diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index dbf8d93..47893d5 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -5,7 +5,7 @@ on: branches: master env: - VERSION: v1.1.9-dev + VERSION: v1.2.0-dev jobs: build: diff --git a/CHANGELOG.md b/CHANGELOG.md index 20a9df6..cdc7cc7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -108,3 +108,15 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) ## [1.1.9] - 2020-10-13 - Update - Added Feature Sending notifications to a slack channel + +## [1.2.0] - 2020=12-14 + - Update + - Fixed and update regular expresion shodan to crawling subdomain + - Added Engine/Resources + - DNSDB - OK + - Spyse - Ok + - RiskIQ/PassiveTotal - Ok + - Facebook Cert Transparency - Ok + - Remove Entrust Sources (Not accessible) anymore + - Findsubdomains replace to Spyse + diff --git a/engine/Censys.my b/engine/Censys.my index 632ce74..7fbcbac 100644 --- a/engine/Censys.my +++ b/engine/Censys.my @@ -14,7 +14,7 @@ CENSYS(){ local _CENSYS="lib/censys/censys_subdomain_finder.py" if [[ ! -z "$CENSYS_API" ]] && [[ ! -z "$CENSYS_SECRET" ]] ;then echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}Censys${RESET}${DPADDING}\t\t[${GREEN} ✔ ${RESET}]" - MAKEFILE=$(python ${_CENSYS} --censys-api-id ${CENSYS_API} --censys-api-secret ${CENSYS_SECRET} ${DOMAIN}> ${OUT_CENSYS}) + MAKEFILE=$(python3 ${_CENSYS} --censys-api-id ${CENSYS_API} --censys-api-secret ${CENSYS_SECRET} ${DOMAIN}> ${OUT_CENSYS}) else echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}Censys${RESET}${DPADDING}\t\t[${RED} ✕ ${RESET}]" fi diff --git a/engine/DNSDB.my b/engine/DNSDB.my new file mode 100644 index 0000000..aecde0d --- /dev/null +++ b/engine/DNSDB.my @@ -0,0 +1,25 @@ +#-Metadata----------------------------------------------------# +# Filename: Sudomy - Subdomain Enumeration & Analysis # +#-Author(s)---------------------------------------------------# +# Edo maland ~ @screetsec # +#-Info--------------------------------------------------------# +# This file is part of Sudomy project # +# Engine DNSDB : Update = 2020-05-08 # +#-Licence-----------------------------------------------------# +# MIT License ~ http://opensource.org/licenses/MIT # +#-------------------------------------------------------------# + +DNSDB(){ +## Using API Key + +#local URL_DNSDB="https://api.dnsdb.info/" ## Using API DNSDB + if [[ ! -z "${DNSDB_API}" ]];then + echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}DNSDB${RESET}${DPADDING}\t\t[${GREEN} ✔ ${RESET}]" + MAKEFILE=$(curl -gs -H "Accept: application/json" -H "X-API-Key: ${DNSDB_API}" "https://api.dnsdb.info/lookup/rrset/name/*.${DOMAIN}?limit=1000000000" | jq --raw-output -r .rrname? | sed -e 's/\.$//' | sort -u > ${OUT_DNSDB}) + #for i in $(cat ${TMP_SHODAN});do echo ${i}.