RomanNum3ral
/
Sublist3r
mirror of https://github.com/aboul3la/Sublist3r.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge 7d9a6f7945 into 729d649ec5

This commit is contained in:
Roshanbala005 2025-10-10 09:50:32 +05:30 committed by GitHub
parent 729d649ec5 7d9a6f7945
commit 125fff83c4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 667 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

500
microsoft_results.txt Normal file
View File

@ -0,0 +1,500 @@
www.microsoft.com
3d-avatar-diffusion.microsoft.com
3dfe-holograms.microsoft.com
3papiprovider.microsoft.com
3pc.microsoft.com
3rdpartysource.microsoft.com
3sdash.microsoft.com
3sdebug.microsoft.com
abilitysummit.microsoft.com
account.microsoft.com
mucp.api.account.microsoft.com
privacynotice.account.microsoft.com
account-mgmt-exp.microsoft.com
accountguard.microsoft.com
activate.microsoft.com
adaptivecards.microsoft.com
adfshelp.microsoft.com
admin.microsoft.com
sites-author.adobeprod.microsoft.com
adoption.microsoft.com
ads.microsoft.com
about.ads.microsoft.com
adlibrary.ads.microsoft.com
help.ads.microsoft.com
internal.ads.microsoft.com
mmcapi.ads.microsoft.com
trinity.ads.microsoft.com
ucm.ads.microsoft.com
ui.ads.microsoft.com
beta.ads-int.microsoft.com
ai-edge.microsoft.com
aiotlabs.microsoft.com
airlift.microsoft.com
register.aiskillsfest.microsoft.com
aiskillsnavigator.microsoft.com
aitour.microsoft.com
register.aitour.microsoft.com
ajax.microsoft.com
answers.microsoft.com
social.answers.microsoft.com
apply.microsoft.com
apps.microsoft.com
appsource.microsoft.com
browser.pipe.aria.microsoft.com
mobile.pipe.aria.microsoft.com
askhrva.microsoft.com
assetsppe2.microsoft.com
assetsprod.microsoft.com
assist.microsoft.com
atlas.microsoft.com
mobileappcommunicator.auth.microsoft.com
azure.microsoft.com
azurelocalsolutions.azure.microsoft.com
azureforeducation.microsoft.com
azuremarketplace.microsoft.com
register.azuremigration.microsoft.com
api.bap.microsoft.com
bcweb.microsoft.com
api.bing.microsoft.com
help.bing.microsoft.com
academycourses.bingads.microsoft.com
adinquiry.bingads.microsoft.com
resources.azure.bingads.microsoft.com
bingapp.microsoft.com
bingfeedback.microsoft.com
bingwallpaper.microsoft.com
blogs.microsoft.com
brandcentral.microsoft.com
browserdefaults.microsoft.com
browserprotection.microsoft.com
build.microsoft.com
register.build.microsoft.com
register.buildinfo.microsoft.com
businessaccount.microsoft.com
uploadhub.capqa.microsoft.com
careers.microsoft.com
jobs.careers.microsoft.com
refer.careers.microsoft.com
cdn-dynmedia-1.microsoft.com
df.cfp.microsoft.com
clarity.microsoft.com
cloudaccelerator.microsoft.com
ftenomination.cloudaccelerator.microsoft.com
cloudblogs.microsoft.com
cloudbrowser.microsoft.com
coach.microsoft.com
westus.dev.cognitive.microsoft.com
compassone.microsoft.com
compliance.microsoft.com
copilot.microsoft.com
auth.copilot.microsoft.com
copilotdash-sdf.microsoft.com
copilotscenarios.microsoft.com
copilotstudio.microsoft.com
coreidentity.microsoft.com
paymentsredirectionservice.cp.microsoft.com
create.microsoft.com
cdn.create.microsoft.com
credentials.microsoft.com
customerfeedback.microsoft.com
customervoice.microsoft.com
cxpqualityhub.microsoft.com
browser.events.data.microsoft.com
eu-mobile.events.data.microsoft.com
mobile.events.data.microsoft.com
self.events.data.microsoft.com
v10.events.data.microsoft.com
watson.events.data.microsoft.com
settings-win.data.microsoft.com
datacenters.microsoft.com
dcg.microsoft.com
