.add_argument('-v', '--verbose', help='Enable Verbosity and display results in realtime', nargs='?',
45 |                         default=False)
46 |     parser.add_argument('-t', '--threads', help='Number of threads to use for subbrute bruteforce', type=int,
47 |                         default=30)
48 |     parser.add_argument('-to', '--takeover-scan', help='Scan for subdomain takeover issues', nargs='?', default=False)
49 |     parser.add_argument('-e', '--engines', help='Specify a comma-separated list of search engines')
50 |     parser.add_argument('-o', '--output', help='Save the results to text file')
51 |     return parser.parse_args()
52 | 
53 | 
54 | def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce, takeover_check, engines):
55 |     logger.is_verbose = verbose
56 |     options = ScanParams(silent=silent, verbose=verbose, brute_force=enable_bruteforce, takeover_check=takeover_check,
57 |                          thread_count=threads, engines=engines, ports=ports, savefile=savefile)
58 |     scanner = SubScann3r(domain, logger, options)
59 |     return scanner.scan()
60 | 
61 | 
62 | if __name__ == "__main__":
63 |     args = parse_args()
64 |     domain = args.domain
65 |     threads = args.threads
66 |     savefile = args.output
67 |     ports = args.ports
68 |     enable_bruteforce = args.bruteforce
69 |     verbose = args.verbose
70 |     engines = args.engines
71 |     takeover_check = args.takeover_scan
72 |     if verbose or verbose is None:
73 |         verbose = True
74 |     if takeover_check or takeover_check is None:
75 |         takeover_check = True
76 |     logger.banner()
77 |     res = main(domain, threads, savefile, ports, silent=False, verbose=verbose, enable_bruteforce=enable_bruteforce,
78 |                takeover_check=takeover_check, engines=engines)
79 | 


--------------------------------------------------------------------------------
/subscann3r.py:
--------------------------------------------------------------------------------
  1 | import multiprocessing
  2 | import os
  3 | import re
  4 | import sys
  5 | 
  6 | from engines.engine import Engines
  7 | 
  8 | # external modules
  9 | from subbrute import subbrute
 10 | 
 11 | from util.port_scanner import PortScanner
 12 | from util.util import Util
 13 | 
 14 | # Python 2.x and 3.x compatibility
 15 | if sys.version >= '3':
 16 |     import urllib.parse as urlparse
 17 | else:
 18 |     import urlparse
 19 | 
 20 | # Check if we are running this on windows platform
 21 | is_windows = sys.platform.startswith('win')
 22 | 
 23 | # In case you cannot install some of the required development packages
 24 | # there's also an option to disable the SSL warning:
 25 | try:
 26 |     import requests.packages.urllib3
 27 |     requests.packages.urllib3.disable_warnings()
 28 | except:
 29 |     pass
 30 | 
 31 | 
 32 | class SubScann3r:
 33 |     def __init__(self, domain, logger, scan_flags):
 34 |         self.logger = logger
 35 |         self.domain = domain
 36 |         self.scan_flags = scan_flags
 37 | 
 38 |     def scan(self):
 39 |         bruteforce_list = set()
 40 |         search_list = set()
 41 | 
 42 |         if is_windows:
 43 |             subdomains_queue = list()
 44 |         else:
 45 |             subdomains_queue = multiprocessing.Manager().list()
 46 | 
 47 |         # Check Bruteforce Status
 48 |         # if self.scan_flags.BruteForce or self.scan_flags.BruteForce is None:
 49 |         #     self.scan_flags.BruteForce = True
 50 | 
 51 |         # Check Takeover Status
 52 |         # if self.scan_flags.TakeoverCheck or self.scan_flags.TakeoverCheck is None:
 53 |         #     self.scan_flags.TakeoverCheck = True
 54 | 
 55 |         # Validate domain
 56 |         domain_check = re.compile("^(http|https)?[a-zA-Z0-9]+([\-.][a-zA-Z0-9]+)*\.[a-zA-Z]{2,}$")
 57 |         if not domain_check.match(self.domain):
 58 |             if not self.scan_flags.Silent:
 59 |                 print(self.logger.R + "Error: Please enter a valid domain" + self.logger.W)
 60 |             return []
 61 | 
 62 |         if not self.domain.startswith('http://') and not self.domain.startswith('https://'):