${DOMAIN} >> ${OUT_SHODAN}; done ; rm -r ${TMP_SHODAN} + else + echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}DNSDB${RESET}${DPADDING}\t\t[${RED} ✕ ${RESET}]" + + fi +} + diff --git a/engine/Entrust.my b/engine/Entrust.my index d9be476..821f98b 100644 --- a/engine/Entrust.my +++ b/engine/Entrust.my @@ -9,14 +9,14 @@ # MIT License ~ http://opensource.org/licenses/MIT # #-------------------------------------------------------------# -ENTRUST(){ -local URL_ENTRUST="https://ctsearch.entrust.com/api/v1/certificates?fields=subjectDN&domain=" +#ENTRUST(){ +#local URL_ENTRUST="https://ctsearch.entrust.com/api/v1/certificates?fields=subjectDN&domain=" #echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}Entrust${RESET}${DPADDING}\t\t[${GREEN} ✔ ${RESET}]" - local STATUS_ENTRUST=$(curl --write-out %{http_code} --silent --output /dev/null "https://ctsearch.entrust.com/api/v1/certificates?fields=subjectDN&domain=${DOMAIN}") - if [[ ${STATUS_ENTRUST} == 403 ]]; then - echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}Entrust${RESET}${DPADDING}\t\t[${RED} ✕ ${RESET}]" - else - - curl --silent --request GET --url "${URL_ENTRUST}${DOMAIN}&includeExpired=false&exactMatch=false&limit=5000" | jq --raw-output -r '.[].subjectDN' | sed 's/,.*//' | sed 's/\*\.//g' | sed 's/cn=//g' | sort -u > ${OUT_ENTRUST} - fi +# local STATUS_ENTRUST=$(curl --write-out %{http_code} --silent --output /dev/null "https://ctsearch.entrust.com/api/v1/certificates?fields=subjectDN&domain=${DOMAIN}") +# if [[ ${STATUS_ENTRUST} == 403 ]]; then +# echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}Entrust${RESET}${DPADDING}\t\t[${RED} ✕ ${RESET}]" +# else +# +# curl --silent --request GET --url "${URL_ENTRUST}${DOMAIN}&includeExpired=false&exactMatch=false&limit=5000" | jq --raw-output -r '.[].subjectDN' | sed 's/,.*//' | sed 's/\*\.//g' | sed 's/cn=//g' | sort -u > ${OUT_ENTRUST} +# fi } diff --git a/engine/FBCert.my b/engine/FBCert.my new file mode 100644 index 0000000..31b0f23 --- /dev/null +++ b/engine/FBCert.my @@ -0,0 +1,24 @@ +#-Metadata----------------------------------------------------# +# Filename: Sudomy - Subdomain Enumeration & Analysis # +#-Author(s)---------------------------------------------------# +# Edo maland ~ @screetsec # +#-Info--------------------------------------------------------# +# This file is part of Sudomy project # +# Engine FB Cert : Update = 2020-12-14 # +#-Licence-----------------------------------------------------# +# MIT License ~ http://opensource.org/licenses/MIT # +#-------------------------------------------------------------# + +FBCERT(){ +## Using API Key + +local URL_FB="https://graph.facebook.com/certificates" ## Using API + if [[ ! -z "${FACEBOOK_TOKEN}" ]];then + echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}FBcert${RESET}${DPADDING}\t\t[${GREEN} ✔ ${RESET}]" + MAKEFILE=$(curl -s -X GET "${URL_FB}?query=${DOMAIN}&fields=domains&limit=10000&access_token=${FACEBOOK_TOKEN}" | jq --raw-output -r .data[].domains[]? | grep ${DOMAIN} | sed 's/\*\.