dcservicesgateway.microsoft.com
ti.defender.microsoft.com
definitionupdates.microsoft.com
2.dl.delivery.mp.microsoft.com.delivery.microsoft.com
4.dl.delivery.mp.microsoft.com.delivery.microsoft.com
2.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com
designer.microsoft.com
apps.dev.microsoft.com
devblogs.microsoft.com
devbox.microsoft.com
developer.microsoft.com
devicepartner.microsoft.com
devportal.microsoft.com
fpt.dfp.microsoft.com
care.dlservice.microsoft.com
docs.microsoft.com
dotnet.microsoft.com
builds.dotnet.microsoft.com
download.microsoft.com
api.dtmnebula.microsoft.com
client.dtmnebula.microsoft.com
t135.e-mails.microsoft.com
eagreements.microsoft.com
images.ecomm.microsoft.com
edge.microsoft.com
edge-http.microsoft.com
edgemobileapp.microsoft.com
edunominate.microsoft.com
egrc.microsoft.com
emails.microsoft.com
usgovintake.embark.microsoft.com
employeeservicehub.microsoft.com
enablement.microsoft.com
endpoint.microsoft.com
engagehub.microsoft.com
entra.microsoft.com
esi.microsoft.com
esicxp.microsoft.com
esireg.microsoft.com
esisupport.microsoft.com
esxp.microsoft.com
euaaccessportal.microsoft.com
abilitysummit.event.microsoft.com
aiskillsfest.event.microsoft.com
azuremigration.event.microsoft.com
discoverday.event.microsoft.com
msbizappslaunchevent.event.microsoft.com
regcdn.event.microsoft.com
secure.event.microsoft.com
events.microsoft.com
internal.evergreen.microsoft.com
evl.microsoft.com
admin.exchange.microsoft.com
exp.microsoft.com
expertzone.microsoft.com
api.fabric.microsoft.com
app.fabric.microsoft.com
blog.fabric.microsoft.com
community.fabric.microsoft.com
ideas.fabric.microsoft.com
msit.fabric.microsoft.com
support.fabric.microsoft.com
fasttrack.microsoft.com
feedback360.microsoft.com
feedbackportal.microsoft.com
findtime.microsoft.com
forms.microsoft.com
fpc.microsoft.com
fpt.microsoft.com
fpt2.microsoft.com
get.microsoft.com
getconnected.microsoft.com
3palertingestion.globalsecureaccess.microsoft.com
go.microsoft.com
go2.microsoft.com
graph.microsoft.com
guidedtour.microsoft.com
hackbox.microsoft.com
holidays.microsoft.com
hrprofile.microsoft.com
occclientglobal.iconchannelserviceprod.microsoft.com
occclient.iconchannelservicesprod.microsoft.com
identitypass.microsoft.com
idweb.microsoft.com
idwebelements.microsoft.com
ie11fre.microsoft.com
ieonline.microsoft.com
ignite.microsoft.com
imaginecup.microsoft.com
info.microsoft.com
m.infomail.microsoft.com
t.infomail.microsoft.com
m2.infomails.microsoft.com
innovationstudio.microsoft.com
insightsexperience.microsoft.com
inststudio-proxy.microsoft.com
intune.microsoft.com
invitations.microsoft.com
iridias.microsoft.com
krs.microsoft.com
wopihost.l2o.microsoft.com
leap.microsoft.com
learn.microsoft.com
review.learn.microsoft.com
learn-attachment.microsoft.com
admin.int.learningcredentials.microsoft.com
learningdownloadcenter.microsoft.com
learningpath.microsoft.com
learningplayer.microsoft.com
learningroomdirectory.microsoft.com
leportal.microsoft.com
licensing.microsoft.com
partner.licensing.microsoft.com
licensingonlineservicesactivation.microsoft.com
lighthouse.microsoft.com
linux.microsoft.com
liquid.microsoft.com
lists.microsoft.com
livesend.microsoft.com
local.microsoft.com
login.microsoft.com
lookbook.microsoft.com
loop.microsoft.com
m365pulse.microsoft.com
emea.mail.microsoft.com
enrollment.manage.microsoft.com
portal.manage.microsoft.com
portal.manage-beta.microsoft.com
managerewards.microsoft.com
marketingassets.microsoft.com