 63 |             self.domain = 'http://' + self.domain
 64 | 
 65 |         parsed_domain = urlparse.urlparse(self.domain)
 66 | 
 67 |         if not self.scan_flags.Silent:
 68 |             print(self.logger.B + "[-] Enumerating subdomains now for %s" % parsed_domain.netloc + self.logger.W)
 69 | 
 70 |         if self.scan_flags.Verbose and not self.scan_flags.Silent:
 71 |             print(self.logger.Y + "[-] verbosity is enabled, will show the subdomains results in realtime" + self.logger.W)
 72 | 
 73 | 
 74 |         chosenEnums = []
 75 | 
 76 |         if self.scan_flags.Engines is None:
 77 |             chosenEnums = Engines.supported_engines.values()
 78 |         else:
 79 |             engines = self.scan_flags.Engines.split(',')
 80 |             for engine in engines:
 81 |                 if engine.lower() in Engines.supported_engines:
 82 |                     chosenEnums.append(Engines.supported_engines[engine.lower()])
 83 | 
 84 |         # Start the engines enumeration
 85 |         enums = [enum(self.domain, [], q=subdomains_queue, silent=self.scan_flags.Silent, logger=self.logger) for enum in chosenEnums]
 86 |         for e in enums:
 87 |             e.run()
 88 |         for e in enums:
 89 |             e.join()
 90 | 
 91 |         subdomains = set(subdomains_queue)
 92 |         for subdomain in subdomains:
 93 |             search_list.add(subdomain)
 94 | 
 95 |         if self.scan_flags.BruteForce:
 96 |             if not self.scan_flags.Silent:
 97 |                 print(self.logger.G + "[-] Starting bruteforce module now using subbrute.." + self.logger.W)
 98 |             record_type = False
 99 |             path_to_file = os.path.dirname(os.path.realpath(__file__))
100 |             subs = os.path.join(path_to_file, 'subbrute', 'names.txt')
101 |             resolvers = os.path.join(path_to_file, 'subbrute', 'resolvers.txt')
102 |             process_count = self.scan_flags.ThreadCount
103 |             output = False
104 |             json_output = False
105 |             bruteforce_list = subbrute.print_target(parsed_domain.netloc, record_type, subs, resolvers, process_count,
106 |                                                     output, json_output, search_list, self.scan_flags.Verbose)
107 | 
108 |         subdomains = search_list.union(bruteforce_list)
109 | 
110 |         if subdomains:
111 |             subdomains = sorted(subdomains, key=Util.subdomain_sorting_key)
112 | 
113 |             if self.scan_flags.SaveFile:
114 |                 print("%s[-] Saving results to file: %s%s%s%s" % (self.logger. Y, self.logger.W, self.logger.R, self.scan_flags.SaveFile, self.logger.W))
115 |                 Util.write_file(self.scan_flags.SaveFile, subdomains)
116 | 
117 |             if not self.scan_flags.Silent:
118 |                 print(self.logger.Y + "[-] Total Unique Subdomains Found: %s" % len(subdomains) + self.logger.W)
119 | 
120 |             if self.scan_flags.TakeoverCheck:
121 |                 print(self.logger.G + "[-] Checking for subdomains pointing to unregistered services" + self.logger.W)
122 |                 for subdomain in subdomains:
123 |                     if self.scan_flags.Verbose:
124 |                         print(self.logger.G + "[-] Checking " + subdomain + self.logger.W)
125 | 
126 |                     services = Util.get_url_signatures("http://" + subdomain)
127 |                     if len(services) > 0:
128 |                         for service in services:
129 |                             print(
130 |                                 self.logger.Y + "[-] Found unregistered service \"" + service + "\" on subdomain " + subdomain + self.logger.W)
131 | 
132 |             if self.scan_flags.Ports:
133 |                 if not self.scan_flags.Silent:
134 |                     print(self.logger.G + "[-] Starting port scan for the following ports: %s%s" % (self.logger.Y, self.scan_flags.Ports) + self.logger.W)
135 |                 ports = self.scan_flags.Ports.split(',')
136 |                 pscan = PortScanner(subdomains, ports, self.logger)
137 |                 pscan.run()
138 | 
