├── .github
    └── ISSUE_TEMPLATE
    │   ├── bug_report.md
    │   └── feature_request.md
├── LICENSE
├── README.md
├── SubDomainizer.py
└── requirements.txt


/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Bug report
 3 | about: Create a report to help us improve
 4 | labels: 
 5 | 
 6 | ---
 7 | 
 8 | **Describe the bug**
 9 | A clear and concise description of what the bug is.
10 | 
11 | **To Reproduce**
12 | Steps to reproduce the behavior:
13 | 1. Go to '...'
14 | 2. Click on '....'
15 | 3. Scroll down to '....'
16 | 4. See error
17 | 
18 | **Expected behavior**
19 | A clear and concise description of what you expected to happen.
20 | 
21 | **Screenshots**
22 | If applicable, add screenshots to help explain your problem.
23 | 
24 | **Desktop (please complete the following information):**
25 |  - OS: [e.g. iOS]
26 |  - Browser [e.g. chrome, safari]
27 |  - Version [e.g. 22]
28 | 
29 | **Smartphone (please complete the following information):**
30 |  - Device: [e.g. iPhone6]
31 |  - OS: [e.g. iOS8.1]
32 |  - Browser [e.g. stock browser, safari]
33 |  - Version [e.g. 22]
34 | 
35 | **Additional context**
36 | Add any other context about the problem here.
37 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Feature request
 3 | about: Suggest an idea for this project
 4 | labels: 
 5 | 
 6 | ---
 7 | 
 8 | **Is your feature request related to a problem? Please describe.**
 9 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
10 | 
11 | **Describe the solution you'd like**
12 | A clear and concise description of what you want to happen.
13 | 
14 | **Describe alternatives you've considered**
15 | A clear and concise description of any alternative solutions or features you've considered.
16 | 
17 | **Additional context**
18 | Add any other context or screenshots about the feature request here.
19 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2018 Neeraj Sonaniya
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | [![Python 3.x](https://img.shields.io/badge/python-%3E3.5-yellow.svg)](https://www.python.org/) 
  2 | [![Twitter](https://img.shields.io/badge/twitter-@neeraj_sonaniya-blue.svg)](https://twitter.com/neeraj_sonaniya)
  3 | 
  4 | ## Buy Me A [Coffee](https://www.buymeacoffee.com/neerajson)
  5 | 
  6 | ## SubDomainizer
  7 | 
  8 | SubDomainizer is a tool designed to find hidden subdomains and secrets present is either webpage, Github, and external javascripts present in the given URL.
  9 | This tool also finds S3 buckets, cloudfront URL's and more from those JS files which could be interesting like S3 bucket is open to read/write, or subdomain takeover and similar case for cloudfront.
 10 | It also scans inside given folder which contains your files.
 11 | 
 12 | ## Cloud Storage Services Supported:
 13 | SubDomainizer can find URL's for following cloud storage services:
 14 | ```
 15 | 1. Amazon AWS services (cloudfront and S3 buckets)
 16 | 2. Digitalocean spaces 
 17 | 3. Microsoft Azure 
 18 | 4. Google Cloud Services 
 19 | 5. Dreamhost 
 20 | 6. RackCDN. 
 21 | ```
 22 | ## Secret Key's Searching: (beta)
 23 | SubDomainizer will also find secrets present in content of the page and javascripts files.
 24 | Those secret finding depends on some specific keywords and *Shannon Entropy* formula.
 25 | It might be possible that some secrets which searched by tool will be false positive.
 26 | This secret key searching is in beta and later version might have increased accuracy for search results.
 27 | 
 28 | ## Screenshots:
 29 | 
 30 | ![SubDomainizer](https://i.imgur.com/x3XSamk.png)
 31 | 
 32 | ![Sub2.0](https://i.imgur.com/TvVKabs.png)
 33 | 
 34 | ## Installation Steps
 35 | 
 36 | 1. Clone SubDomainzer from git:
 37 | ```
 38 | git clone https://github.com/nsonaniya2010/SubDomainizer.git
 39 | ```
 40 | 2. Change the directory:
 41 | ```
 42 | cd SubDomainizer
 43 | ```
 44 | 
 45 | 3. Install the requirements:
 46 | 
 47 | ```
 48 | pip3 install -r requirements.txt
 49 | ```
 50 | 4. Enjoy the Tool.
 51 | 
 52 | ## Update to latest version:
 53 | 
 54 | Use following command to update to latest version:
 55 | 
 56 | ```
 57 | git pull
 58 | ```
 59 | 
 60 | ## Usage
 61 | 
 62 | Short Form    | Long Form     | Description
 63 | ------------- | ------------- |-------------
 64 | -u            | --url         | URL in which you want to find (sub)domains.
 65 | -l            | --listfile    | File which contain list of URL's needs to be scanned.
 66 | -o            | --output      | Output file name in which you need to save the results.
 67 | -c            | --cookie      | Cookies which needs to be sent with request.
 68 | -h            | --help        | show the help message and exit.
 69 | -cop          | --cloudop     | Give file name in which you need to store cloud services results.
 70 | -d            | --domains     | Give TLD (eg. for www.example.com you have to give example.com) to find subdomain for given TLD seperated by comma (no spaces b/w comma).
 71 | -g            | --gitscan     | Needed if you want to get things via Github too.
 72 | -gt           | --gittoken    | Github API token is needed, if want to scan (also needed -g also).
 73 | -gop	      | --gitsecretop | Saving secrets to a file found in github.
 74 | -k            | --nossl       | Use this to bypass the verification of SSL certificate.
 75 | -f            | --folder      | Root folder which contains files/folder.
 76 | -san          | --subject_alt_name    |  Find Subject Alternative Names for all found subdomains, Options: 'all', 'same'.
 77 | 
 78 | ## SAN options description:
 79 | * all - This option will find all domains and subdomains.
 80 | * same - This will only find subdomains for specific subdomains.