math.microsoft.com
mathsolver.microsoft.com
mbs.microsoft.com
businesscenter.mbs.microsoft.com
mbs2.microsoft.com
hk2.consumerfulfillment.mcapi.microsoft.com
mcapshelp.microsoft.com
mcp.microsoft.com
mcr.microsoft.com
medius.microsoft.com
merge.microsoft.com
microsoftedge.microsoft.com
microsoftedgewelcome.microsoft.com
m136.microsoftstore.microsoft.com
military.microsoft.com
mint.microsoft.com
auth.prod.mlx.microsoft.com
dl.delivery.mp.microsoft.com
2.dl.delivery.mp.microsoft.com
3.dl.delivery.mp.microsoft.com
catalog.sf.dl.delivery.mp.microsoft.com
msedge.sf.dl.delivery.mp.microsoft.com
tlu.dl.delivery.mp.microsoft.com
13.tlu.dl.delivery.mp.microsoft.com
2.tlu.dl.delivery.mp.microsoft.com
3.tlu.dl.delivery.mp.microsoft.com
msedge.b.tlu.dl.delivery.mp.microsoft.com
msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com
array608.prod.do.dsp.mp.microsoft.com
storeedgefd.dsx.mp.microsoft.com
paymentinstruments.mp.microsoft.com
msaitour.microsoft.com
register.msbizappslaunchevent.microsoft.com
msc.microsoft.com
msconnect.microsoft.com
v2.msconnect.microsoft.com
msdl.microsoft.com
msdn.microsoft.com
blogs.msdn.microsoft.com
visualstudiogallery.msdn.microsoft.com
msevents.microsoft.com
msft-oncall-tool.microsoft.com
msftguest.microsoft.com
msnapp.microsoft.com
msrc.microsoft.com
api.msrc.microsoft.com
portal.msrc.microsoft.com
msrecruit.microsoft.com
msrolelibrary.microsoft.com
msvacation.microsoft.com
msxinsights.microsoft.com
mvp.microsoft.com
myaccess.microsoft.com
myaccount.microsoft.com
myapplications.microsoft.com
myapps.microsoft.com
launcher.myapps.microsoft.com
mydefender.microsoft.com
myorder.microsoft.com
myprofile.microsoft.com
mysignins.microsoft.com
mystaff.microsoft.com
myworkaccount.microsoft.com
news.microsoft.com
nonprofit.microsoft.com
signup.nonprofit.microsoft.com
nuwa-infinity.microsoft.com
ocv.microsoft.com
office.microsoft.com
r.office.microsoft.com
support.office.microsoft.com
officecdn.microsoft.com
officecdnmac.microsoft.com
officeredir.microsoft.com
o15.officeredir.microsoft.com
oneask.microsoft.com
oneasset.microsoft.com
onedrivelti.microsoft.com
opensource.microsoft.com
docs.opensource.microsoft.com
operatorconnect.microsoft.com
outlook.microsoft.com
ov-df.microsoft.com
packages.microsoft.com
parking.microsoft.com
partner.microsoft.com
customerconsent.partner.microsoft.com
dmc.partner.microsoft.com
partners.microsoft.com
partneruniversity.microsoft.com
paymentcentral.microsoft.com
paymentcentralvnext.microsoft.com
pcmanager.microsoft.com
pctrax.microsoft.com
personnel.microsoft.com
pair.phonelink.microsoft.com
planetarycomputer.microsoft.com
planner.microsoft.com
plhvc.microsoft.com
taxprofile.pmp.microsoft.com
portal.microsoft.com
powerbi.microsoft.com
make.powerpages.microsoft.com
admin.powerplatform.microsoft.com
adminanalytics.powerplatform.microsoft.com
che.adminanalytics.powerplatform.microsoft.com
asia.prod.powerquery.microsoft.com
australia.prod.powerquery.microsoft.com
brazil.prod.powerquery.microsoft.com
europe.prod.powerquery.microsoft.com
india.prod.powerquery.microsoft.com
us.prod.powerquery.microsoft.com
us2.prod.powerquery.microsoft.com
powerup.microsoft.com
web.powerva.microsoft.com
copilotstudio.preview.microsoft.com
print.print.microsoft.com
privacy.microsoft.com
procureweb.microsoft.com
profitabilitybenchmark.microsoft.com
project.microsoft.com
myvs.download.prss.microsoft.com
software.download.prss.microsoft.com
software-static.download.prss.microsoft.com