139 |             elif not self.scan_flags.Silent:
140 |                 for subdomain in subdomains:
141 |                     print(self.logger.G + subdomain + self.logger.W)
142 |         return subdomains
143 | 


--------------------------------------------------------------------------------
/util/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Plazmaz/Sublist3r/71fe2578032c3064a619f5dac6652f0c229c2c72/util/__init__.py


--------------------------------------------------------------------------------
/util/logger.py:
--------------------------------------------------------------------------------
 1 | import sys
 2 | 
 3 | 
 4 | class Logger:
 5 |     def __init__(self, is_windows, is_verbose):
 6 |         self.is_verbose = is_verbose
 7 |         self.is_windows = is_windows
 8 | 
 9 |         # Console Colors
10 |         if self.is_windows:
11 |             # Windows deserve coloring too :D
12 |             self.G = '\033[92m'  # green
13 |             self.Y = '\033[93m'  # yellow
14 |             self.B = '\033[94m'  # blue
15 |             self.R = '\033[91m'  # red
16 |             self.W = '\033[0m'  # white
17 |             try:
18 |                 import win_unicode_console, colorama
19 |                 win_unicode_console.enable()
20 |                 colorama.init()
21 |                 # Now the unicode will work ^_^
22 |             except:
23 |                 print("[!] Error: Coloring libraries not installed ,no coloring will be used [Check the readme]")
24 |                 G = Y = B = R = W = G = Y = B = R = W = ''
25 | 
26 | 
27 |         else:
28 |             self.G = '\033[92m'  # green
29 |             self.Y = '\033[93m'  # yellow
30 |             self.B = '\033[94m'  # blue
31 |             self.R = '\033[91m'  # red
32 |             self.W = '\033[0m'  # white
33 | 
34 |     def banner(self):
35 |         print("""%s
36 |                      ____        _     _ _     _   _____
37 |                     / ___| _   _| |__ | (_)___| |_|___ / _ __
38 |                     \___ \| | | | '_ \| | / __| __| |_ \| '__|
39 |                      ___) | |_| | |_) | | \__ \ |_ ___) | |
40 |                     |____/ \__,_|_.__/|_|_|___/\__|____/|_|%s%s
41 | 
42 |                     # Coded By Ahmed Aboul-Ela - @aboul3la
43 |                     # Rewritten by Dylan Katz  - @Plazmaz
44 |         """ % (self.R, self.W, self.Y))
45 | 


--------------------------------------------------------------------------------
/util/port_scanner.py:
--------------------------------------------------------------------------------
 1 | import socket
 2 | import threading
 3 | 
 4 | 
 5 | class PortScanner:
 6 |     def __init__(self, subdomains, ports, logger):
 7 |         self.logger = logger
 8 |         self.subdomains = subdomains
 9 |         self.ports = ports
10 |         self.threads = 20
11 |         self.lock = threading.BoundedSemaphore(value=self.threads)
12 | 
13 |     def port_scan(self, host, ports):
14 |         openports = []
15 |         self.lock.acquire()
16 |         for port in ports:
17 |             try:
18 |                 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
19 |                 s.settimeout(2)
20 |                 result = s.connect_ex((host, int(port)))
21 |                 if result == 0:
22 |                     openports.append(port)
23 |                 s.close()
24 |             except Exception:
25 |                 pass
26 |         self.lock.release()
27 |         if len(openports) > 0:
28 |             print("%s%s%s - %sFound open ports:%s %s%s%s" % (self.logger.G, host, self.logger.W, self.logger.R, self.logger.W,
29 |                                                              self.logger.Y, ', '.join(openports), self.logger.W))
30 | 
31 |     def run(self):
32 |         for subdomain in self.subdomains:
33 |             t = threading.Thread(target=self.port_scan, args=(subdomain, self.ports))
34 |             t.start()


--------------------------------------------------------------------------------
/util/util.py:
--------------------------------------------------------------------------------
 1 | import re
