├── README.md
├── example.gif
└── subvenkon.py


/README.md:
--------------------------------------------------------------------------------
 1 | # Subvenkon
 2 | 
 3 | Subvenkon is a subdomain enumerator which gathers information from [Venkon](https://www.venkon.us/subdomain-lister/). Venkon mostly is a web interface where the user has to provide the domain and venkon will give the user the results of the subdomains available through its web interface. Subvenkon makes this easier due to its usage straight from the terminal without the need of a browser. Also, I ommited the tool banner when the tool is working so it's easier to pipe the results in different scenarios. 
 4 | 
 5 | # Usage
 6 | 
 7 | Subvenkon will enumerate the domain in the same way as [Venkon](https://www.venkon.us/subdomain-lister/) does its job. Once the domain is provided Subvenkon will print the available subdomains and will create a file with the name of the target so the user can pipe it, or just save the results.  
 8 | 
 9 | For the sake of this example, I will be using a domain from a public program from Hackerone which is [AT&T](https://hackerone.com/att).
10 | 
11 | ```python subvenkon.py -d sky.com.mx```
12 | 
13 | 
14 | ![Drag Racing](example.gif)
15 | 
16 | 
17 | 


--------------------------------------------------------------------------------
/example.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/caffeinedoom/Subvenkon/2f31602b46bc5ca22e4957193b0e08a15707dcaf/example.gif


--------------------------------------------------------------------------------
/subvenkon.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | import base64
 5 | import os
 6 | import sys
 7 | import getopt
 8 | import requests
 9 | import re
10 | import subprocess
11 | 
12 | target = ''
13 | output = ''
14 | 
15 | def usage():
16 |     print ""
17 |     print "┌─┐┬ ┬┌┐ ┬  ┬┌─┐┌┐┌┬┌─┌─┐┌┐┌"
18 |     print "└─┐│ │├┴┐└┐┌┘├┤ │││├┴┐│ ││││ By: Sam Paredes(CoffeeJunkie)"
19 |     print "└─┘└─┘└─┘ └┘ └─┘┘└┘┴ ┴└─┘┘└┘ Twitter: @coffeejunkiee_"
20 |     print ""
21 |     print "Usage: subvenkon.py -d redacted.com"
22 |     print "-h --help                           - Help"
23 |     print "-d --domain                         - Domain to gather subdomains"
24 |     print "Example:"
25 |     print "subvenkon.py -d redacted.com"
26 |     sys.exit(0)
27 | 
28 | def run_scan(scan, stderr=None):
29 |     return subprocess.check_output(scan, shell=True, stderr=stderr, universal_newlines=True)
30 | 
31 | def main():
32 |     global target
33 |     global output
34 |     
35 |     if not len(sys.argv[1:]):
36 |         print usage()
37 |     
38 |     try:
39 |         opts, args = getopt.getopt(sys.argv[1:],"h:d:",["help","domain"])
40 |     except getopt.GetoptError as err:
41 |             print str(err)
42 |             usage()
43 |     
44 |     for o,a in opts:
45 |         if o in ("-h", "--help"):
46 |             usage()
47 |         elif o in ("-d", "--domain"):
48 |             target   = a   
49 |         else:
50 |             assert False, usage()
51 | main()    
52 | 
53 | 
54 | def input_work():
55 | 
56 |     global target
57 | 
58 |     if not len(target):
59 |         print ""
60 |         print "Something wrong has happened."
61 |         print "Please type 'python subvenkon.py -h' for more options."
62 |     elif target is not None:
63 |         encoder =  base64.b64encode(bytes(target))
64 |         url = "https://cloud.venkon.us/subdomain-lister-process/%s/dGVzdEB0ZXN0LmNvbQ=="%(encoder)
65 |         r = requests.get(url)
66 |         if "Done scan subdomains" in r.text:
67 |             text = r.text
68 |             start = text.find('loadJson("') + 10
69 |             end = text.find('");', start)
70 |             found = text[start:end]
71 |             url2 = "https://cloud.venkon.us/subdomain-lister-report/%s"%(found)
72 |             r2 = requests.get(url2)
73 |             text2 = r2.text
74 |             grep = "echo '%s' | grep '%s' | tr -d '                                    '"%(text2, target)
75 |             run_scan(grep)
76 |             grep2 = '''echo "%s"|  awk '{gsub("tr", "");print}' |  awk '{gsub("td", "");print}' |  awk '{gsub("h3", "");print}' |  awk '{gsub("<>", "");print}' |  awk '{gsub("</>", "");print}' |  awk '{gsub("<divclass=", "");print}' | awk '{gsub("TargetDomain:&nbsp;<songclass=", "");print}' |  awk '{gsub("</div>", "");print}'  | awk '{gsub("</song>", "");print}' |  awk '{gsub(">", "");print}' |  awk '{gsub("info-2-data", "");print}' |  awk '{gsub("target-host", "");print}' | tr -d '"'| awk '{gsub("&lt;BR&gt;", "\\n");print}' |  uniq  | tee -a %s-subvenkon.txt''' % (run_scan(grep),target)
77 |             print run_scan(grep2)
78 |         else:
79 |             print "\nDid you type the correct domain? Try again!"
80 | input_work()


--------------------------------------------------------------------------------