vscode.download.prss.microsoft.com
windbg.download.prss.microsoft.com
next.pubcenter.microsoft.com
pulse.microsoft.com
purview.microsoft.com
quantum.microsoft.com
reactor.microsoft.com
redeem.microsoft.com
referencesource.microsoft.com
reflect.microsoft.com
releaseplans.microsoft.com
research.microsoft.com
cmt3.research.microsoft.com
researchforum.microsoft.com
rewards.microsoft.com
portal.rooms.microsoft.com
rs.microsoft.com
query.prod.cms.rt.microsoft.com
salesops.microsoft.com
schemas.microsoft.com
assets.sds.microsoft.com
sdx.microsoft.com
register.secure.microsoft.com
security.microsoft.com
mto.security.microsoft.com
sip.security.microsoft.com
api.securitycenter.microsoft.com
securitycopilot.microsoft.com
portal.gethelp.services.microsoft.com
partner.support.services.microsoft.com
prod.support.services.microsoft.com
eus.prod.support.services.microsoft.com
wus.prod.support.services.microsoft.com
remoteassistance.support.services.microsoft.com
survey.support.services.microsoft.com
vsa.services.microsoft.com
prod.client.wosc.services.microsoft.com
serviceshub.microsoft.com
support.serviceshub.microsoft.com
servicetrust.microsoft.com
al.mstic.signals.microsoft.com
signup.microsoft.com
cdn.signup.microsoft.com
apprep.smartscreen.microsoft.com
fb.smartscreen.microsoft.com
feedback.smartscreen.microsoft.com
software-download.microsoft.com
solutions.microsoft.com
speech.microsoft.com
centraluseuap.orchestration.speech.microsoft.com
sponsor.microsoft.com
stackoverflow.microsoft.com
startapp.microsoft.com
foundershub.startups.microsoft.com
msft.sts.microsoft.com
certauth.msft.sts.microsoft.com
supplier.microsoft.com
dev-portal.supplychain.microsoft.com
support.microsoft.com
filestore.community.support.microsoft.com
tar.microsoft.com
teams.microsoft.com
admin.teams.microsoft.com
ca-prod.asyncgw.teams.microsoft.com
eu-prod.asyncgw.teams.microsoft.com
fr-prod.asyncgw.teams.microsoft.com
in-prod.asyncgw.teams.microsoft.com
jp-prod.asyncgw.teams.microsoft.com
se-prod.asyncgw.teams.microsoft.com
cqd.teams.microsoft.com
dev.teams.microsoft.com
devicetest.teams.microsoft.com
dialin.teams.microsoft.com
events.teams.microsoft.com
msit.events.teams.microsoft.com
events.gcc.teams.microsoft.com
api.noam.hms-int.migrationservices.teams.microsoft.com
portal.sdg.teams.microsoft.com
visit.teams.microsoft.com
techcommunity.microsoft.com
cdn.techcommunity.microsoft.com
technet.microsoft.com
social.technet.microsoft.com
technet2.microsoft.com
testconnectivity.microsoft.com
titanweb.microsoft.com
totalrewards.microsoft.com
trainingsupport.microsoft.com
cdx.transform.microsoft.com
cloudpartners.transform.microsoft.com
dynamicspartners.transform.microsoft.com
readiness.transform.microsoft.com
securitypartners.transform.microsoft.com
translator.microsoft.com
trust.microsoft.com
nonprofits.tsi.microsoft.com
uatracker.microsoft.com
uhf.microsoft.com
ukstories.microsoft.com
unlocked.microsoft.com
update.microsoft.com
catalog.update.microsoft.com
www.catalog.update.microsoft.com
fe2.update.microsoft.com
ux.microsoft.com
verify.microsoft.com
vi.microsoft.com
videos.microsoft.com
visualstudio.microsoft.com
2download.visualstudio.microsoft.com
download.visualstudio.microsoft.com
visualsupport.microsoft.com
vivalearning-dev.microsoft.com
vlcentral.microsoft.com
waccess.microsoft.com
watsonportal.microsoft.com
demo.wd.microsoft.com
download-fds.webapps.microsoft.com
download-support.webapps.microsoft.com
webxtsvc.microsoft.com
app.whiteboard.microsoft.com