//g' | sort -u > ${OUT_FBCERT}) + else + echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}FBcert${RESET}${DPADDING}\t\t[${RED} ✕ ${RESET}]" + + fi +} + diff --git a/engine/RiskIQ.my b/engine/RiskIQ.my new file mode 100644 index 0000000..088df65 --- /dev/null +++ b/engine/RiskIQ.my @@ -0,0 +1,24 @@ +#-Metadata----------------------------------------------------# +# Filename: Sudomy - Subdomain Enumeration & Analysis # +#-Author(s)---------------------------------------------------# +# Edo maland ~ @screetsec # +#-Info--------------------------------------------------------# +# This file is part of Sudomy project # +# Engine RISKIQ : Update = 2020-12-14 # +#-Licence-----------------------------------------------------# +# MIT License ~ http://opensource.org/licenses/MIT # +#-------------------------------------------------------------# + +RISKIQ(){ +## Using API Key + +local URL_RISKIQ="https://api.passivetotal.org/v2/enrichment/subdomains" ## Using API + if [[ ! -z "${PASSIVE_API}" ]];then + echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}RiskIQ${RESET}${DPADDING}\t\t[${GREEN} ✔ ${RESET}]" + MAKEFILE=$(curl --silent -u "${PASSIVE_API}" "${URL_RISKIQ}?query=${DOMAIN}" | jq --raw-output -r .subdomains[]? | sort -u > ${TMP_RISKIQ}) + for i in $(cat ${TMP_RISKIQ});do echo ${i}.${DOMAIN} >> ${OUT_RISKIQ}; done ; rm -r ${TMP_RISKIQ} + else + echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}RiskIQ${RESET}${DPADDING}\t\t[${RED} ✕ ${RESET}]" + + fi +} diff --git a/engine/Shodan.my b/engine/Shodan.my index 725127c..d5da41a 100644 --- a/engine/Shodan.my +++ b/engine/Shodan.my @@ -11,10 +11,12 @@ SHODAN(){ ## Using API Key -local URL_SHODAN="https://api.shodan.io/shodan/host/search?key=" ## Using API Shodan + +#local URL_SHODAN="https://api.shodan.io/shodan/host/search?key=" ## Using API Shodan if [[ ! -z "$SHODAN_API" ]];then echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}Shodan${RESET}${DPADDING}\t\t[${GREEN} ✔ ${RESET}]" - MAKEFILE=$(curl --silent --request GET --url "${URL_SHODAN}${SHODAN_API}&query=hostname:${DOMAIN}" | jq --raw-output -r '.matches[] |.hostnames[]' | sort -u > ${OUT_SHODAN}) + MAKEFILE=$(curl --silent --request GET --url "https://api.shodan.io/dns/domain/${DOMAIN}?key=${SHODAN_API}" | jq --raw-output -r .subdomains[]? | egrep -iv "_dmarc" > ${TMP_SHODAN}) + for i in $(cat ${TMP_SHODAN});do echo ${i}.${DOMAIN} >> ${OUT_SHODAN}; done ; rm -r ${TMP_SHODAN} else echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}Shodan${RESET}${DPADDING}\t\t[${RED} ✕ ${RESET}]" diff --git a/engine/Spyse.my b/engine/Spyse.my new file mode 100644 index 0000000..3550e9e --- /dev/null +++ b/engine/Spyse.my @@ -0,0 +1,25 @@ +#-Metadata----------------------------------------------------# +# Filename: Sudomy - Subdomain Enumeration & Analysis # +#-Author(s)---------------------------------------------------# +# Edo maland ~ @screetsec # +#-Info--------------------------------------------------------# +# This file is part of Sudomy project # +# Engine Spyse : Update = 2020-12-14 # +#-Licence-----------------------------------------------------# +# MIT License ~ http://opensource.org/licenses/MIT # +#-------------------------------------------------------------# + +SPYSE(){ +## Using API Key + +local URL_SPYSE="https://api.spyse.com/v3/data/domain/subdomain" ## Using API + if [[ ! -z "${SPYSE_API}" ]];then + echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}Spyse${RESET}${DPADDING}\t\t[${GREEN} ✔ ${RESET}]" + MAKEFILE=$(curl -s -X GET "${URL_SPYSE}?domain=${DOMAIN}&limit=100" -H "accept: application/json" -H "Authorization: Bearer ${SPYSE_API}" | jq --raw-output -r '.data.items[].name?' | sort -u > ${OUT_SPYSE}) + #for i in $(cat ${TMP_SHODAN});do echo ${i}.