 2 | 
 3 | import requests
 4 | import sys
 5 | 
 6 | from .logger import Logger
 7 | 
 8 | 
 9 | class Util:
10 |     # Check if we are running this on windows platform
11 |     is_windows = sys.platform.startswith('win')
12 |     logger = Logger(is_windows, False)
13 | 
14 |     @classmethod
15 |     def get_logger(cls):
16 |         return cls.logger
17 | 
18 |     @staticmethod
19 |     def subdomain_sorting_key(hostname):
20 |         """Sorting key for subdomains
21 |     
22 |         This sorting key orders subdomains from the top-level domain at the right
23 |         reading left, then moving '^' and 'www' to the top of their group. For
24 |         example, the following list is sorted correctly:
25 |     
26 |         [
27 |             'example.com',
28 |             'www.example.com',
29 |             'a.example.com',
30 |             'www.a.example.com',
31 |             'b.a.example.com',
32 |             'b.example.com',
33 |             'example.net',
34 |             'www.example.net',
35 |             'a.example.net',
36 |         ]
37 |     
38 |         """
39 |         parts = hostname.split('.')[::-1]
40 |         if parts[-1] == 'www':
41 |             return parts[:-1], 1
42 |         return parts, 0
43 | 
44 |     @staticmethod
45 |     def write_file(filename, subdomains):
46 |         # saving subdomains results to output file
47 |         with open(str(filename), 'wt') as f:
48 |             for subdomain in subdomains:
49 |                 f.write(subdomain + "\r\n")
50 | 
51 |     @staticmethod
52 |     def get_url_signatures(url):
53 |         service_signatures = {
54 |             'Heroku': '<iframe src="//www.herokucdn.com/error-pages/no-such-app.html"></iframe>',
55 |             'GitHub Pages': '<p> If you\'re trying to publish one, <a href="https://help.github.com/pages/">read the full documentation</a> to learn how to set up <strong>GitHub Pages</strong> for your repository, organization, or user account. </p>',
56 |             'Squarespace': '<title>Squarespace - No Such Account</title>',
57 |             'Shopify': '<div id="shop-not-found"> <h1 class="tc">Sorry, this shop is currently unavailable.</h1> </div>',
58 |             'Zendesk': '<span class="title">Bummer. It looks like the help center that you are trying to reach no longer exists.</span>',
59 |             'GitLab': '<head> <title>The page you\'re looking for could not be found (404)</title> <style> body { color: #666; text-align: center; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; margin: 0; width: 800px; margin: auto; font-size: 14px; } h1 { font-size: 56px; line-height: 100px; font-weight: normal; color: #456; } h2 { font-size: 24px; color: #666; line-height: 1.5em; } h3 { color: #456; font-size: 20px; font-weight: normal; line-height: 28px; } hr { margin: 18px 0; border: 0; border-top: 1px solid #EEE; border-bottom: 1px solid white; } </style> </head>'
60 |         }
61 |         data = Util.get_url_data(url)
62 |         if data == 0:
63 |             return []
64 |         # Strip newlines
65 |         data = data.replace('\n', '').replace('\r', '')
66 |         data = re.sub("\s\s+", ' ', data)
67 |         results = []
68 |         for name in service_signatures:
69 |             if service_signatures[name] in data:
70 |                 results.append(name)
71 |         return results
72 | 
73 |     @staticmethod
74 |     def get_url_data(url, timeout=25):
75 |         headers = {
76 |             'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0',
77 |             'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
78 |             'Accept-Language': 'en-GB,en;q=0.5',
79 |             'Accept-Encoding': 'gzip, deflate',
80 |             'Connection': 'keep-alive',
81 |         }
82 |         try:
83 |             resp = requests.Session().get(url, headers=headers, timeout=timeout)
84 |         except Exception:
85 |             resp = None
86 |         if resp is None:
87 |             return 0
88 |         return resp.text if hasattr(resp, "text") else resp.content
89 | 


--------------------------------------------------------------------------------