whoplus.microsoft.com
windows.microsoft.com
hs.windows.microsoft.com
rssgov.windows.microsoft.com
windows365.microsoft.com
cdn.winget.microsoft.com
winqual.microsoft.com
workshopsurvey.microsoft.com
client.wvd.microsoft.com
cf32a972-c05b-4b71-a4b8-2eeaf3a5d10a.rdbroker-g-us-r1.wvd.microsoft.com
rdweb.wvd.microsoft.com
wwcarchive.microsoft.com
wwps.microsoft.com
unistore.www.microsoft.com

7
results.txt Normal file
View File

@ -0,0 +1,7 @@
AS207960 Test Intermediate - example.com
www.example.com
dev.example.com
m.example.com
products.example.com
support.example.com
m.testexample.com

242
sublist3r.py
View File

@ -16,26 +16,25 @@ import threading
import socket
import json
from collections import Counter
from urllib.parse import urlparse
from urllib.parse import unquote
# external modules
from subbrute import subbrute
import dns.resolver
import requests
# Python 2.x and 3.x compatiablity
if sys.version > '3':
import urllib.parse as urlparse
import urllib.parse as urllib
else:
import urlparse
import urllib
import urllib3
urllib3.disable_warnings()
# In case you cannot install some of the required development packages
# there's also an option to disable the SSL warning:
# In case you cannot install some of the required development packages
# there's also an option to disable the SSL warning:
try:
import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
except:
pass
# Check if we are running this on windows platform
@ -143,7 +142,7 @@ def subdomain_sorting_key(hostname):
class enumratorBase(object):
def __init__(self, base_url, engine_name, domain, subdomains=None, silent=False, verbose=True):
subdomains = subdomains or []
self.domain = urlparse.urlparse(domain).netloc
self.domain = urlparse(domain).netloc
self.session = requests.Session()
self.subdomains = []
self.timeout = 25
@ -273,12 +272,22 @@ class enumratorBaseThreaded(multiprocessing.Process, enumratorBase):
class GoogleEnum(enumratorBaseThreaded):
def __init__(self, domain, subdomains=None, q=None, silent=False, verbose=True):
subdomains = subdomains or []
base_url = "https://google.com/search?q={query}&btnG=Search&hl=en-US&biw=&bih=&gbv=1&start={page_no}&filter=0"
base_url = "https://www.google.com/search?q={query}&num=100&start={page_no}&filter=0"
self.engine_name = "Google"
self.MAX_DOMAINS = 11
self.MAX_PAGES = 200
super(GoogleEnum, self).__init__(base_url, self.engine_name, domain, subdomains, q=q, silent=silent, verbose=verbose)
self.q = q
# Enhanced headers to avoid blocking
self.headers.update({
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5',
'Accept-Encoding': 'gzip, deflate',
'DNT': '1',
'Connection': 'keep-alive',
'Upgrade-Insecure-Requests': '1'
})
return
def extract_domains(self, resp):
@ -287,10 +296,11 @@ class GoogleEnum(enumratorBaseThreaded):
try:
links_list = link_regx.findall(resp)
for link in links_list:
link = re.sub('<span.*>', '', link)
link = re.sub('<span.*?>', '', link)
link = re.sub('</span>', '', link)
if not link.startswith('http'):
link = "http://" + link
subdomain = urlparse.urlparse(link).netloc
subdomain = urlparse(link).netloc
if subdomain and subdomain not in self.subdomains and subdomain != self.domain:
if self.verbose:
self.print_("%s%s: %s%s" % (R, self.engine_name, W, subdomain))
@ -300,14 +310,19 @@ class GoogleEnum(enumratorBaseThreaded):
return links_list
def check_response_errors(self, resp):
if (type(resp) is str or type(resp) is unicode) and 'Our systems have detected unusual traffic' in resp:
self.print_(R + "[!] Error: Google probably now is blocking our requests" + W)
self.print_(R + "[~] Finished now the Google Enumeration ..." + W)
return False
if isinstance(resp, str):
if 'unusual traffic' in resp.lower() or 'detected unusual' in resp.lower():
self.print_(R + "[!] Error: Google is blocking our requests (rate limited)" + W)
self.print_(R + "[~] Finished now the Google Enumeration ..." + W)
return False
if 'captcha' in resp.lower():
self.print_(R + "[!] Error: Google CAPTCHA detected" + W)
self.print_(R + "[~] Finished now the Google Enumeration ..." + W)
return False
return True
def should_sleep(self):
time.sleep(5)
time.sleep(random.randint(5, 10)) # Increased delay to avoid blocking
return
def generate_query(self):
@ -319,7 +334,6 @@ class GoogleEnum(enumratorBaseThreaded):
query = "site:{domain} -www.{domain}".format(domain=self.domain)
return query
class YahooEnum(enumratorBaseThreaded):
def __init__(self, domain, subdomains=None, q=None, silent=False, verbose=True):
subdomains = subdomains or []
@ -343,7 +357,7 @@ class YahooEnum(enumratorBaseThreaded):
link = re.sub("<(\/)?b>", "", link)
if not link.startswith('http'):
link = "http://" + link
subdomain = urlparse.urlparse(link).netloc
subdomain = urlparse(link).netloc
if not subdomain.endswith(self.domain):
continue
if subdomain and subdomain not in self.subdomains and subdomain != self.domain:
@ -390,7 +404,7 @@ class AskEnum(enumratorBaseThreaded):
for link in links_list:
if not link.startswith('http'):
link = "http://" + link
subdomain = urlparse.urlparse(link).netloc
subdomain = urlparse(link).netloc
if subdomain not in self.subdomains and subdomain != self.domain:
if self.verbose:
self.print_("%s%s: %s%s" % (R, self.engine_name, W, subdomain))
@ -439,7 +453,7 @@ class BingEnum(enumratorBaseThreaded):
link = re.sub('<(\/)?strong>|<span.*?>|<|>', '', link)
if not link.startswith('http'):
link = "http://" + link
subdomain = urlparse.urlparse(link).netloc
subdomain = urlparse(link).netloc
if subdomain not in self.subdomains and subdomain != self.domain:
if self.verbose:
self.print_("%s%s: %s%s" % (R, self.engine_name, W, subdomain))
@ -482,7 +496,7 @@ class BaiduEnum(enumratorBaseThreaded):
link = re.sub('<.*?>|>|<|&nbsp;', '', link)
if not link.startswith('http'):
link = "http://" + link
subdomain = urlparse.urlparse(link).netloc
subdomain = urlparse(link).netloc
if subdomain.endswith(self.domain):
subdomain_list.append(subdomain)
if subdomain not in self.subdomains and subdomain != self.domain:
@ -544,7 +558,7 @@ class NetcraftEnum(enumratorBaseThreaded):
def get_next(self, resp):
link_regx = re.compile('<a.*?href="(.*?)">Next Page')
link = link_regx.findall(resp)
url = 'http://searchdns.netcraft.com' + link[0]
url = 'http://searchdns.netcraft.com' + link[0] if link else ''
return url
def create_cookies(self, cookie):
@ -552,7 +566,7 @@ class NetcraftEnum(enumratorBaseThreaded):
cookies_list = cookie[0:cookie.find(';')].split("=")
cookies[cookies_list[0]] = cookies_list[1]
# hashlib.sha1 requires utf-8 encoded str
cookies['netcraft_js_verification_response'] = hashlib.sha1(urllib.unquote(cookies_list[1]).encode('utf-8')).hexdigest()
cookies['netcraft_js_verification_response'] = hashlib.sha1(unquote(cookies_list[1]).encode('utf-8')).hexdigest()
return cookies
def get_cookies(self, headers):
@ -582,7 +596,7 @@ class NetcraftEnum(enumratorBaseThreaded):
try:
links_list = link_regx.findall(resp)
for link in links_list:
subdomain = urlparse.urlparse(link).netloc