 81 | 
 82 | ## Examples
 83 | 
 84 | * To list help about the tool:
 85 | ```
 86 | python3 SubDomainizer.py -h
 87 | ```
 88 | * To find subdomains, s3 buckets, and cloudfront URL's for given single URL:
 89 | ```
 90 | python3 SubDomainizer.py -u http://www.example.com
 91 | ```
 92 | * To find subdomains from given list of URL (file given):
 93 | ```
 94 | python3 SubDomainizer.py -l list.txt
 95 | ```
 96 | 
 97 | * To save the results in (output.txt) file:
 98 | ```
 99 | python3 SubDomainizer.py -u https://www.example.com -o output.txt
100 | ```
101 | * To give cookies:
102 | ```
103 | python3 SubDomainizer.py -u https://www.example.com -c "test=1; test=2"
104 | ```
105 | * To scan via github:
106 | ```
107 | python3 SubDomainizer.py -u https://www.example.com -o output.txt -gt <github_token> -g 
108 | ```
109 | * No SSL Certificate Verification:
110 | ```
111 | python3 SubDomainizer.py -u https://www.example.com -o output.txt -gt <github_token> -g  -k
112 | ```
113 | * Folder Scanning:
114 | ```
115 | python3 SubDomainizer.py -f /path/to/root/folder/having/files/and/folders/  -d example.com  -gt <github_token> -g  -k
116 | ```
117 | * Subject Alternative Names:
118 | ```
119 | python3 SubDomainizer.py -u https://www.example -san all
120 | ```
121 | * Saving secrets to a file scan found in github:
122 | ```
123 | python3 SubDomainizer.py -u https://www.example.com -o output.txt -gt <github_token> -g -gop filename_to_save
124 | ```
125 | 
126 | 
127 | ## Difference in results (with cookies and without cookies on facebook.com):
128 | 
129 | Results before using facebook cookies in SubDomainizer:
130 | 
131 | ![BeforeCookies](https://i.imgur.com/v7igAId.png)
132 | 
133 | Results after using facebook cookies in SubDomainizer:
134 | 
135 | ![AfterCookies](https://i.imgur.com/QKY09mx.png)
136 | 
137 | 
138 | ## Changes:
139 | In the latest version (2.0) following important features are added:
140 | 1. Find Subject Alternative Names for the found subdomains.
141 | 2. Added where the secrets were found.
142 | 
143 | ## License
144 | This tools is licensed under the MIT license. take a look at the [LICENSE](https://github.com/nsonaniya2010/SubDomainizer/blob/master/LICENSE) for information about it.
145 | 
146 | ## Want to Help?
147 | Want to help if you like features and tools? or Liked this tool?
148 | [Help Here](https://paypal.me/BugsByNeeraj)
149 | 


--------------------------------------------------------------------------------
/SubDomainizer.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3
  2 | 
  3 | #######################################
  4 | #    Author: Neeraj Sonaniya          #
  5 | #    Twitter: neeraj_sonaniya         #
  6 | #    Linkedin: neerajsonaniya         #
  7 | #    Facebook: neeraj.sonaniya        #
  8 | #    Medium: neerajedwards            #
  9 | #    Email: nsonaniya2010@gmail.com   #
 10 | #######################################
 11 | 
 12 | 
 13 | import termcolor
 14 | import base64
 15 | import json
 16 | import argparse
 17 | from bs4 import BeautifulSoup
 18 | import requests
 19 | import re
 20 | import socket
 21 | import ssl
 22 | import htmlmin
 23 | from urllib.parse import *
 24 | import tldextract
 25 | import sys
 26 | from multiprocessing.dummy import Pool as ThreadPool
 27 | from itertools import repeat
 28 | from collections import Counter
 29 | from math import log2
 30 | import urllib3
 31 | import queue
 32 | import glob
 33 | import os
 34 | import time
 35 | import warnings
 36 | import colorama
 37 | colorama.init()
 38 | 
 39 | parse = argparse.ArgumentParser()
 40 | parse.add_argument('-c', '--cookie', help="Cookies which needs to be sent with request. User double quotes if have more than one.")
 41 | parse.add_argument('-cop', '--cloudop', help="Enter the file name in which you want to save results of cloud services finding.")
 42 | parse.add_argument('-sop', '--secretop', help="Enter the file name in which you want to save results of secrets found.")
 43 | parse.add_argument('-gop', '--gitsecretop', help="Enter the file name in which you want to save results of secrets found in github.") 
 44 | parse.add_argument('-d', '--domains', help="Enter the top-level-domain(s) seperated with comma (no spaces after comma) to extract all the subdomain of those domains")
 45 | parse.add_argument('-f', '--folder', help="Folder in which files needs to be scanned.")
 46 | parse.add_argument('-g', '--gitscan', help="Give this option if you wants to search for subdomain from github", action='store_true')
 47 | parse.add_argument('-gt', '--gittoken', help="Finding subdomains from github")
 48 | parse.add_argument('-k', '--nossl', help="Use it when SSL certiheadsficate is not verified.", action='store_true')
 49 | parse.add_argument('-l', '--listfile', help="List file which contain list of URLs to be scanned for subdomains")
 50 | parse.add_argument('-o', '--output', help="Enter the file name to which you want to save the results of subdomains found.")
 51 | parse.add_argument('-san', '--subject_alt_name', help="Get Subject Alternative Names, Options: 'all', 'same'")
 52 | parse.add_argument('-u', '--url', help="Enter the URL in which you want to find (sub)domains.")
 53 | 
 54 | args = parse.parse_args()
 55 | url = args.url
 56 | listfile = args.listfile
 57 | cloudop = args.cloudop
 58 | secretop = args.secretop
 59 | gitToken = args.gittoken
 60 | isGit = args.gitscan
 61 | isSSL = args.nossl
 62 | folderName = args.folder
 63 | is_san = args.subject_alt_name
 64 | githubsc_out = args.gitsecretop
 65 | 
 66 | jsLinkList = list()
 67 | jsname = list()
 68 | finalset = set()
 69 | new_final_dict = dict()
 70 | secret_dict = dict()
 71 | git_data = dict()
 72 | cloudurlset = set()
 73 | finallist = list()
 74 | github_secrets = set()
 75 | 
 76 | if args.cookie:
 77 |     heads = {"Cookie": args.cookie,
 78 |              "User-agent": "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/70.0"}
 79 | else:
 80 |     heads = {"User-agent": "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/70.0"}
 81 | 
 82 | 
 83 | def argerror(urls, listfile):
 84 |     """
 85 | 
 86 |     This function will get all the files path (including filename) recursively, given root folder.
 87 | 
 88 |     Parameters
 89 |     ----------
 90 |     urls : str
 91 |         URL to scan for information.
 92 |     listfile: str
 93 |         Path of file which contains urls seperated by newline.
 94 |     """
 95 |     if (urls is None and listfile is None) or (urls is not None and listfile is not None):
 96 |         print("Atmost one of -u/--url or -l/--listfile or -f/--folder argument is required. Exiting...")
 97 |         sys.exit(1)
 98 |     else:
 99 |         pass
100 | 
101 | 
102 | def gitArgError(gitToken, isGit):
103 |     """
104 | 
105 |     This function will check if both -g and -gt arguments were provided or not, required for GitHub scanning.
106 | 
107 |     Parameters
108 |     ----------
109 |     gitToken : str
110 |         Authtoken provided by github.
111 |     isGit : None
112 |         This argument will be used to tell the program to scan GitHub for information.
113 |     """
114 |     if (gitToken is None and isGit is not None) or (gitToken is not None and isGit is None):
115 |         print("Either both '-g' and '-gt' arguments are required or none required. Exiting...")
116 |         sys.exit(1)
117 |     else:
118 |         pass
119 | 
120 | 
121 | def getRecursiveFolderData(rootfolder):
122 |     """
123 | 
124 |     This function will get all the files path (including filename) recursively, given root folder.
125 | 
126 |     Parameters
127 |     ----------
128 |     rootfolder : str
129 |         Root folder in which all files are present.
130 | 
131 |     Returns
132 |     ----------
133 |     dict
134 |         dict of files path and their data.
135 |     int
136 |         total number of (only) files within the root folder.
137 |     """
138 |     folderData = dict()
139 |     for filename in glob.iglob(rootfolder + '**/**', recursive=True):
140 |         if os.path.isfile(filename):
141 |             with open(filename, 'r') as file:
142 |                 try:
143 |                     folderData[filename] = file.read()
144 |                 except UnicodeDecodeError:
145 |                     pass
146 |     return folderData, len(folderData)
147 | 
148 | 
149 | def getUrlsFromFile():
150 |     """
151 | 
152 |     Getting urls from file provided in input, file contains url seperated by newline.
153 | 
154 |     Returns
155 |     ---------
156 |     list
157 |         It returns list of urls from file.
158 |     """
159 |     with open(args.listfile, 'rt') as f:
160 |         urllst = f.readlines()
161 |     urllst = [x.strip() for x in urllst if x != '']
162 |     urllst = set(urllst)
163 |     return urllst
164 | 
165 | 
166 | class JsExtract:
167 |     """
168 |     This class contain the methods to get data from Internal (Inline) and External Javascript files (Present in <script> tag).
169 | 
170 |     Methods
171 |     -------
172 |     IntJsExtract(url, headers)
173 |         It will get the data from Inline JS present within the page.
174 |     -------
175 |     ExtJsExtract(url, headers)
176 |         It will get JS links present within source code of the page.
177 |     -------
178 |     SaveExtJsContent(js = JavascriptFileURL)
179 |         This module will get the data from JS URL provided and add data in master list (finallist).
180 |     """
181 | 
182 |     def IntJsExtract(self, url, heads):
183 |         """
184 | 
185 |         Parameters
186 |         ----------
187 |         url : str
188 |             URL of the page from which data needs to be extracted.
189 |             Note: This is the url of the page given as user input.
190 |         heads : dict
191 |             Headers needed to make request, given URL.
192 | 
193 |         Raises
194 |         ----------
195 |         UnicodeDecodeError
196 |             Raise an error if the endcoding found in the page is unkown.
197 |         """
198 | 
199 |         if url.startswith('http://') or url.startswith('https://'):
200 |             if isSSL:
201 |                 req = requests.get(url, headers=heads, verify=False, timeout=(20, 20))
202 |             else:
203 |                 req = requests.get(url, headers=heads, timeout=(20, 20))
204 |         else:
205 |             if isSSL:
206 |                 req = requests.get('http://' + url, headers=heads, verify=False, timeout=(20, 20))
207 |             else:
208 |                 req = requests.get('http://' + url, headers=heads, timeout=(20, 20))
209 | 
210 |         print(termcolor.colored("Searching for Inline Javascripts...", color='yellow', attrs=['bold']))
211 | 
212 |         try:
213 |             html = unquote(req.content.decode('unicode-escape'))
214 |             minhtml = htmlmin.minify(html, remove_empty_space=True)
215 |             minhtml = minhtml.replace('\n', '')
216 |             finallist.append(minhtml)
217 |             new_final_dict["Inline"] = minhtml
218 |             print(termcolor.colored("Successfully got all the Inline Scripts.", color='blue', attrs=['bold']))
219 |         except UnicodeDecodeError:
220 |             try:
221 |                 html = str(req.content)
222 |                 new_final_dict["Inline"] = unquote(html)
223 |             except:
224 |                 print("Error, Exiting...")
225 |                 sys.exit(1)
226 | 
227 |     def ExtJsExtract(self, url, heads):
228 |         """
229 | 
230 |         Parameters
231 |         ----------
232 |         url : str
233 |             URL of the page from which data needs to be extracted.
234 |             Note: This is the url of the page given as user input.
235 |         heads : dict
236 |             Headers needed to make request, given URL.
237 | 
238 |         Raises
239 |         ----------
240 |         UnicodeDecodeError
241 |             Raise an error if the endcoding found in the page is unkown.
242 |         """
243 |         # domain = urlparse(url).netloc
244 | 
245 |         print(termcolor.colored(
246 |             "Searching for External Javascript links in page...", color='yellow', attrs=['bold']))
247 |         if url.startswith('http://') or url.startswith('https://'):
248 |             if isSSL:
249 |                 req = requests.get(url, headers=heads, verify=False, timeout=(20,20))
250 |             else:
251 |                 req = requests.get(url, headers=heads, timeout=(20, 20))
252 |         else:
253 |             if isSSL:
254 |                 req = requests.get('http://' + url, headers=heads, verify=False, timeout=(20, 20))
255 |             else:
256 |                 req = requests.get('http://' + url, headers=heads, timeout=(20, 20))
257 |         try:
258 |             if 'text/html' in req.headers.get('content-type', 'None'):
259 |                 html = unquote(req.content.decode('unicode-escape'))
260 |                 soup = BeautifulSoup(html, features='html.parser')
261 | 
262 |                 for link in soup.find_all('script'):
263 |                     if link.get('src'):
264 |                         text = urljoin(url, link.get('src'))
265 |                         jsLinkList.append(text)
266 |                 print(termcolor.colored("Successfully got all the external js links.", color='blue', attrs=['bold']))
267 |         except UnicodeDecodeError:
268 |             print("Decoding error.")
269 | 
270 |     def SaveExtJsContent(self, js):
271 |         """
272 | 
273 |         Parameters
274 |         ----------
275 |         js : str
276 |             Link to the URL of external Javascript file.
277 |         """
278 |         try:
279 |             if isSSL:
280 |                 content = unquote(requests.get(js, verify=False, headers=heads, timeout=(20, 20)).content.decode('utf-8'))
281 |                 finallist.append(content)
282 |                 new_final_dict[str(js)] = content
283 |             else:
284 |                 content = unquote(requests.get(js, headers=heads, timeout=(20, 20)).content.decode('utf-8'))
285 |                 finallist.append(content)
286 |                 new_final_dict[str(js)] = content
287 |         except:
288 |             pass
289 | 
290 | 
291 | def logo():
292 |     """
293 | 
294 |     Prints the logo
295 | 
296 |     Returns
297 |     ---------
298 |     str
299 |         Return the logo string.
300 |     """
301 |     return r"""
302 |       _____       _     _____                        _       _              
303 |      / ____|     | |   |  __ \                      (_)     (_)             
304 |     | (___  _   _| |__ | |  | | ___  _ __ ___   __ _ _ _ __  _ _______ _ __ 
305 |      \___ \| | | | '_ \| |  | |/ _ \| '_ ` _ \ / _` | | '_ \| |_  / _ \ '__|
306 |      ____) | |_| | |_) | |__| | (_) | | | | | | (_| | | | | | |/ /  __/ |   
307 |     |_____/ \__,_|_.__/|_____/ \___/|_| |_| |_|\__,_|_|_| |_|_/___\___|_|Version 2.1                                                                                                                                       
308 | Find interesting Subdomains and secrets hidden in page, folder, External Javascripts and GitHub 
309 | """
310 | 
311 | 
312 | def entropy(s):
313 |     """
314 | 
315 |     This function find the entropy given the string given by the formula:
316 |     https://www.reddit.com/r/dailyprogrammer/comments/4fc896/20160418_challenge_263_easy_calculating_shannon/
317 | 
318 |     Parameters
319 |     -------
320 |     s: str
321 |         String of which we have to find shannon entropy
322 | 
323 |     Returns
324 |     --------
325 |     int
326 |         integer which will represent the randomness of the string, higher value will be high randomness.
327 |     """
328 |     return -sum(i / len(s) * log2(i / len(s)) for i in Counter(s).values())
329 | 
330 | 
331 | def getDomain(url):
332 |     """
333 | 
334 |     This function will get top level domain from given URL.
335 | 
336 |     Parameters
337 |     -------
338 |     url: str
339 |         Original URL provided in the argument.
340 | 
341 |     Returns
342 |     --------
343 |     str
344 |         top level domain will be returned.
345 |     """
346 |     if urlparse(url).netloc != '':
347 |         finalset.add(urlparse(url).netloc)
348 |     ext = tldextract.extract(str(url))
349 |     return ext.registered_domain
350 | 
351 | 
352 | def tldExt(name):
353 |     return tldextract.extract(name).registered_domain
354 | 
355 | 
356 | def tldSorting(subdomainList):
357 |     """
358 | 
359 |     This function will sort all the items within the list in dictionary order.
360 | 
361 |     Parameters
362 |     -------
363 |     subdomainList: list
364 |         List of subdomains found from content.
365 | 
366 |     Returns
367 |     --------
368 |     list
369 |         a list of subdomains.
370 |     """
371 | 
372 |     localsortedlist = list()
373 |     finallist = list()
374 |     for item in subdomainList:
375 |         Reverseddomain = ".".join(str(item).split('.')[::-1])
376 |         localsortedlist.append(Reverseddomain)
377 | 
378 |     sortedlist = sorted(localsortedlist)
379 | 
380 |     for item in sortedlist:
381 |         reReverseddomain = ".".join(str(item).split('.')[::-1])
382 |         finallist.append(reReverseddomain)
383 | 
384 |     return finallist
385 | 
386 | 
387 | def pre_compiled_secret_regex():
388 |     """
389 | 
390 |     This function will create list of precompiled regex object to find secret (high entropy strings) within the content.
391 | 
392 |     Returns
393 |     --------
394 |     list
395 |         a list of precompiled regex objects.
396 |     """
397 |     seclst = set(['secret', 'secret[_-]?key', 'token', 'secret[_-]?token', 'password',
398 |               'aws[_-]?access[_-]?key[_-]?id', 'aws[_-]?secret[_-]?access[_-]?key', 'auth[-_]?token', 'access[-_]?token',
399 |               'auth[-_]?key', 'client[-_]?secret', 'email','access[-_]?key',
400 |               'id_dsa', 'encryption[-_]?key', 'passwd', 'authorization', 'bearer', 'GITHUB[_-]?TOKEN',
401 |               'api[_-]?key', 'api[-_]?secret', 'client[_-]?key', 'client[_-]?id', 'ssh[-_]?key',
402 |               'ssh[-_]?key', 'irc_pass', 'xoxa-2', 'xoxr', 'private[_-]?key', 'consumer[_-]?key', 'consumer[_-]?secret', 
403 |               'SLACK_BOT_TOKEN', 'api[-_]?token', 'session[_-]?token', 'session[_-]?key',
404 |               'session[_-]?secret', 'slack[_-]?token'])
405 |     equal = ['=', ':', '=>', '=:', '==']
406 | 
407 |     blacklist_secrets = set(['proptypes.', 'process.', 'this.', 'config.', 'key.'])
408 |     regex = r'(["\']?[\\w\-]*(?:' + '|'.join(seclst) + ')[\\w\\-]*[\\s]*["\']?[\\s]*(?:' + '|'.join(
409 |         equal) + ')[\\s]*["\']?((?!.*'+ '|'.join(blacklist_secrets) +'.*)[\\w\\-/~!@#$%^*+.]+=*)["\']?)'
410 | 
411 |     return re.compile(regex, re.MULTILINE | re.IGNORECASE)
412 | 
413 | 
414 | def pre_compiled_cloud_regex():
415 |     """
416 | 
417 |     This will create list of precompiled regex object to find cloud URLs within the content.
418 | 
419 |     Returns
420 |     --------
421 |     list
422 |         a list of precompiled regex objects.
423 |     """
424 |     cfreg = re.compile(r'([\w]+\.cloudfront\.net)', re.MULTILINE | re.IGNORECASE)
425 |     gbureg = re.compile(r'([\w\-.]+\.appspot\.com)', re.MULTILINE | re.IGNORECASE)
426 |     s3bucketreg = re.compile(r'(s3[\w\-.]*\.?amazonaws\.com/?[\w\-.]+)', re.MULTILINE | re.IGNORECASE)
427 |     s3bucketreg2 = re.compile(r'([\w\-]+.s3[\w\-.]*\.?amazonaws\.com/?)', re.MULTILINE | re.IGNORECASE)
428 |     doreg = re.compile(r'([\w\-.]*\.?digitaloceanspaces\.com/?[\w\-.]*)', re.MULTILINE | re.IGNORECASE)
429 |     gsreg1 = re.compile(r'(storage\.cloud\.google\.com/[\w\-.]+)', re.MULTILINE | re.IGNORECASE)
430 |     gsreg2 = re.compile(r'([\w\-.]*\.?storage.googleapis.com/?[\w\-.]*)', re.MULTILINE | re.IGNORECASE)
431 |     gsreg3 = re.compile(r'([\w\-.]*\.?storage-download.googleapis.com/?[\w\-.]*)', re.MULTILINE | re.IGNORECASE)
432 |     gsreg4 = re.compile(r'([\w\-.]*\.?content-storage-upload.googleapis.com/?[\w\-.]*)', re.MULTILINE | re.IGNORECASE)
433 |     gsreg5 = re.compile(r'([\w\-.]*\.?content-storage-download.googleapis.com/?[\w\-.]*)', re.MULTILINE | re.IGNORECASE)
434 |     azureg1 = re.compile(r'([\w\-.]*\.?1drv\.com/?[\w\-.]*)', re.MULTILINE | re.IGNORECASE)
435 |     azureg2 = re.compile(r'(onedrive.live.com/[\w.\-]+)', re.MULTILINE | re.IGNORECASE)
436 |     azureg3 = re.compile(r'([\w\-.]*\.?blob\.core\.windows\.net/?[\w\-.]*)', re.MULTILINE | re.IGNORECASE)
437 |     rackcdnreg = re.compile(r'([\w\-.]*\.?rackcdn.com/?[\w\-.]*)', re.MULTILINE | re.IGNORECASE)
438 |     dreamhostreg1 = re.compile(r'([\w\-.]*\.?objects\.cdn\.dream\.io/?[\w\-.]*)', re.MULTILINE | re.IGNORECASE)
439 |     dreamhostreg2 = re.compile(r'([\w\-.]*\.?objects-us-west-1.dream.io/?[\w\-.]*)', re.MULTILINE | re.IGNORECASE)
440 |     firebase = re.compile(r'([\w\-.]+\.firebaseio\.com)', re.MULTILINE | re.IGNORECASE)
441 | 
442 |     cloudlist = [cfreg, s3bucketreg, doreg, gsreg1, gsreg2, gsreg3, gsreg4, gsreg5,
443 |                  azureg1, azureg2, azureg3, rackcdnreg, dreamhostreg1, dreamhostreg2, firebase, gbureg, s3bucketreg2]
444 | 
445 |     return cloudlist
446 | 
447 | 
448 | def pre_compiled_domain_regex(url):
449 |     """
450 | 
451 |     Precompiled regex to get domain from the URL.
452 | 
453 |     Parameters
454 |     --------
455 |     url: str
456 |         Original URL from user provided input (URL argument).
457 |     """
458 |     regex = re.compile(r'([a-zA-Z0-9][a-zA-Z0-9\-.]*[a-zA-Z0-9]\.' + str(getDomain(str(url))) + ')', re.IGNORECASE)
459 |     return regex
460 | 
461 | 
462 | def pre_compiled_ip_regex():
463 |     """
464 | 
465 |     Precompiled regex to find IP version 4 address from the content.
466 | 
467 |     Returns
468 |     ---------
469 |     object
470 |         Regex compiled object
471 |     """
472 |     ipv4reg = re.compile(r"""(([2][5][0-5]\\\\.)|([2][0-4][0-9]\\\\.)|([0-1]?[0-9]?[0-9]\\\\.)){3}"""
473 |                          + """(([2][5][0-5])|([2][0-4][0-9])|([0-1]?[0-9]?[0-9]))""")
474 |     return ipv4reg
475 | 
476 | 
477 | def get_info_from_data(item_url, item_values, cloudlist, p, regex, ipv4reg, url, precompiled_domains_regex):
478 |     """
479 | 
480 |     This function is used to call other functions to find secrets, cloud URLs etc.
481 | 
482 |     Parameters
483 |     --------
484 |     file: list
485 |         List contains all the content from different source to find secrets, cloud URLs etc.
486 |     cloudlist: object
487 |         Precompiled regex object to find cloud URLs.
488 |     p: object
489 |         Precompiled regex object to find secret (high entropy strings) from content in the list.
490 |     regex: object
491 |         Precompiled regex object to find subdomains for a given domain.
492 |     ipv4reg: object
493 |         Precompiled regex object to find IP version 4 addresses within content.
494 |     url: str
495 |         Original URL from user provided input (URL argument).
496 |     """
497 |     item_values = str(item_values).replace('\n', ' ')
498 | 
499 |     # cloud services
500 |     for x in cloudlist:
501 |         for item in x.findall(str(item_values)):
502 |             cloudurlset.add(item)
503 | 
504 |     matches = p.finditer(str(item_values))
505 |     for _, match in enumerate(matches):
506 |         if entropy(match.group(2)) > 3:
507 |             if item_url in secret_dict:
508 |                 secret_dict[item_url].append(str(match.group()))
509 |                 if githubsc_out and item_url.startswith("https://github.com"):
510 |                     github_secrets.add(str(match.group())) # adding github secrets explicitly to save in file
511 |             else:
512 |                 secret_dict[item_url] = [str(match.group())]
513 |                 if githubsc_out and item_url.startswith("https://github.com"):
514 |                     github_secrets.add(str(match.group())) # adding github secrets explicitly
515 | 
516 |     # for subdomains
517 |     for subdomain in regex.findall(str(item_values)):
518 |         finalset.add(subdomain.lower())
519 | 
520 |     # given custom domains regex
521 |     if precompiled_domains_regex:
522 |         for subdomain in precompiled_domains_regex.findall(str(item_values)):
523 |             finalset.add(subdomain)
524 | 
525 | def custom_domains_regex(domains):
526 |     _domains = ''
527 |     prefix = '[a-zA-Z0-9][0-9a-zA-Z\-.]*\.'
528 |     for domain in domains.split(','):
529 |         _domains += prefix + domain + '|'
530 |     domainreg = re.compile(r'(' + _domains[:-1] + ')', re.IGNORECASE)
531 |     return domainreg
532 | 
533 | def getUrlsFromData(gitToken, domain):
534 |     """
535 | 
536 |     This function will get URLs which contains data related to domain from GitHub API.
537 | 
538 |     Parameters
539 |     ----------
540 |     gitToken: str
541 |         AuthToken provided GitHub.
542 |     domain: str
543 |         Domain from the url provided in argument by user.
544 | 
545 |     Returns
546 |     ----------
547 |     list
548 |         list of urls from github.
549 |     """
550 | 
551 |     datas = list()
552 |     contentApiURLs = set()
553 | 
554 |     headers = {"Authorization": "token " + gitToken}
555 |     datas.append(requests.get(
556 |         'https://api.github.com/search/code?q="'+ domain +'"&per_page=100&sort=indexed',
557 |         verify=False, headers=headers, timeout=(20, 20)).content.decode('utf-8'))
558 |     datas.append(requests.get(
559 |         'https://api.github.com/search/code?q="' + domain +'"&per_page=100',
560 |         verify=False, headers=headers, timeout=(20, 20)).content.decode('utf-8'))
561 | 
562 |     for data in datas:
563 |         data = json.loads(data)
564 |         if 'items' in data:
565 |             for item in data['items']:
566 |                 for key, value in item.items():
567 |                     if key == 'url':
568 |                         contentApiURLs.add(value)
569 | 
570 |     return contentApiURLs
571 | 
572 | 
573 | def get_github_data(item):
574 |     """
575 | 
576 |     This function will get data for a given GitHub URL.
577 | 
578 |     Parameters
579 |     ----------
580 |     item: str
581 |         URL pointing to github data related to the given domain.
582 | 
583 |     """
584 |     headers = {"Authorization": "token " + gitToken}
585 | 
586 |     try:
587 |         apiUrlContent = requests.get(
588 |             item, verify=False, timeout=(20, 20), headers=headers).content.decode('utf-8')
589 |         jsonData = json.loads(apiUrlContent)
590 |         _data = base64.b64decode(jsonData['content'])
591 |         _data = unquote(unquote(str(_data, 'utf-8')))
592 |         final_data = str(_data.replace('\n', ' '))
593 |         git_data[jsonData.get('html_url').split("?ref=")[0]] = final_data
594 | 
595 |     except (requests.ConnectionError, requests.exceptions.ReadTimeout):
596 |         pass
597 | 
598 | 
599 | def subextractor(cloudlist, p, regex, ipv4reg, url, precompiled_domains_regex):
600 |     """
601 | 
602 |     This function is used to call other functions to find secrets, cloud URLs etc.
603 | 
604 |     Parameters
605 |     --------
606 |     cloudlist: object
607 |         Precompiled regex object to find cloud URLs.
608 |     p: object
609 |         Precompiled regex object to find secret (high entropy strings) from content in the list.
610 |     regex: object
611 |         Precompiled regex object to find subdomains for a given domain.
612 |     ipv4reg: object
613 |         Precompiled regex object to find IP version 4 addresses within content.
614 |     url: str
615 |         Original URL from user provided input (URL argument).
616 |     """
617 |     jsfile = JsExtract()
618 |     jsfile.IntJsExtract(url, heads)
619 |     jsfile.ExtJsExtract(url, heads)
620 |     jsthread = ThreadPool(8)
621 |     jsthread.map(jsfile.SaveExtJsContent, jsLinkList)
622 |     jsthread.close()
623 |     jsthread.join()
624 |     print(termcolor.colored("Finding secrets, cloud URLs, subdomains in all Javascript files...",
625 |                             color='yellow',
626 |                             attrs=['bold']))
627 |     threads = ThreadPool(8)
628 |     threads.starmap(get_info_from_data,
629 |                     zip(new_final_dict.keys(), new_final_dict.values(), repeat(cloudlist), repeat(p), repeat(regex),
630 |                         repeat(ipv4reg), repeat(url), repeat(precompiled_domains_regex)))
631 |     threads.close()
632 |     threads.join()
633 |     print(termcolor.colored("Searching completed...", color='blue', attrs=['bold']))
634 |     finallist.clear()
635 | 
636 | 
637 | def savedata():
638 |     """
639 | 
640 |     This function will put data in output file if given.
641 | 
642 |     """
643 | 
644 |     print(termcolor.colored(
645 |         "\nWriting all the subdomains to given file...\n", color='yellow', attrs=['bold']))
646 |     with open(args.output, 'w+') as f:
647 |         for item in tldSorting(finalset):
648 |             f.write(item + '\n')
649 |     print(termcolor.colored("\nWriting Done..\n", color='yellow', attrs=['bold']))
650 | 
651 | 
652 | def savecloudresults():
653 |     """
654 |     This function will save cloud URL's data into the given file.
655 |     """
656 |     with open(cloudop, 'w+') as f:
657 |         for item in cloudurlset:
658 |             f.write(item + '\n')
659 | 
660 | def savesecretsresults():
661 |     """
662 |     This function will save secret data into the given file.
663 |     """
664 |     with open(secretop, 'w+') as f:
665 |         for location, secretlst in secret_dict.items():
666 |             for secret in secretlst:
667 |                 f.write(secret + ' | ' + location + '\n')
668 | 
669 | def save_github_secrets():
670 |     with open(githubsc_out, 'w+') as f:
671 |         for secret in github_secrets:
672 |             f.write(secret + '\n')
673 | 
674 | def printlogo():
675 |     """
676 |     Print the logo returned by logo() function.
677 | 
678 |     Returns
679 |     ---------
680 |     object
681 |         Termcolor object to print colored logo on CLI screen.
682 |     """
683 |     return termcolor.colored(logo(), color='red', attrs=['bold'])
684 | 
685 | 
686 | if __name__ == "__main__":
687 | 
688 |     domainSet = set()
689 |     compiledRegexCloud = pre_compiled_cloud_regex()
690 |     compiledRegexSecretList = pre_compiled_secret_regex()
691 |     compiledRegexIP = pre_compiled_ip_regex()
692 | 
693 |     if args.domains:
694 |         precompiled_domains_regex = custom_domains_regex(args.domains)
695 |     else:
696 |         precompiled_domains_regex = None
697 | 
698 |     try:
699 |         print(printlogo())
700 | 
701 |         # disable unicode-escape for string - deprecation warning.
702 |         warnings.filterwarnings("ignore", category=DeprecationWarning)
703 | 
704 |         # disable insecure ssl warning.
705 |         if isSSL:
706 |             print(termcolor.colored("Disabled SSL Certificate Checking...", color='green', attrs=['bold']))
707 | 
708 |         urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
709 | 
710 |         # checking if only folder needs to be scanned.
711 |         if folderName and not url and not listfile:
712 | 
713 |             # if isGit:
714 |             #     gitArgError(gitToken, isGit)
715 | 
716 |             print(termcolor.colored("Getting data from folder recursively...", color='yellow',
717 |                                     attrs=['bold']))
718 |             if not os.path.isfile(folderName):
719 |                 folderData, totalLength = getRecursiveFolderData(folderName)
720 |             else:
721 |                 folderData = dict()
722 |                 totalLength = 1
723 |                 file_name = folderName
724 |                 with open(file_name, 'rt', errors='ignore') as file:
725 |                     try:
726 |                         folderData[file_name] = file.read()
727 |                     except UnicodeDecodeError:
728 |                         pass
729 | 
730 |             print(termcolor.colored(
731 |                 "\nTotal files to scan: " + str(totalLength) + '\n', color='red', attrs=['bold']))
732 | 
733 |             time.sleep(0.5)
734 |             print(termcolor.colored("Finding secrets in files, Please wait...", color='blue',
735 |                                     attrs=['bold']))
736 |             for path, data in folderData.items():
737 | 
738 |                 for cloud in compiledRegexCloud:
739 |                     for item in cloud.findall(str(data.replace('\n', ' '))):
740 |                         cloudurlset.add(item)
741 | 
742 |                 matches = compiledRegexSecretList.finditer(
743 |                     str(data.replace('\n', ' ')))
744 |                 for matchNum, match in enumerate(matches):
745 |                     if entropy(match.group(2)) > 3:
746 |                         _path = os.path.normpath(os.path.join(os.getcwd(), path))
747 |                         if _path in secret_dict:
748 |                             secret_dict[_path].append(str(match.group()))
749 |                         else:
750 |                             secret_dict[_path] = [str(match.group())]
751 | 
752 |                 if precompiled_domains_regex:
753 |                     for subdomain in precompiled_domains_regex.findall(str(data.replace('\n', ' '))):
754 |                         finalset.add(subdomain)
755 |         
756 |         else:
757 |             argerror(url, listfile)
758 |             if isGit:
759 |                 gitArgError(gitToken, isGit)
760 |             if listfile:
761 |                 urllist = getUrlsFromFile()
762 |                 if urllist:
763 |                     for i in urllist:
764 |                         compiledRegexDomain = pre_compiled_domain_regex(i)
765 |                         domainSet.add(str(getDomain(str(i))))
766 |                         print(termcolor.colored("Extracting data from internal and external js for url:", color='blue', attrs=['bold']))
767 |                         print(termcolor.colored(i, color='red', attrs=['bold']))
768 |                         try:
769 |                             try:
770 |                                 subextractor(compiledRegexCloud, compiledRegexSecretList, compiledRegexDomain,
771 |                                              compiledRegexIP, i, precompiled_domains_regex)
772 |                             except requests.exceptions.ConnectionError:
773 |                                 print('An error occured while fetching URL, Might be URL is wrong, Please check!')
774 |                         except requests.exceptions.InvalidSchema:
775 |                             print("Invalid Schema Provided!")
776 |                             pass
777 |                         
778 |                         new_final_dict.clear() #clear data of dict as we check new url after this.
779 |                         
780 |             else:
781 |                 try:
782 |                     try:
783 |                         compiledRegexDomain = pre_compiled_domain_regex(url)
784 |                         domainSet.add(str(getDomain(str(url))))
785 |                         subextractor(compiledRegexCloud, compiledRegexSecretList,
786 |                                      compiledRegexDomain, compiledRegexIP, url, precompiled_domains_regex)
787 |                     except requests.exceptions.ConnectionError:
788 |                         print(
789 |                             termcolor.colored(
790 |                                 'An error occured while fetching URL, one or more of following are possibilities:'
791 |                                 '\n1. Might be server is down.\n2. SSL certificate issue.\n3. Domain does not exist. '
792 |                                 '\nPlease check properly or try \'-k\' option, to disable SSL certificate '
793 |                                 'verification.',
794 |                                 color='yellow', attrs=['bold']))
795 |                         sys.exit(1)
796 |                 except requests.exceptions.InvalidSchema:
797 |                     print("Invalid Schema Provided!")
798 |                     sys.exit(1)
799 | 
800 |             if gitToken and isGit:
801 |                 for item in domainSet:
802 |                     compiledRegexDomain = pre_compiled_domain_regex(item)
803 |                     print(
804 |                         termcolor.colored('Finding Subdomains and secrets from Github..Please wait...', color='yellow',
805 |                                           attrs=['bold']))
806 |                     print(termcolor.colored(
807 |                         'Searching in github for : ' + termcolor.colored(item, color='green', attrs=['bold']), color='blue', attrs=['bold']))
808 | 
809 |                     gitThread = ThreadPool(8)
810 |                     contentApiURLs = getUrlsFromData(gitToken, str(item))
811 |                     gitThread.map(get_github_data, contentApiURLs)
812 |                     gitContentThread = ThreadPool(8)
813 |                     try:
814 |                         gitContentThread.starmap(get_info_from_data,
815 |                                                  zip(git_data.keys(), git_data.values(), repeat(compiledRegexCloud),
816 |                                                      repeat(compiledRegexSecretList),
817 |                                                      repeat(compiledRegexDomain), repeat(compiledRegexIP),
818 |                                                      repeat(item), repeat(custom_domains_regex)))
819 |                     except:
820 |                         pass
821 |                     print(termcolor.colored('Completed finding from github...', color='blue', attrs=['bold']))
822 | 
823 | 
824 |     except KeyboardInterrupt:
825 |         print(termcolor.colored("\nKeyboard Interrupt. Exiting...\n", color='red', attrs=['bold']))
826 |         sys.exit(1)
827 |     except FileNotFoundError:
828 |         print(termcolor.colored("\nFile Not found, Please check filename. Exiting...\n", color='yellow', attrs=['bold']))
829 |         sys.exit(1)
830 | 
831 |     print(termcolor.colored("Got all the important, printing and/or saving...\n", color='blue', attrs=['bold']))
832 |     print(termcolor.colored('_' * 22 + 'Start of Results' + '_' * 22, color='white', attrs=['bold']))
833 | 
834 |     if args.output:
835 |         savedata()
836 | 
837 |     if cloudop:
838 |         print(
839 |             termcolor.colored("\nWriting all the cloud services URL's to given file...", color='yellow', attrs=['bold']))
840 |         savecloudresults()
841 |         print(
842 |             termcolor.colored("Written cloud services URL's in file: ", color='red', attrs=['bold']) + cloudop)
843 | 
844 |     if secretop:
845 |         print(termcolor.colored("\nWriting all the secrets to given file...", color='yellow', attrs=['bold']))
846 |         savesecretsresults()
847 |         print(termcolor.colored("Written secrets in file: ", color='red', attrs=['bold']) + secretop)
848 |     
849 |     print(termcolor.colored('_' * 60, color='white', attrs=['bold']))
850 | 
851 | 
852 |     if finalset:
853 |         print(termcolor.colored("\nGot some subdomains...", color='yellow', attrs=['bold']))
854 |         print(termcolor.colored('Total Subdomains: ' + str(len(finalset)), color='red', attrs=['bold']))
855 |         for item in tldSorting(finalset):
856 |             print(termcolor.colored(item, color='green', attrs=['bold']))
857 | 
858 |     if cloudurlset:
859 |         print(termcolor.colored('_' * 60, color='white', attrs=['bold']))
860 |         print(termcolor.colored("\nSome cloud services urls are found...", color='yellow', attrs=['bold']))
861 |         print(termcolor.colored('Total Cloud URLs: ' + str(len(cloudurlset)), color='red', attrs=['bold']))
862 |         for item in cloudurlset:
863 |             print(termcolor.colored(item, color='green', attrs=['bold']))
864 | 
865 |     if secret_dict:
866 |         print(termcolor.colored('_' * 60, color='white', attrs=['bold']))
867 |         print(termcolor.colored("\nFound some secrets(might be false positive)...", color='yellow', attrs=['bold']))
868 |                                 
869 |         print(termcolor.colored('Total Possible Secrets: ' +
870 |                                 str(sum(len(sec_lst) for sec_lst in secret_dict.values())), color='red', attrs=['bold']))
871 |         for file_url, secrets in secret_dict.items():
872 |             for secret in set(secrets):
873 |                 print(termcolor.colored(secret, color='green', attrs=['bold']),
874 |                       termcolor.colored("| " + file_url, color='yellow', attrs=['bold']))
875 |     
876 |     if isGit and github_secrets:
877 |         print(termcolor.colored('_' * 60, color='white', attrs=['bold']))
878 |         print(termcolor.colored("\nWriting github secrets to the given file...", color='yellow', attrs=['bold']))
879 |         try:
880 |             save_github_secrets()
881 |             print(termcolor.colored("\nSaved", color='red', attrs=['bold']))
882 |         except:
883 |             print(termcolor.colored("\nError in saving the github secrets file...", color='red', attrs=['bold']))
884 | 
885 |     if is_san in ("same", "all") and url and not folderName:
886 |         print(termcolor.colored('_' * 60, color='white', attrs=['bold']))
887 |         print(termcolor.colored("\nFinding additional subdomains using Subject Alternative Names(SANs)...\n", color='yellow', attrs=['bold']))
888 |         nothing_found_flag = True
889 |         context = ssl.create_default_context()
890 |         context.check_hostname = False
891 | 
892 |         socket.setdefaulttimeout(5)
893 | 
894 |         q = queue.Queue()
895 |         printed = set()
896 |         completed = set()
897 | 
898 |         finalset.add(tldExt(url))
899 | 
900 |         for host in finalset:
901 |             tld = getDomain(host)
902 |             q.put(host)
903 |             while not q.empty():
904 |                 try:
905 |                     hostname = q.get()
906 |                     if is_san == "same":
907 |                         if hostname not in printed and hostname not in finalset and hostname.endswith(tld):
908 |                             print(termcolor.colored(hostname, color='green', attrs=['bold']))
909 |                             nothing_found_flag = False
910 |                             printed.add(hostname)
911 |                     elif is_san == "all":
912 |                         if hostname not in printed and hostname not in finalset:
913 |                             print(termcolor.colored(hostname, color='green', attrs=['bold']))
914 |                             nothing_found_flag = False
915 |                             printed.add(hostname)
916 | 
917 |                     if hostname not in completed:
918 |                         completed.add(hostname)
919 |                         with socket.create_connection((hostname, 443)) as sock:
920 |                             with context.wrap_socket(sock, server_hostname=hostname, ) as ssock:
921 |                                 for (k, v) in ssock.getpeercert()['subjectAltName']:
922 |                                     if v not in q.queue and v.startswith("*.") and v.lstrip('*.') not in finalset:
923 |                                         q.put(v.lstrip('*.'))
924 |                                     elif v not in q.queue and v not in finalset:
925 |                                         q.put(v.lstrip('*.'))
926 |                 except (socket.gaierror, socket.timeout, ssl.SSLCertVerificationError, ConnectionRefusedError,
927 |                         ssl.SSLError, OSError):
928 |                     pass
929 |                 except KeyboardInterrupt:
930 |                     print(termcolor.colored("\nKeyboard Interrupt. Exiting...\n", color='red', attrs=['bold']))
931 |                     sys.exit(1)
932 | 
933 |         if nothing_found_flag:
934 |             print(termcolor.colored("No SANs found.", color='green', attrs=['bold']))
935 | 
936 |     print(termcolor.colored('\n' + '_' * 23 + 'End of Results' + '_' * 23 + '\n', color='white', attrs=['bold']))
937 | 


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | termcolor==1.1.0
2 | argparse==1.4.0
3 | beautifulsoup4==4.6.3
4 | requests==2.21.0
5 | htmlmin==0.1.12
6 | tldextract==2.2.0
7 | colorama==0.4.4
8 | cffi


--------------------------------------------------------------------------------