${DOMAIN} >> ${OUT_SHODAN}; done ; rm -r ${TMP_SHODAN} + else + echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}Spyse${RESET}${DPADDING}\t\t[${RED} ✕ ${RESET}]" + + fi +} + diff --git a/lib/censys/__pycache__/cli.cpython-38.pyc b/lib/censys/__pycache__/cli.cpython-38.pyc new file mode 100644 index 0000000..f961e41 Binary files /dev/null and b/lib/censys/__pycache__/cli.cpython-38.pyc differ diff --git a/lib/censys/censys_subdomain_finder.py b/lib/censys/censys_subdomain_finder.py index 9310445..bca8519 100644 --- a/lib/censys/censys_subdomain_finder.py +++ b/lib/censys/censys_subdomain_finder.py @@ -38,7 +38,7 @@ def filter_subdomains(domain, subdomains): # Prints the list of found subdomains to stdout def print_subdomains(domain, subdomains, time_ellapsed): - if len(subdomains) is 0: + if len(subdomains) == 0: print('[-] Did not find any subdomain') return @@ -49,7 +49,7 @@ def print_subdomains(domain, subdomains, time_ellapsed): # Saves the list of found subdomains to an output file def save_subdomains_to_file(subdomains, output_file): - if output_file is None or len(subdomains) is 0: + if output_file is None or len(subdomains) == 0: return try: diff --git a/lib/censys/cli.pyc b/lib/censys/cli.pyc index 676ec94..3ea98df 100644 Binary files a/lib/censys/cli.pyc and b/lib/censys/cli.pyc differ diff --git a/sudomy b/sudomy index 1341270..849d0b8 100755 --- a/sudomy +++ b/sudomy @@ -1,6 +1,6 @@ #!/usr/bin/env bash #-Metadata----------------------------------------------------# -# Filename: sudomy (v1.1.9) (Update: 2020-10-13) # +# Filename: sudomy (v1.2.0) (Update: 2020-12-09) # #-Info--------------------------------------------------------# # Fast Subdomain Enumeration & Analysis. # #-Author(s)---------------------------------------------------# @@ -20,12 +20,12 @@ ### Variable Name and Version APPNAME="sud⍥my.sh" -VERSION="1.1.9#dev" +VERSION="1.2.0#dev" ### Calling Source source sudomy.api -source sudomy.conf source slack.conf +source sudomy.conf #### Command calling goBanner(){ @@ -96,27 +96,29 @@ goBanner; echo -e "${PADDING}${BOLD} ${RESET} --no-probe\t Do not perform httprobe " echo -e "${PADDING}${BOLD} ${RESET} --html${DPADDING} Make report output into HTML " echo -e "\n${BOLD}Sources:${RESET}" - echo -e "${PADDING}${YELLOW}+${RESET} Shodan${DPADDING} http://developer.shodan.io/billing/" - echo -e "${PADDING}${YELLOW}+${RESET} VirusTotal${PADDING}\t https://www.virustotal.com/vtapi/v2/domain/" - echo -e "${PADDING}${YELLOW}+${RESET} Censys${DPADDING} http://censys.io/" + echo -e "${PADDING}${YELLOW}+${RESET} Shodan${DPADDING} http://developer.shodan.io" + echo -e "${PADDING}${YELLOW}+${RESET} VirusTotal${PADDING}\t https://www.virustotal.com" + echo -e "${PADDING}${YELLOW}+${RESET} Censys${DPADDING} http://censys.io" echo -e "${PADDING}${YELLOW}+${RESET} Certspotter${DPADDING} https://api.certspotter.com" - echo -e "${PADDING}${YELLOW}+${RESET} BinaryEdge${DPADDING} https://docs.binaryedge.io/api-v2/" - echo -e "${PADDING}${YELLOW}+${RESET} Hackertarget${PADDING}\t https://api.hackertarget.com/" + echo -e "${PADDING}${YELLOW}+${RESET} BinaryEdge${DPADDING} https://docs.binaryedge.io/" + echo -e "${PADDING}${YELLOW}+${RESET} Hackertarget${PADDING}\t https://api.hackertarget.com" echo -e "${PADDING}${YELLOW}+${RESET} Threatminer${DPADDING} https://api.threatminer.org" - echo -e "${PADDING}${YELLOW}+${RESET} CrtSH${DPADDING} https://crt.sh/" - echo -e "${PADDING}${YELLOW}+${RESET} DnsDB${DPADDING} https://www.dnsdb.info/" + echo -e "${PADDING}${YELLOW}+${RESET} CrtSH${DPADDING} https://crt.sh" + echo -e "${PADDING}${YELLOW}+${RESET} DnsDB${DPADDING} https://www.dnsdb.info" echo -e "${PADDING}${YELLOW}+${RESET} BufferOver${DPADDING} http://dns.bufferover.run" - echo -e "${PADDING}${YELLOW}+${RESET} Findsubdomains\t http://findsubdomains.com/" - echo -e "${PADDING}${YELLOW}+${RESET} Threatcrowd${DPADDING} http://threatcrowd.org/" - echo -e "${PADDING}${YELLOW}+${RESET} Dnsdumpster${DPADDING} https://dnsdumpster.com/" - echo -e "${PADDING}${YELLOW}+${RESET} Riddler${DPADDING} http://riddler.io/" - echo -e "${PADDING}${YELLOW}+${RESET} Entrust${DPADDING} https://ctsearch.entrust.com/" - echo -e "${PADDING}${YELLOW}+${RESET} Webarchive${DPADDING} http://web.archive.org/" - echo -e "${PADDING}${YELLOW}+${RESET} SecurityTrails\t http://securitytrails.com/" - echo -e "${PADDING}${YELLOW}+${RESET} RapidDNS${DPADDING} https://rapiddns.io/" - echo -e "${PADDING}${YELLOW}+${RESET} AlienVault${DPADDING} https://otx.alienvault.com/" - echo -e "${PADDING}${YELLOW}+${RESET} CommonCrawl${DPADDING} http://index.commoncrawl.org/" - echo -e "${PADDING}${YELLOW}+${RESET} URLScan${DPADDING} https://urlscan.io/\n" + echo -e "${PADDING}${YELLOW}+${RESET} Sypse${DPADDING} https://spyse.com" + echo -e "${PADDING}${YELLOW}+${RESET} Threatcrowd${DPADDING} http://threatcrowd.org" + echo -e "${PADDING}${YELLOW}+${RESET} Dnsdumpster${DPADDING} https://dnsdumpster.com" + echo -e "${PADDING}${YELLOW}+${RESET} Riddler${DPADDING} http://riddler.io" + echo -e "${PADDING}${YELLOW}+${RESET} Webarchive${DPADDING} http://web.archive.org" + echo -e "${PADDING}${YELLOW}+${RESET} SecurityTrails\t http://securitytrails.com" + echo -e "${PADDING}${YELLOW}+${RESET} RapidDNS${DPADDING} https://rapiddns.io" + echo -e "${PADDING}${YELLOW}+${RESET} AlienVault${DPADDING} https://otx.alienvault.com" + echo -e "${PADDING}${YELLOW}+${RESET} CommonCrawl${DPADDING} http://index.commoncrawl.org" + echo -e "${PADDING}${YELLOW}+${RESET} FBcert${DPADDING} https://graph.facebook.com" + echo -e "${PADDING}${YELLOW}+${RESET} URLScan${DPADDING} https://urlscan.io" + echo -e "${PADDING}${YELLOW}+${RESET} RiskIQ${DPADDING} https://community.riskiq.com\n" + } @@ -355,6 +357,8 @@ DATE_LOG=$(date +%m-%d-%Y) ## Calling Engine (Third Party-Sites) Total 18 ## Selecting the good third-party sites, the enumeration process can be optimized +# source ${Engine_Entrust} // (not accessible) anymore + source ${Engine_Shodan} source ${Engine_VirusTotal} source ${Engine_Censys} @@ -363,18 +367,20 @@ source ${Engine_BinaryEdge} source ${Engine_Hackertarget} source ${Engine_Threatminer} source ${Engine_CrtSH} -source ${Engine_Findsubdomains} +source ${Engine_Spyse} source ${Engine_BufferOver} source ${Engine_Threatcrowd} source ${Engine_Dnsdumpster} source ${Engine_Riddler} -source ${Engine_Entrust} source ${Engine_Webarchive} source ${Engine_SecurityTrails} source ${Engine_RapidDNS} source ${Engine_AlienVault} source ${Engine_CommonCrawl} source ${Engine_UrlScan} +source ${Engine_DNSDB} +source ${Engine_RiskIQ} +source ${Engine_FBCert} # Timestamp current_date_time=$(date "+%Y-%m-%d %H:%M:%S") @@ -515,20 +521,13 @@ done } [[ ${entrust} == true ]] && { - ENTRUST + #ENTRUST if [[ -f ${OUT_ENTRUST} ]];then COUNT=$(cat ${OUT_ENTRUST} | sort -u | wc -l ) #echo -e "\t${BLUE}-${RESET}${RESET} Subdomain total: ${COUNT}\n" fi } - [[ ${findsubdomain} == true ]] && { - FINDSUBDOMAIN - if [[ -f ${OUT_FINDSUBDOMAIN} ]];then - COUNT=$(cat ${OUT_FINDSUBDOMAIN} | sort -u | wc -l ) - #echo -e "\t${BLUE}-${RESET}${RESET} Subdomain total: ${COUNT}\n" - fi - } [[ ${threatcrowd} == true ]] && { THREATCROWD @@ -614,8 +613,44 @@ done } + [[ ${dnsdb} == true ]] && { + DNSDB + if [[ -f ${OUT_DNSDB} ]];then + COUNT=$(cat ${OUT_DNSDB} | sort -u | wc -l ) + #echo -e "\t${BLUE}-${RESET}${RESET} Subdomain total: ${COUNT}\n" + fi + } + + [[ ${spyse} == true ]] && { + SPYSE + if [[ -f ${OUT_SPYSE} ]];then + COUNT=$(cat ${OUT_SPYSE} | sort -u | wc -l ) + #echo -e "\t${BLUE}-${RESET}${RESET} Subdomain total: ${COUNT}\n" + fi + } + + + [[ ${riskiq} == true ]] && { + RISKIQ + if [[ -f ${OUT_RISKIQ} ]];then + COUNT=$(cat ${OUT_RISKIQ} | sort -u | wc -l ) + #echo -e "\t${BLUE}-${RESET}${RESET} Subdomain total: ${COUNT}\n" + fi + } + + [[ ${fbcert} == true ]] && { + FBCERT + if [[ -f ${OUT_FBCERT} ]];then + COUNT=$(cat ${OUT_FBCERT} | sort -u | wc -l ) + #echo -e "\t${BLUE}-${RESET}${RESET} Subdomain total: ${COUNT}\n" + fi + } + + + + elif [[ ${SOURCE} == false ]] ; then - args_source=(SHODAN WEBARCHIVE DNSDUMPSTER VIRUSTOTAL CERTSPOTTER CERTSH BINARYEDGE SECURITY_TRAILS CENSYS THREATMINER BUFFEROVER HACKERTARGET ENTRUST FINDSUBDOMAIN THREATCROWD RIDDLER RAPIDDNS ALIENVAULT COMMONCRAWL URLSCAN) + args_source=(SHODAN WEBARCHIVE DNSDUMPSTER VIRUSTOTAL CERTSPOTTER CERTSH BINARYEDGE SECURITY_TRAILS CENSYS THREATMINER BUFFEROVER HACKERTARGET SPYSE THREATCROWD RIDDLER RAPIDDNS ALIENVAULT COMMONCRAWL URLSCAN DNSDB RISKIQ FBCERT) for i in "${!args_source[@]}"; do "${args_source[i]}" & done @@ -642,14 +677,7 @@ if [[ ${verbose} == true ]] ; then echo -e "\t - $VERBOSE" done fi - if [[ -f ${OUT_FINDSUBDOMAIN} ]] ; then - COUNT=$(cat ${OUT_FINDSUBDOMAIN} | sort -u | wc -l ) - echo -e "\n${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}Findsubdomain${RESET}${DPADDING}\t[${GREEN}${COUNT}${RESET}]" - cat ${OUT_FINDSUBDOMAIN} \ - | while read VERBOSE; do - echo -e "\t - $VERBOSE" - done - fi + if [[ -f ${OUT_VIRUSTOTAL} ]] ; then COUNT=$(cat ${OUT_VIRUSTOTAL} | sort -u | wc -l ) echo -e "\n${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}Virustotal${RESET}${DPADDING}\t\t[${GREEN}${COUNT}${RESET}]" @@ -706,10 +734,10 @@ if [[ ${verbose} == true ]] ; then echo -e "\t - $VERBOSE" done fi - if [[ -f ${OUT_FINDSUBDOMAIN} ]] ; then - COUNT=$(cat ${OUT_FINDSUBDOMAIN} | sort -u | wc -l ) - echo -e "\n${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}Findsubdomain${RESET}${DPADDING}\t[${GREEN}${COUNT}${RESET}]" - cat ${OUT_FINDSUBDOMAIN} \ + if [[ -f ${OUT_SPYSE} ]] ; then + COUNT=$(cat ${OUT_SPYSE} | sort -u | wc -l ) + echo -e "\n${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}Spyse${RESET}${DPADDING}\t\t[${GREEN}${COUNT}${RESET}]" + cat ${OUT_SPYSE} \ | while read VERBOSE; do echo -e "\t - $VERBOSE" done @@ -800,6 +828,44 @@ if [[ ${verbose} == true ]] ; then done fi + if [[ -f ${OUT_DNSDB} ]] ; then + COUNT=$(cat ${OUT_DNSDB} | sort -u | wc -l ) + echo -e "\n${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}DNSDB${RESET}${DPADDING}\t\t[${GREEN}${COUNT}${RESET}]" + cat ${OUT_DNSDB} \ + | while read VERBOSE; do + echo -e "\t - $VERBOSE" + done + fi + + if [[ -f ${OUT_SPYSE} ]] ; then + COUNT=$(cat ${OUT_SPYSE} | sort -u | wc -l ) + echo -e "\n${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}Spyse${RESET}${DPADDING}\t[${GREEN}${COUNT}${RESET}]" + cat ${OUT_SPYSE} \ + | while read VERBOSE; do + echo -e "\t - $VERBOSE" + done + fi + + + if [[ -f ${OUT_RISKIQ} ]] ; then + COUNT=$(cat ${OUT_RISKIQ} | sort -u | wc -l ) + echo -e "\n${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}RiskIQ${RESET}${DPADDING}\t\t[${GREEN}${COUNT}${RESET}]" + cat ${OUT_RISKIQ} \ + | while read VERBOSE; do + echo -e "\t - $VERBOSE" + done + fi + + if [[ -f ${OUT_FBCERT} ]] ; then + COUNT=$(cat ${OUT_FBCERT} | sort -u | wc -l ) + echo -e "\n${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}FBcert${RESET}${DPADDING}\t\t[${GREEN}${COUNT}${RESET}]" + cat ${OUT_FBCERT} \ + | while read VERBOSE; do + echo -e "\t - $VERBOSE" + done + fi + + ARG_PARS_LIST else @@ -813,9 +879,9 @@ else echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}Hackertarget: Total Subdomain (${COUNT})${RESET}" fi - if [[ -f ${OUT_FINDSUBDOMAIN} ]] ; then - COUNT=$(cat ${OUT_FINDSUBDOMAIN} | sort -u | wc -l ) - echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}Findsubdomain: Total Subdomain (${COUNT})${RESET}" + if [[ -f ${OUT_SPYSE} ]] ; then + COUNT=$(cat ${OUT_SPYSE} | sort -u | wc -l ) + echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}Spyse: Total Subdomain (${COUNT})${RESET}" fi if [[ -f ${OUT_VIRUSTOTAL} ]] ; then @@ -903,6 +969,23 @@ else echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}UrlScanIo: Total Subdomain (${COUNT})${RESET}" fi + if [[ -f ${OUT_DNSDB} ]] ; then + COUNT=$(cat ${OUT_DNSDB} | sort -u | wc -l ) + echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}DNSDB: Total Subdomain (${COUNT})${RESET}" + fi + + if [[ -f ${OUT_RISKIQ} ]] ; then + COUNT=$(cat ${OUT_RISKIQ} | sort -u | wc -l ) + echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}RiskIQ: Total Subdomain (${COUNT})${RESET}" + fi + + if [[ -f ${OUT_FBCERT} ]] ; then + COUNT=$(cat ${OUT_FBCERT} | sort -u | wc -l ) + echo -e "${PADDING}${YELLOW}${PADDING}⍥${PADDING}${RESET}FBcert: Total Subdomain (${COUNT})${RESET}" + fi + + + ARG_PARS_LIST fi diff --git a/sudomy.api b/sudomy.api index 212a626..2b61a6c 100644 --- a/sudomy.api +++ b/sudomy.api @@ -15,7 +15,6 @@ CENSYS_SECRET="" # URL : https://www.virustotal.com/gui/ VIRUSTOTAL="" - # Binaryedge # URL : https://app.binaryedge.io/login BINARYEDGE="" @@ -24,3 +23,27 @@ BINARYEDGE="" # SecurityTrails # URL : https://securitytrails.com/ SECURITY_TRAILS="" + + +# DNSDB +# URL: https://api.dnsdb.info/l +DNSDB_API="" + + +# PassiveTotal +# URL : https://community.riskiq.com/ +# - Go to account settings +# Example : PASSIVE_API="admin@sudomy.id:1c235d10cbc66b28d59e796a13" + +PASSIVE_API="" + + +# Spyse +# URL : https://spyse.com + +SPYSE_API="" + +# Facebook Certificates +# URL : https://graph.facebook.com/certificates + +FACEBOOK_TOKEN="" diff --git a/sudomy.conf b/sudomy.conf index a1ac976..617ca37 100644 --- a/sudomy.conf +++ b/sudomy.conf @@ -6,6 +6,9 @@ OUT="$(pwd)/output" TMP="$(pwd)/tmp" TMP_BUFFER=${OUTPUT:-${TMP}/Buffer.err} +TMP_SHODAN=${OUTPUT:-${OUT}/Shodan.tmp} +TMP_RISKIQ=${OUTPUT:-${OUT}/RiskIQ.tmp} + OUT_SHODAN=${OUTPUT:-${OUT}/Shodan.log} OUT_VIRUSTOTAL=${OUTPUT:-${OUT}/Virustotal.log} OUT_CERTSPOTTER=${OUTPUT:-${OUT}/Certspotter.log} @@ -13,7 +16,6 @@ OUT_BINARYEDGE=${OUTPUT:-${OUT}/Binaryedge.log} OUT_HACKERTARGET=${OUTPUT:-${OUT}/Hackertarget.log} OUT_THREATMINER=${OUTPUT:-${OUT}/Threatminer.log} OUT_CRTSH=${OUTPUT:-${OUT}/crtsh.log} -OUT_DNSDB=${OUTPUT:-${OUT}/DnsDB.log} #SOON OUT_BUFFEROVER=${OUTPUT:-${OUT}/Bufferover.log} OUT_ENTRUST=${OUTPUT:-${OUT}/Entrust.log} OUT_FINDSUBDOMAIN=${OUTPUT:-${OUT}/Findsubdomain.log} @@ -28,6 +30,10 @@ OUT_RAPIDDNS=${OUTPUT:-${OUT}/Rapiddns.log} OUT_ALIENVAULT=${OUTPUT:-${OUT}/AlienVault.log} OUT_COMMONCRAWL=${OUTPUT:-${OUT}/CommonCrawl.log} OUT_URLSCAN=${OUTPUT:-${OUT}/UrlScan.log} +OUT_DNSDB=${OUTPUT:-${OUT}/Dnsdb.log} +OUT_RISKIQ=${OUTPUT:-${OUT}/RiskIQ.log} +OUT_SPYSE=${OUTPUT:-${OUT}/Spyse.log} +OUT_FBCERT=${OUTPUT:-${OUT}/FBCert.log} # Outfile OUT_NAME="Sudomy-Output" @@ -56,6 +62,10 @@ Engine_RapidDNS=${ENGINE:-${PEN}/RapidDNS.my} Engine_AlienVault=${ENGINE:-${PEN}/AlienVault.my} Engine_CommonCrawl=${ENGINE:-${PEN}/CommonCrawl.my} Engine_UrlScan=${ENGINE:-${PEN}/UrlScan.my} +Engine_DNSDB=${ENGINE:-${PEN}/DNSDB.my} +Engine_RiskIQ=${ENGINE:-${PEN}/RiskIQ.my} +Engine_Spyse=${ENGINE:-${PEN}/Spyse.my} +Engine_FBCert=${ENGINE:-${PEN}/FBCert.my} ### TEMPORARY PATH OUTPUT ACTIVE OUT_GOBUSTER=${OUTPUT:-${OUT}/Bruteforce.log}