subdomain = urlparse(link).netloc
if not subdomain.endswith(self.domain):
continue
if subdomain and subdomain not in self.subdomains and subdomain != self.domain:
@ -606,72 +620,137 @@ class DNSdumpster(enumratorBaseThreaded):
return
def check_host(self, host):
is_valid = False
Resolver = dns.resolver.Resolver()
Resolver.nameservers = ['8.8.8.8', '8.8.4.4']
self.lock.acquire()
try:
ip = Resolver.query(host, 'A')[0].to_text()
if ip:
if self.verbose:
self.print_("%s%s: %s%s" % (R, self.engine_name, W, host))
is_valid = True
self.live_subdomains.append(host)
except:
pass
self.lock.release()
return is_valid
if self.verbose:
self.print_("%s%s: %s%s" % (R, self.engine_name, W, host))
self.live_subdomains.append(host)
return True
def req(self, req_method, url, params=None):
params = params or {}
headers = dict(self.headers)
headers['Referer'] = 'https://dnsdumpster.com'
headers.update({
'Referer': 'https://dnsdumpster.com/',
'Origin': 'https://dnsdumpster.com',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Content-Type': 'application/x-www-form-urlencoded',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'
})
try:
if req_method == 'GET':
resp = self.session.get(url, headers=headers, timeout=self.timeout)
resp = self.session.get(url, headers=headers, timeout=self.timeout, verify=False)
else:
resp = self.session.post(url, data=params, headers=headers, timeout=self.timeout)
# Add CSRF token to headers if available in cookies
if 'csrftoken' in self.session.cookies:
headers['X-CSRFToken'] = self.session.cookies['csrftoken']
resp = self.session.post(url, data=params, headers=headers, timeout=self.timeout, verify=False)
return resp if resp else None
except Exception as e:
self.print_(e)
resp = None
return self.get_response(resp)
self.print_(R + "[!] DNSdumpster request error: " + str(e) + W)
return None
def get_csrftoken(self, resp):
csrf_regex = re.compile('<input type="hidden" name="csrfmiddlewaretoken" value="(.*?)">', re.S)
token = csrf_regex.findall(resp)[0]
return token.strip()
"""Extract CSRF token from response - Updated for robustness"""
try:
if not resp or not hasattr(resp, 'text'):
return None
# Look for the hidden input field named 'csrfmiddlewaretoken'
# (Note: Use a generic pattern to find the value of this input)
csrf_regex = re.compile(r"name=['\"]csrfmiddlewaretoken['\"]\s+value=['\"]([^'\"]+)['\"]")
match = csrf_regex.search(resp.text)
if match:
token = match.group(1).strip()
if token and len(token) > 10:
return token
# Fallback to check other known patterns
return None
except Exception as e:
self.print_(R + "[!] Error parsing CSRF token: " + str(e) + W)
return None
def enumerate(self):
self.lock = threading.BoundedSemaphore(value=70)
resp = self.req('GET', self.base_url)
token = self.get_csrftoken(resp)
params = {'csrfmiddlewaretoken': token, 'targetip': self.domain}
post_resp = self.req('POST', self.base_url, params)
self.extract_domains(post_resp)
for subdomain in self.subdomains:
t = threading.Thread(target=self.check_host, args=(subdomain,))
t.start()
t.join()
return self.live_subdomains
try:
# 1. Initial GET request to get the session cookie and CSRF token
resp = self.req('GET', self.base_url)
if not resp or not hasattr(resp, 'text'):
self.print_(R + "[!] DNSdumpster: Could not connect or get initial page." + W)
return []
# 2. Extract CSRF token (uses the updated get_csrftoken)
token = self.get_csrftoken(resp)
if not token:
self.print_(R + "[!] DNSdumpster: Could not get CSRF token. Site layout may have changed again." + W)
