-
Notifications
You must be signed in to change notification settings - Fork 16
/
fransRecon.py
156 lines (133 loc) · 5.55 KB
/
fransRecon.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# The script requires dig and need to be placed on same sublist3r folder.
# Enter the domain name as argument.
# Created by InitRoot (Frans Hendrik Botes)
#!/usr/bin/env python
import os
import sys
import subprocess
import json
import pprint
import re
import sys
import time
import pandas as pd
import requests
import argparse
import click
import json
import ssl
import sublist3r
###############################################################################
# CONFIGS #
###############################################################################
enumDomain = ""
finalDomains= []
completeDomains = []
###############################################################################
# INTRO #
###############################################################################
art = """
______ _____
| ____| | __ \
| |__ _ __ __ _ _ __ ___ | |__) | ___ ___ ___ _ __
| __|| '__|/ _` || '_ \ / __| | _ / / _ \ / __|/ _ \ | '_ \
| | | | | (_| || | | |\__ \ | | \ \| __/| (__| (_) || | | |
|_| |_| \__,_||_| |_||___/ |_| \_\\___| \___|\___/ |_| |_|
"""
def printArt():
print art
###############################################################################
# CLEANUP #
###############################################################################
#remove previous results files
def cleanupFiles():
if os.path.exists("horDoms.txt"):
os.remove("horDoms.txt")
if os.path.exists("finalDoms.txt"):
os.remove("finalDoms.txt")
if os.path.exists("vertDoms.txt"):
os.remove("vertDoms.txt")
###############################################################################
# VERTICAL ENUMERATION #
###############################################################################
def verticalEnum():
for domain in finalDomains:
print "Performing vertical enumeration for: " + domain + " using Sublist3r."
subdomains = sublist3r.main(domain, 40, 'vertDoms.txt',ports= None, silent=False, verbose= False, enable_bruteforce= False, engines=None)
time.sleep(30)
global completeDomains
for dom in subdomains:
completeDomains.append(dom)
print "Sublist3r done, port scan will start next."
print (completeDomains)
###############################################################################
# HORIZONTAL ENUMERATION #
###############################################################################
# Scrapes the viewdns site
def getdatafromViewDNS(searchQuery):
searchQuery = searchQuery.replace(" ", "+")
url = "https://viewdns.info/reversewhois/?q=" + searchQuery
print ("[*] Extracting from: " + url)
try:
result = pd.read_html(requests.get(url, headers={"User-Agent": "Mozilla/5.0"}).text)
response = result[3][0]
iter_url = iter(response)
return iter_url
# next(iter_url)
#for url in iter_url:
# print(url)
except Exception as e:
print("[!] Couldn't send query, error: {e} exiting...\n")
exit
# Will return the org name for any domain name.
def getOrganization(inputDomain):
enumDomain=inputDomain
whoisCMD = 'whois '+enumDomain+'| grep "Registrant Organization" | sed "s:Organization::" | grep -o -m 1 -P "(?<=: ).*"'
domainOrg=subprocess.Popen(whoisCMD, shell=True, stdout=subprocess.PIPE).stdout
domainOrg = domainOrg.read()
return domainOrg
# Main function to scrape other domain names based on the org and initial domain name.
# [1] We start by scraping the org for horizontal domains and add to array.
# [2] We scrape the inputDomain for horizontal domains and add to array.
# [3] The array list is then send to Amass for vertical enumeration.
def horizontalEnum():
#First set of enumeration only using the current domain name
global finalDomains
enumDomain=sys.argv[1]
finalDomains.append(sys.argv[1])
print "Fetching domain organisation for " + enumDomain + " using WHOIS."
enumOrg = getOrganization(enumDomain)
print "- WHOIS lookup done, performing horizontal enumeration for {if found}: " + enumOrg
#now we need to scrape other domains based on the organisation.
scrapedData = getdatafromViewDNS(enumOrg)
next(scrapedData)
for url in scrapedData:
finalDomains.append(url)
#now we need to scrape other domains based on the inputDomain.
time.sleep(20)
scrapedData = getdatafromViewDNS(enumDomain)
next(scrapedData)
for url in scrapedData:
finalDomains.append(url)
#HorizontalArrayBuilt enumuerating using Amass
print ("- All horizontal domains have been enumerated.")
with open('horDoms.txt','w') as f:
f.write( ','.join(finalDomains))
###############################################################################
# PORT ENUMERATION #
###############################################################################
###############################################################################
# MAIN PROGRAM #
###############################################################################
def main(arguments):
printArt()
cleanupFiles()
horizontalEnum()
verticalEnum()
if __name__ == '__main__':
if len(sys.argv) > 1:
sys.exit(main(sys.argv[1]))
else:
printArt()
print ("Please use domainname with e.g. fransRecon.py domainName")
exit