return []
# 3. Prepare POST data with the required token and domain
params = {
'csrfmiddlewaretoken': token,
'targetip': self.domain,
}
# 4. POST request
post_resp = self.req('POST', self.base_url, params)
if not post_resp or not hasattr(post_resp, 'text'):
self.print_(R + "[!] DNSdumpster: No valid response after POST request." + W)
return []
# 5. Extract domains from response
self.extract_domains(post_resp.text)
for subdomain in self.subdomains:
self.check_host(subdomain)
return self.live_subdomains
except Exception as e:
self.print_(R + "[!] DNSdumpster error in enumerate: " + str(e) + W)
return []
def extract_domains(self, resp):
tbl_regex = re.compile('<a name="hostanchor"><\/a>Host Records.*?<table.*?>(.*?)</table>', re.S)
link_regex = re.compile('<td class="col-md-4">(.*?)<br>', re.S)
links = []
"""Extract subdomains from HTML response"""
links = set()
try:
results_tbl = tbl_regex.findall(resp)[0]
except IndexError:
results_tbl = ''
links_list = link_regex.findall(results_tbl)
links = list(set(links_list))
# Pattern 1: Table rows with subdomains
table_pattern = r'<td class="col-md-4">([a-zA-Z0-9][-a-zA-Z0-9]*(?:\.[a-zA-Z0-9][-a-zA-Z0-9]*)*\.' + re.escape(self.domain) + r')'
matches = re.findall(table_pattern, resp, re.IGNORECASE)
links.update(matches)
# Pattern 2: Any subdomain mention
subdomain_pattern = r'(?:^|[>\s])([a-zA-Z0-9][-a-zA-Z0-9]*(?:\.[a-zA-Z0-9][-a-zA-Z0-9]*)*\.' + re.escape(self.domain) + r')(?:[<\s]|$)'
matches = re.findall(subdomain_pattern, resp, re.IGNORECASE | re.MULTILINE)
links.update(matches)
# Pattern 3: Host Records section
host_records_pattern = r'<a name="hostanchor">.*?<table[^>]*>(.*?)</table>'
host_section = re.search(host_records_pattern, resp, re.DOTALL | re.IGNORECASE)
if host_section:
subdomain_in_table = r'>([a-zA-Z0-9][-a-zA-Z0-9]*(?:\.[a-zA-Z0-9][-a-zA-Z0-9]*)*\.' + re.escape(self.domain) + r')<'
matches = re.findall(subdomain_in_table, host_section.group(1), re.IGNORECASE)
links.update(matches)
except Exception as e:
self.print_(R + "[!] Error extracting domains: " + str(e) + W)
# Process found links
for link in links:
subdomain = link.strip()
if not subdomain.endswith(self.domain):
continue
if subdomain and subdomain not in self.subdomains and subdomain != self.domain:
self.subdomains.append(subdomain.strip())
return links
subdomain = link.strip().lower()
# Validate subdomain
if subdomain.endswith(self.domain) and subdomain != self.domain:
if subdomain not in self.subdomains:
self.subdomains.append(subdomain)
return list(links)
class Virustotal(enumratorBaseThreaded):
def __init__(self, domain, subdomains=None, q=None, silent=False, verbose=True):
@ -904,7 +983,7 @@ def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce, e
if not domain.startswith('http://') or not domain.startswith('https://'):
domain = 'http://' + domain
parsed_domain = urlparse.urlparse(domain)
parsed_domain = urlparse(domain)
if not silent:
print(B + "[-] Enumerating subdomains now for %s" % parsed_domain.netloc + W)
@ -926,13 +1005,12 @@ def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce, e
}
chosenEnums = []
if engines is None:
chosenEnums = [
BaiduEnum, YahooEnum, GoogleEnum, BingEnum, AskEnum,
NetcraftEnum, DNSdumpster, Virustotal, ThreatCrowd,
CrtSearch, PassiveDNS
]
BaiduEnum, YahooEnum, GoogleEnum, BingEnum, AskEnum,
NetcraftEnum, DNSdumpster, ThreatCrowd,
CrtSearch, PassiveDNS
]
else:
engines = engines.split(',')
for engine in engines: